replay attack

A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack. Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Mallory is eavesdropping the conversation and keeps the password. After the interchange is over, Mallory connects to Bob posing as Alice; when asked for a proof of identity, Mallory sends Alice's password read from the last session, which Bob must accept. A way to avoid replay attacks is using session tokens: Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Mallory has captured this value and tries to use it on another session; Bob sends a different session token, and when Mallory replies with the captured value it will be different than Bob's computation. Session tokens can be chosen at random or using any algorithm that prevents duplicates. Timestamping is another way of preventing a replay attack. The nonces used in various packets also prevent replay attacks... they are just another form of Session token issued by one of the parties to check packet uniqueness.

Replay Attack

See also