A replay attack occurs when an attacker taps into a secure network communication, intercepts it, and then fraudulently delays or resends it.
It is also known as a playback attack.
The aim of the attacker is to misdirect the recipient into doing what he wants.
Replay attacks help attackers to gain access to a network, gain information which would not have been easily accessible or complete a duplicate transaction.
To put it simply, a replay attack is an attack on the security protocol using replays of data transmission from a different sender into receiving system, thereby fooling the participants into believing they have successfully completed the data transmission.
Example of how replay attack works
Consider when one makes an order to the bank to transfer money to a specific account.
The attacker may eavesdrop the frames making him be in a position to resend it.
Because it is an authenticated message, the attacker can resend the same message to the bank, hoping that the bank will transfer money again to the same account or a different one.
Since the message is already correctly encrypted and looks legitimate to the bank, it may go unsuspected thus leading to large sums of money being transferred to the attacker’s bank account.
Prevention and countermeasures for replay attacks
Preventing this attack requires having the right method of encryption.
All encrypted messages carry keys within them, and when they are decrypted at the end of the transmission, they open the message.
The danger of replay attacks is that an attacker does not need advanced skills to decrypt a message after getting it from the network.
All he or she has to do is capture and resend the entire thing, message, and key, together.
Here are 5 methods to prevent replay attacks:
- Use one-time passwords for each request.
- Use strong digital signatures with timestamps.
- Create random session keys that are time-bound and process bound.
- The parties should only accept messages that have not been sent too long ago.
- In addition, sequencing of messages and non-acceptance of duplicate messages is also against replay attacks.
The newly created message is often incorrect but the receiver’s reaction enables the intruder to obtain more information about the system.