Replay Attack

Replay Attack

A Replay attack occurs when a third party captures a command in transmission and replays it at a later time. By capturing the correct messages, an intruder may be able to gain access to a secure computer or execute commands which are normally encrypted and unreadable. It is often not necessary to decifer the command to use it. Because of this, "Replay attacks are typically simple to perform and require little or no sophistication.”

The Replay attack is simple because it is not difficult to capture the commands to be replayed. An user on a network can run a sniffer program and capture all packets that travel over the network. "Many popular Virtual Private Network (VPN) daemons for Unix and Linux operating systems could allow a remote attacker to launch a replay attack using a sniffer tool to capture encrypted packets and replay them at a later time.  The fact that these packets are encrypted is not a problem. Replay attacks look for systems with weak authentication.

When a user sends a computer command or transmission from one machine to another we want that communication to be secure. There are three different attributes that secure communications should have: secrecy, integrity, and authentication. 

Secrecy means that only the sender and receiver are able to understand the message. This can be achieved with a number of symetric or public key encription schemes. Integrity means that the message is not changed in transmission. It means the reciever got the exact data that the sender transmitted and the message has not been tampered with or changed in transmission. This can also be achived in encription schemes with the addition of hash values or message digests. These functions calculate a unique mathematical value for the message. The receiver can recalculate the hash to see that the message is unchanged.

Authentication, the third attribute of secure communications, means that both the sender and receiver know the identity of each other. If the reciver can not verify the identity of the sender, he is vulnerable to a replay attack. A command captured by a third party can be replayed at a later time and accaepted as true by the reciever. 

Older technology is most vulnerable to replay attacks. For example, telnet transmits its information in clear text with no encryption. "This makes you susceptible to replay attacks in which a cracker simply plays back your username and password." The answer is not with fancier technology. Biometrics offers sophisticated ways to identify a person. Using a fingerprint reader, a remote machine can identify the user. But, "then there's nothing to prevent an attacker from sniffing a fingerprint reading and then replaying it later to masquerade as the fingerprint's owner." The best encryption and identification does nothing if the reciever of a message can not be sure of who sent it.

To prevent Replay attacks, an encryption system needs to include a way for sender and receiver to verify each others identity. This can be done by passing back and forth a one time unique number, or "nounce." For applications where no possibility of replay attacks can be tolerated the server can use one-time response digests which will not be honored for a second time." This is a way of building authentication into the transport layer of internet software. There are also approaches that add security to the IP network layer. 

For more explanation watch this video

References 

• http://all.net/CID/Attack/papers/Replay.html
• http://all.net/CID/Attack/papers/Replay.html
• https://msdn.microsoft.com/en-us/library/aa738652(v=vs.110).aspx