Whilst creating a new WCF service endpoint to improve our webservice security, I started looking at how to prevent replay attacks. On initial glance, this is easy, WCF has a "DetectReplays" flag that you turn on and everything is sorted. However, even a brief understanding of the mechanism in use (in memory nonce caching and duplicate rejection), shows that this is not a real-world implementation. Frankly it's baffling that they implement it at all. Anyone sufficiently bothered about security at this level is going to be running more than one server in their web-farm, and consequently this mechanism will allow N attacks where N is the number of servers you have. Thus nullifying any scaling you have to cope with surges in traffic, and possibly overwhelming the servers. No to mention the chaos that duplicate create calls will cause.
We could turn on sticky sessions... but lets not do that, as that's a whole different set of problems.
Further investigation shows that Microsoft themselves acknowledge this problem: https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/preventing-replay-attacks-when-a-wcf-service-is-hosted-in-a-web-farm Even by Microsoft standards, that is terse, and fairly useless. They acknowledge the problem, indicate that a solution exists, then provide only the most basic hint as to how to implement it.
Googling reveals that no-one out there has written anything about how to use it. Hunting through their source code shows that they internally use this mechanism with an in-memory implementation to provide the default functionality. It uses this in the SecurityProtocolFactory, setting the NonceCache to the in memory version if nothing has been supplied. But how do you setup and use a SecurityProtocolFactory in WCF?
I know many will have the reaction that I shouldn't worry about replay attacks, as the transport security will take care of this. However, this is no longer true. Amazingly, some optimisations to the 1.3 version of TLS seem to have quietly removed this feature. See https://blog.cloudflare.com/introducing-0-rtt/
So the questions are:
- Am I over thinking this, is it really a problem?
- Has anyone actually got the Microsoft implementation to work? If so, how!?
- What is everyone else doing? Is everyone just ignoring this problem, unaware of the TLS 1.3 issue?
I have tried setting the NonceCache variable on the localclientsecurity settings, but to no affect.
var sbe = (SymmetricSecurityBindingElement) bec.Find<SecurityBindingElement>();
if (sbe != null)
{
// Get the LocalSecuritySettings from the binding element.
LocalClientSecuritySettings lc = sbe.LocalClientSettings;
lc.DetectReplays = true;
lc.NonceCache = new MyNonceCache();
}