Replay attack

最新推荐文章于 2024-04-28 10:56:45 发布

波特王子

最新推荐文章于 2024-04-28 10:56:45 发布

阅读量2k

点赞数

分类专栏：信息安全

信息安全专栏收录该内容

12 篇文章

订阅专栏

Source: http://en.wikipedia.org/wiki/Replay_attack

A replay attack is a form of network attack in which a valid data transmission is maliciously(恶意地) or fraudulently（欺骗地） repeated or delayed. This is carried out either by the originator or by an adversary（对手） who intercepts（截获） the data and retransmits it, possibly as part of a masquerade attack（伪装攻击） by IP packet substitution (such as stream cipher attack（流密码攻击）).

Example

Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Trudy is eavesdropping（窃听） on the conversation and keeps the password (or the hash). After the interchange is over, Trudy (posing as Alice) connects to Bob; when asked for a proof of identity, Trudy sends Alice's password (or hash) read from the last session, which Bob accepts.

Countermeasures（对策）

A way to avoid replay attacks is by using session tokens（会话令牌）: Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Trudy has captured this value and tries to use it on another session; Bob sends a different session token, and when Trudy replies with the captured value it will be different from Bob's computation.

Session tokens should be chosen by a (pseudo-) random process. Otherwise Trudy may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Trudy can then replay her reply at a later time (when the previously predicted token is actually presented by Bob), and Bob will accept the authentication.

One-time passwords（一次性密码） are similar to session tokens in that the password expires after it has been used or after a very short amount of time. They can be used to authenticate individual transactions in addition to sessions. The technique has been widely implemented in personal online banking systems.

Bob can also send nonces（一次性随机数） but should then include a message authentication code (MAC，消息认证码), which Alice should check.

Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tolerance. The advantage of this scheme is that Bob does not need to generate (pseudo-) random numbers.