Crypto-IT

During replay attacks the intruder sends to the victim the same message as was already used in the victim's communication. The message is correctly encrypted, so its receiver may treat is as a correct request and take actions desired by the intruder.

The attacker might either have eavesdropped a message between two sides before or he may know the message format from his previous communication with one of the sides. This message may contain some kind of the secret key and be used for authentication.

For example, when one makes an order to the bank to transfer money to some specified account, the attacker may eavesdrop the frames. If that happens, the attacker can send the same (correct) messages to the bank one more time, hoping that the bank will transfer money again to the same account (probably connected with the intruder).

There are some methods to avoid replay attacks. First of all, before starting the communication both sides may negotiate and create a random session key, valid only for a specified time and during a specified process. Instead of session keys, it is also reasonable to use timestamps in all messages and accept messages that have not been sent too long ago. The other popular technique is to use one-time passwords for each request. This method of prevention is very often used for banking operations.

In this variation of replay attack, an attacker mixes parts of different ciphertexts and sends them to the victim. Most likely, the newly created message will be incorrect but the receiver may react in such a way which will allow the intruder to obtain more information about the attacked system.