Monday, December 21, 2015

What is a Replay Attack ?



A Replay Attack is an attack in which the attacker repeats or delays a valid transmission and fraudulently re-transmits it. Using this approach, an attacker can fraudulently authenticate himself to a system though he is not authorized to do so.





How is Replay Attack perpetrated

Let's suppose, Alice and Bob are communicating with each other over the network. Bob wants to authenticate himself to Alice. So, Bob will provide his password which will then be transmitted over the network in encrypted fashion, may be as a password hash.

Suppose Charles is an attacker. He listens to the conversation between Alice and Bob and reads Bob's password while it was transmitted to Alice. So, after the session is over between Alice and Bob, Charles opens a connection to Alice. When the system asks for authentication, Charles provides Bob's password which he had read and fraudulently copied.

So, Alice's system will not understand the deception and authenticate Charles. Charles at this point will gain access to Alice's system and use that connection for malicious purposes like stealing sensitive data or performing even more attacks.



Prevention 

We can take a couple of steps to prevent this type of attacks :

  • At the time of authentication, Alice can first send a session token like a random number to Bob. Bob can now append the hashed token value with his password and send the resultant encrypted hash to Alice. Alice will now decrypt the token and if there is a match, she will authenticate Bob. If we take this approach, then even if Charles later repeats the encrypted hash to Alice, the token value will not match and authentication will not be possible. This session token value should be a random number rather than a some other calculated number. Because that will reduce the possibility of guessing the session token by Charles.
  • One Time Password is also another approach to prevent this attack. This One Time Passwords expire after a short period of time. So, if Charles repeats the communication after that interval, he cannot authenticate himself.
  • Sending Time Stamp is another way to prevent this attack. Alice can periodically transmit her time. And when Bob will want to communicate with Alice, he needs to append the time in his clock at the time of authentication. In this approach, Alice does not need to generate random numbers.



So, this was a very short article on Replay Attack just for your information. Hope you enjoyed it.

No comments:

Post a Comment