Replay attack

A replay attack ( attack by replay ) is a cryptanalytic attack form to the authenticity of data in a communication protocol . The attacker sends previously recorded data, for example to simulate a foreign identity.

example

Suppose Alice wants to prove her identity to Bob . Both know Alice's secret password . Alice calculates the hash code of her password with a cryptological hash function and sends it to Bob. Bob compares the hash code with his calculation and accepts. Meanwhile, Mallory overhears the communication and records the hash code sent by Alice. After communication is over, Mallory connects to Bob, impersonates Alice and sends the recorded hash code. Mallory can then successfully pretend Alice's identity, although she does not know the password.

The Needham-Schroeder Protocol in its original form is susceptible to a replay attack.

Countermeasures

One way to prevent replay attacks is to use a nonce : Bob sends a unique code (nonce) to Alice. Alice uses this to transform her password and sends the result back to Bob. Bob in turn performs the same transformation and compares his result with Alice's result: if both match, Bob accepts Alice's identity. If Mallory tries to reuse a hash code that has been tapped, Bob sends another nonce; the spied hash code is now invalid (because it was generated with a different nonce). Bob refuses because his result and the supplied (outdated) hash code do not match. Instead of a nonce, a time stamp can also be used, whereby Alice should inform Bob of the date and time she used if there is a delay in the transmission. This has the advantage that (for example with Unix time) the same time stamp is guaranteed to never appear again, since it is then a point in time that has passed.

A sequence number can be used to protect continuous data transmission over several data packets , the authenticity of which is in turn ensured by a message authentication code . With IPsec , for example, this is provided for both the authentication header and the encapsulating security payload . Depending on the operating mode, data transmission encrypted with a block cipher can also offer protection against replay attacks.