A replay attack is a category of network attack in which an attacker detects a data transmission and fraudulently has it delayed or repeated. The delay or repeat of the data transmission is carried out by the sender or by the malicious entity, who intercepts the data and retransmits it. In other words, a replay attack is an attack on the security protocol using replays of data transmission from a different sender into the intended into receiving system, thereby fooling the participants into believing they have successfully completed the data transmission. Replay attacks help attackers to gain access to a network, gain information which would not have been easily accessible or complete a duplicate transaction.
A replay attack is also known as a playback attack.
Unless mitigated, networks and computers subject to replay attack would see the attack process as legitimate messages. One example of a replay attack is to replay the message sent to a network by an attacker, which was earlier sent by an authorized user. Although the messages might be encrypted and the attacker may not get the actual keys, retransmission of valid data or logon messages could help them gain sufficient access to the network. A replay attack can gain access to the resources by replaying an authentication message and can confuse the destination host.
One of the best techniques to avert replay attacks is by using strong digital signatures with timestamps. Another technique that could be used to avoid a replay attack is by creating random session keys which are time bound and process bound. A one-time password for each request also helps in preventing replay attacks and is frequently used in banking operations. Other techniques used against replay attacks include sequencing of messages and non-acceptance of duplicated messages.
0 Comments