Replay Attacks

1
Replay Attacks
2
Replay Attack

• First, attacker intercepts a message
• Not difficult to do

3
Replay Attack

• Later, attacker retransmits (replays) the message
  to the original destination host
• Does not have to be able to read a message to
  replay it

4
Replay Attack

• Why replay attacks?
• To gain access to resources by replaying an
  authentication message
• In a denial-of-service attack, to confuse the
  destination host

5
Thwarting Replay Attacks

• Put a time stamp in each message to ensure that
  the message is fresh
• Do not accept a message that is too old
• Place a sequence number in each message
• Do not accept a duplicated message

Message
Sequence Number
Time Stamp
6
Thwarting Replay Attacks

• In request-response applications,
• Sender of request generates a nonce (random
  number)
• Places the nonce in the request
• Server places the nonce in the response
• Neither party accepts duplicate nonces

Request
Response
Nonce
Nonce
7
Thwarting Replay Attacks

• To prevent changes in the message being replayed
• Message integrity is needed
• Requires a digital signature or equivalent
• See HMAC under IPsec

Message
Digital Signature Or HMAC