How does challenge-response protocol help against man-in-the-middle attacks?

user574183 picture user574183 · Jan 21, 2011 · Viewed 8.3k times · Source

How does challenge-response authentication prevent man-in-the-middle attacks? I read the wiki article but still I cannot understand.

Answer

sarnold picture sarnold · Jan 21, 2011

In general, challenge-response systems do not necessarily prevent man-in-the-middle-attacks: If Alice is trying to tell Bob her bank account number, this protocol, which does implement some challenge and response, won't provide integrity or privacy:

Alice: Bob, is that you?  // first challenge
Bob: Yes, Alice, it is me, is that you? // first response, second challenge
Alice: Yes! Great. My account number is 314159. // second response, and result

Mallory could answer "yes" in place of either Alice or Bob, could fake the third 'result' message, or could listen in on the third message.

Even if the challenges are improved, to something like: "Please hash 0x31415926 prepended to our shared password", data transmitted in the clear (or under weak/poor ciphers or with poor key selection) would be subject to loss of privacy, and data transmitted without any message authentication checks could be subject to modification by a third party.

Where challenge/response protocols really shine is in preventing replay attacks: if Alice just sends Bob a message along the lines of "Please debit my account $5 and credit your account $5", Mallory could record the message and replay the message to deplete Alice's account.

A good challenge/response system will generate a new challenge for every transaction or session (and make sure that previous challenges are not reused!), so that session transcripts cannot be spliced together to create new fraudulent systems.

I hope this helps, but I'm afraid without more detailed idea of where your doubts are coming from, it'll just be noise.