Predictable serial number attack

A Serial number plus one attack is a form of security exploit in which a valid serial number is obtained through a legitimate channel, is modified in a predictable way (such as adding one to it) and using the new serial number for a fraudulent purpose, either to obtain an undeserved benefit or to deny service to the legitimate owner of the serial number.

Suppose Mallory purchased two 10-unit phone cards, and noticed that the serial numbers printed on the phone cards were 0001 and 0002. To use the phone cards, Mallory has to enter the serial number into her telephone. After consuming the value on cards 0001 and 0002, Mallory enters 0003 and gets an additional ten units of phone service. When Alice, the legitimate purchaser of the card with serial number 0003, tries to use her brand new card she discovers the value has been stolen from her card and is now zero units.

A common approach to prevent serial number plus one attacks is to use a cryptographic hash function such as SHA-1 to generate the serial numbers. A (pseudo-)random nonce is computed by the issuer as a starting point for the serial numbers and kept secret. Internally, the nonce is incremented and the computed message digest is used as the external serial number. The issuer does have to take care to prevent collisions between existing values so as not to wrongly issue two identical serial numbers.

• Predictable serial numbers were used as a part of the counterfeit MD5 certificate attack.[1]

• Denial of service
• Hash collision

• Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger. "MD5 considered harmful today", December 30, 2008.