Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Replay attack
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Prevention and countermeasures== Replay attacks can be prevented by tagging each [[Encryption|encrypted]] component with a [[session ID]] and a component number.<ref name=":0" /> This combination of solutions does not use anything that is interdependent on one another. Due to the fact that there is no interdependency, there are fewer vulnerabilities. This works because a unique, random session ID is created for each run of the program; thus, a previous run becomes more difficult to replicate. In this case, an attacker would be unable to perform the replay because on a new run the session ID would have changed.<ref name=":0" /> [[Session ID]]s, also known as session tokens, are one mechanism that can be used to help avoid replay attacks. The way of generating a session ID works as follows. # Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob. For example, she would use the token to compute a hash function of the session token and append it to the password to be used. # On his side Bob performs the same computation with the session token. # If and only if both Aliceβs and Bobβs values match, the login is successful. # Now suppose an attacker Eve has captured this value and tries to use it on another session. Bob would send a different session token, and when Eve replies with her captured value it will be different from Bob's computation so he will know it is not Alice. Session tokens should be chosen by a random process (usually, [[Pseudorandomness|pseudorandom]] processes are used). Otherwise, Eve may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Eve can then replay her reply at a later time (when the previously predicted token is actually presented by Bob), and Bob will accept the [[authentication]]. [[One-time password]]s are similar to session tokens in that the password expires after it has been used or after a very short amount of time. They can be used to authenticate individual transactions in addition to sessions. These can also be used during the authentication process to help establish trust between the two parties that are communicating with each other. Bob can also send [[Cryptographic nonce|nonce]]s but should then include a [[message authentication code]] (MAC), which Alice should check. [[Timestamping (computing)|Timestamping]] is another way of preventing a replay attack.<ref>{{Cite journal|last1=Ferrara|first1=Pietro|last2=Mandal|first2=Amit Kr|last3=Cortesi|first3=Agostino|last4=Spoto|first4=Fausto|date=2020-11-24|title=Static analysis for discovering IoT vulnerabilities|journal=International Journal on Software Tools for Technology Transfer|language=en|volume=23|issue=1|pages=71β88|doi=10.1007/s10009-020-00592-x|issn=1433-2779|doi-access=free|hdl=10278/3734701|hdl-access=free}}</ref> [[Synchronization]] should be achieved using a secure protocol. For example, Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tolerance. Timestamps are also implemented during [[mutual authentication]], when both Bob and Alice authenticate each other with unique session IDs, in order to prevent the replay attacks.<ref>Dewanta, Favian and Masahiro Mambo. 2019. βA Mutual Authentication Scheme for Secure Fog Computing Service Handover in Vehicular Network Environment.β IEEE Access 7:103095β114.</ref> The advantages of this scheme are that Bob does not need to generate (pseudo-) random numbers and that Alice doesn't need to ask Bob for a random number. In networks that are [[Unidirectional network|unidirectional]] or near unidirectional, it can be an advantage. The trade-off being that replay attacks, if they are performed quickly enough, i.e. within that 'reasonable' limit, could succeed. ===Kerberos protocol prevention=== The [[Kerberos (protocol)|Kerberos authentication protocol]] includes some countermeasures. In the classic case of a replay attack, a message is captured by an adversary and then replayed at a later date in order to produce an effect. For example, if a banking scheme were to be vulnerable to this attack, a message which results in the transfer of funds could be replayed over and over to transfer more funds than originally intended. However, the Kerberos protocol, as implemented in Microsoft Windows Active Directory, includes the use of a scheme involving time stamps to severely limit the effectiveness of replay attacks. Messages which are past the "time to live (TTL)" are considered old and are discarded.<ref>{{Cite web|url=https://redmondmag.com/articles/2012/02/01/understanding-the-essentials-of-the-kerberos-protocol.aspx|title=Kerberos Authentication 101: Understanding the Essentials of the Kerberos Security Protocol|last=Olsen|first=Geir|date=1 February 2012|website=Redmond Magazine|language=en|access-date=2017-06-13}}</ref> There have been improvements proposed, including the use of a triple password scheme. These three passwords are used with the authentication server, ticket-granting server, and TGS. These servers use the passwords to encrypt messages with secret [[Key (cryptography)|keys]] between the different servers. The [[encryption]] that is provided by these three keys help aid in preventing replay attacks.<ref>{{Cite journal|last1=Dua|first1=Gagan|title=Replay Attack Prevention in Kerberos Authentication Protocol Using Triple Password|journal=International Journal of Computer Networks & Communications|volume=5|issue=2|pages=59β70|arxiv=1304.3550|year=2013|doi=10.5121/ijcnc.2013.5205|s2cid=9715110}}</ref> ===Secure routing in ad hoc networks=== [[Wireless ad hoc network]]s are also susceptible to replay attacks. In this case, the authentication system can be improved and made stronger by extending the [[Ad hoc On-Demand Distance Vector Routing|AODV]] protocol. This method of improving the security of Ad Hoc networks increases the security of the network with a small amount of overhead.<ref>{{cite book|last1=Zhen|first1=Jane|title=Ad-Hoc, Mobile, and Wireless Networks|volume=2865|pages=140β150|doi=10.1007/978-3-540-39611-6_13|chapter=Preventing Replay Attacks for Secure Routing in Ad Hoc Networks|series=Lecture Notes in Computer Science|year=2003|isbn=978-3-540-20260-8}}</ref> If there were to be extensive [[Overhead (computing)|overhead]] then the network would run the risk of becoming slower and its performance would decrease. By keeping a relatively low overhead, the network can maintain better performance while still improving the security. === Challenge-Handshake Authentication Protocol === Authentication and sign-on by clients using [[Point-to-Point Protocol]] (PPP) are susceptible to replay attacks when using [[Password Authentication Protocol]] (PAP) to validate their identity, as the authenticating client sends its username and password in "[[Plaintext|normal text]]", and the authenticating server then sends its acknowledgment in response to this; an intercepting client is therefore, free to read transmitted data and impersonate each of the client and server to the other, as well as being able to then store client credentials for later impersonation to the server. [[Challenge-Handshake Authentication Protocol]] (CHAP) secures against this sort of replay attack during the authentication phase by instead using a "challenge" message from the authenticator that the client responds with a hash-computed value based on a [[shared secret]] (e.g. the client's password), which the authenticator compares with its own calculation of the challenge and shared secret to authenticate the client. By relying on a shared secret that has not itself been transmitted, as well as other features such as authenticator-controlled repetition of challenges, and changing identifier and challenge values, CHAP provides limited protection against replay attacks.<ref>{{Cite journal|url=https://tools.ietf.org/html/rfc1994|title=RFC 1994 β PPP Challenge Handshake Authentication Protocol (CHAP)|last=Simpson|first=William Allen|website=tools.ietf.org|year=1996 |doi=10.17487/RFC1994 |language=en|access-date=2018-09-12|url-access=subscription}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)