Mafia Fraud Attack

From Wikipedia, the free encyclopedia

Mafia Fraud Attack, also known as a Relay Attack, is a type of Man-in-the-middle attack against identification and authentication systems. The goal of the attack is for the intruder to gain access to the system.

In order to illustrate the attack, consider a challenge-response authentication system where a prover (P) wishes the verifier (V) to authenticate him. V would then send a challenge to P to which P would provide a valid response. P would then have been verified by V and access would be granted.

The intruder (I) performing the Mafia Fraud Attack exploits this mechanism by positioning himself between V and P. Upon a challenge request from V, I relays this message to P. Now P is led to believe that I is the verifier V and responds with the appropriate reply. I then takes this response and sends it to V. Just like P, V is deceived and in turn believes I to be P and subsequently authenticates him as P.

Mafia Fraud Attacks are generally hard to prevent and schemes trying to avoid them are generally complex and hard to implement. One way is using a protocol that measures the time taken for the prover to respond as this would take longer than normal during a Mafia Fraud Attack.

Many concerns have been raised with respect to Mafia Fraud Attacks with the introduction of RFID-based authentication as the attack would provide an easy way for unauthorized individuals to gain access.