*** Welcome to piglix ***

Replay attack


A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a masquerade attack by packet substitution.

Another way of describing such an attack is: “an attack on a security protocol using replay of messages from a different context into the intended (or original and expected) context, thereby fooling the honest participant(s) into thinking they have successfully completed the protocol run.”

Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends Alice's password (or hash) read from the last session which Bob accepts, thus granting Eve access.

Replay attacks can be prevented by tagging each encrypted component with a sessionid and a component number. Using this combination of solutions does not use anything that is interdependent on one another. Because there is no interdependency there are fewer vulnerabilities. This works because a unique, random session id is created for each run of the program thus run to run becomes more difficult to replicate. In this case an attacker would be unable to perform the replay because on a new run the session id would have changed.

Session ids, also known as session tokens, are one mechanism that can be used to help avoid replay attacks. The way generating a session id works is as follows.

Session tokens should be chosen by a random process (usually, pseudorandom processes are used). Otherwise Eve may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Eve can then replay her reply at a later time (when the previously predicted token is actually presented by Bob), and Bob will accept the authentication.


...
Wikipedia

...