|
A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack. Jump to: navigation, search A computer network is a system for communication among two or more computers. ...
In cryptography, an adversary (rarely opponent, enemy) is a malicious entity whose aim is to prevent the users of the cryptosystem from achieving their goal (primarily privacy, integrity and availability of data). ...
Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Mallory is eavesdropping the conversation and keeps the password. After the interchange is over, Mallory connects to Bob posing as Alice; when asked for a proof of identity, Mallory sends Alice's password read from the last session, which Bob must accept. Alice and Bob are common archetypal characters used in explanations in fields such as cryptography and physics. ...
A hash function or hash algorithm is a function for summarizing or probabilistically identifying data. ...
A way to avoid replay attacks is using session tokens: Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Mallory has captured this value and tries to use it on another session; Bob sends a different session token, and when Mallory replies with the captured value it will be different than Bob's computation. Jump to: navigation, search A session token is a unique identifier that is genarated and sent from the server to the client to identify that current session. ...
Session tokens should be chosen by a (pseudo-) random process. Otherwise Mallory may be able to guess some future token and convince Alice to use that token in her transformation. Mallory can then replay her reply at a later time, which Bob will accept. In ordinary language, the word random is used to express apparent lack of purpose or cause. ...
Bob can also send nonces but should then include a Message authentication code (MAC), which Alice should check. Nonce means for the present time or for a single occasion or purpose, although the word is not often found in general use. ...
A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. ...
Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tollerance. The advantage of this scheme is that Bob does not need to generate (pseudo) random numbers. Synchronization is coordination with respect to time. ...
See also | 
Feeds |
Contact