[OpenTRV-dev] Thinking aloud: preventing replay attacks
Damon Hart-Davis
EMAIL ADDRESS HIDDEN
Mon Dec 8 00:43:58 GMT 2014
>
>
> Thought…
>
> I imagine that at pairing / key exchange that I could set a largish (eg 64-bit) counter at both ends to the same value (or just 0) and send its value or a hash of it with nonce in each encrypted frame, and the hub with lots of memory could remember all previous values used to reject any replays and/or reject any received counter value less than the starting value and allow only a smallish window for new values to allow some frame loss. In fact maybe the hub only needs the counter which it advances to the received value when it gets a decent frame.
I think that I just badly reinvented something like the IPSec sliding window mechanism, which is potentially fine…
http://www.ipsec-howto.org/x202.html
Rgds
Damon
More information about the OpenTRV-dev
mailing list