Kafka Protocol & Collision/Replay Attacks

[Ciaran McHugh <Ci...@sita.aero>]

I recently created a Threat Model for an application I am working on using Microsoft's Threat Modelling Tool<https://learn.microsoft.com/en-gb/azure/security/develop/threat-modeling-tool>.

It highlight two potential threats in relation to the use of the Kafka Protocol<https://kafka.apache.org/protocol>

1. Collision Attacks - Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.

2. Replay Attacks - Packets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways. Implement or utilize an existing communication protocol that supports anti-replay techniques (investigate sequence numbers before timers) and strong integrity.

My question is the Kafka Protocol mitigate these types of attacks and if so how?


Confidential Communication: The contents of this e-mail including any attachment are confidential and intended solely for the person(s) to whom they are addressed. Any reader of this email who is not the intended recipient is notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately and delete all copies from your computer system. Subsequent alterations to this email after its transmission will be disregarded.