Replay attack
Encyclopedia
A replay attack is a form of network
attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary
who intercepts the data and retransmits it, possibly as part of a masquerade attack
by IP
packet substitution (such as stream cipher attack
).
); meanwhile, Mallory is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Mallory (posing as Alice) connects to Bob; when asked for a proof of identity, Mallory sends Alice's password (or hash) read from the last session, which Bob accepts.
Session tokens should be chosen by a (pseudo-) random process. Otherwise Mallory may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Mallory can then replay her reply at a later time (when the previously predicted token is actually presented by Bob), and Bob will accept the authentication.
One-time password
s are similar to session tokens in that the password expires after it has been used or after a very short amount of time. They can be used to authenticate individual transactions in addition to sessions. The technique has been widely implemented in personal online banking
systems.
Bob can also send nonce
s but should then include a message authentication code
(MAC), which Alice should check.
Timestamp
ing is another way of preventing a replay attack. Synchronization
should be achieved using a secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tolerance. The advantage of this scheme is that Bob does not need to generate (pseudo-) random numbers.
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary
Adversary (cryptography)
In cryptography, an adversary is a malicious entity whose aim is to prevent the users of the cryptosystem from achieving their goal...
who intercepts the data and retransmits it, possibly as part of a masquerade attack
Spoofing attack
In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.- Spoofing and TCP/IP :...
by IP
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
packet substitution (such as stream cipher attack
Stream cipher attack
Stream ciphers, where plaintext bits are combined with a cipher bit stream by an exclusive-or operation , can be very secure if used properly. However they are vulnerable to attack if certain precautions are not followed:*keys must never be used twice...
).
Example
Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash functionHash function
A hash function is any algorithm or subroutine that maps large data sets to smaller data sets, called keys. For example, a single integer can serve as an index to an array...
); meanwhile, Mallory is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Mallory (posing as Alice) connects to Bob; when asked for a proof of identity, Mallory sends Alice's password (or hash) read from the last session, which Bob accepts.
Countermeasures
A way to avoid replay attacks is using session tokens: Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Mallory has captured this value and tries to use it on another session; Bob sends a different session token, and when Mallory replies with the captured value it will be different from Bob's computation.Session tokens should be chosen by a (pseudo-) random process. Otherwise Mallory may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Mallory can then replay her reply at a later time (when the previously predicted token is actually presented by Bob), and Bob will accept the authentication.
One-time password
One-time password
A one-time password is a password that is valid for only one login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable...
s are similar to session tokens in that the password expires after it has been used or after a very short amount of time. They can be used to authenticate individual transactions in addition to sessions. The technique has been widely implemented in personal online banking
Online banking
Online banking allows customers to conduct financial transactions on a secure website operated by their retail or virtual bank, credit union or building society.-Features:...
systems.
Bob can also send nonce
Cryptographic nonce
In security engineering, nonce is an arbitrary number used only once to sign a cryptographic communication. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused...
s but should then include a message authentication code
Message authentication code
In cryptography, a message authentication code is a short piece of information used to authenticate a message.A MAC algorithm, sometimes called a keyed hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC...
(MAC), which Alice should check.
Timestamp
Timestamp
A timestamp is a sequence of characters, denoting the date or time at which a certain event occurred. A timestamp is the time at which an event is recorded by a computer, not the time of the event itself...
ing is another way of preventing a replay attack. Synchronization
Synchronization
Synchronization is timekeeping which requires the coordination of events to operate a system in unison. The familiar conductor of an orchestra serves to keep the orchestra in time....
should be achieved using a secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tolerance. The advantage of this scheme is that Bob does not need to generate (pseudo-) random numbers.
See also
- Denial of service
- Active wiretapping
- Passive wiretapping
- Digest access authenticationDigest access authenticationDigest access authentication is one of the agreed upon methods a web server can use to negotiate credentials with a user's web browser. It uses encryption to send the password over the network which is safer than the Basic access authentication that sends plaintext.Technically digest...