0

I would like to understand how does the SSL implicit sequence number helps SSL in detecting rogue TCP packets?

In fact, the RFC 6101 states :

sequence numbers: Each party maintains separate sequence numbers for transmitted and received messages for each connection. When a party sends or receives a change cipher spec message, the appropriate sequence number is set to zero. Sequence numbers are of type uint64 and may not exceed 2^64-1.

Could not an attacker take advantage of the pre-knowledge of how SSL sequence numbers behave to conduct a successful attack?

Improve this question

1 Answer 1

Reset to default
1

I don't know what you consider a "rouge" TCP packet. But, there are two major attack vectors to consider:

  • Modification of an existing packet or insertion of a bogus packet: this is detected by validating the MAC of the record.
  • Replay of a previous packet: the recipient knows which sequence number to expect. This sequence number is when computing the MAC. When replaying an older packet the sequence number used in the MAC of the older packet will not match the one used to compute the MAC of the new packet and thus the MAC will differ.
Improve this answer
5
  • My question concerns the second part of your answer. The small paragraph I quoted above from RFC6101. implies that not only the client and the server know what sequence number to pick for which message, but the attacker eavesdropping the traffic does as well. Could not the attacker take advantage of this point to insert replayed TCP bogus packets and go unnoticed? Commented Jul 26, 2017 at 19:00
  • @sasuke_X220: since the sequence number is part of the MAC computation the MAC over the packet payload and the expected sequence number will not match when replaying an old packet. Commented Jul 26, 2017 at 19:50
  • In order for the recipient to check the integrity of a received SSL message, he must know the sequence number included in the computation of the MAC joined to the message. Since the sequence number is not part of the SSL header, how would the recipient know what sequence number the given message corresponds to (the expected sequence number as you said) ? Commented Jul 26, 2017 at 20:30
  • 1
    @sasuke_X220: the sequence number is the number of the TLS record in the TLS session. The receiver simply increments the sequence number for every record received and therefore knows which number to expect next. Commented Jul 26, 2017 at 20:36
  • That answers my question. Thank you for your detailed replies. Commented Jul 26, 2017 at 23:20

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.