Replay Attack

Why Trust Techopedia

What Does Replay Attack Mean?

A replay attack is a category of network attack in which an attacker detects a data transmission
and fraudulently has it delayed or repeated. The delay or repeat of the data transmission
is carried out by the sender or by the malicious entity, who intercepts the data and
retransmits it. In other words, a replay attack is an attack on the security protocol
using replays of data transmission from a different sender into the intended
into receiving system, thereby fooling the participants into believing they
have successfully completed the data transmission. Replay attacks help attackers to gain access to a network, gain information which would not
have been easily accessible or complete a duplicate transaction.

Advertisements

A replay attack is also known as a playback attack.

Techopedia Explains Replay Attack

Unless mitigated, networks and computers subject to replay attack would see the attack process as legitimate messages. One example of a replay attack is to replay the message sent to a network by an attacker, which was earlier sent by an authorized user. Although the messages might be encrypted and the attacker may not get the actual keys, retransmission of valid data or logon messages could help them gain sufficient access to the network. A replay attack can gain access to the resources by replaying an authentication message and can confuse the destination host.

One of the best techniques to avert replay attacks is by using strong digital signatures with timestamps. Another technique that could be used to avoid a replay attack is by creating random session keys which are time bound and process bound. A one-time password for each request also helps in preventing replay attacks and is frequently used in banking operations. Other techniques used against replay attacks include sequencing of messages and non-acceptance of duplicated messages.

Advertisements

Related Terms

Margaret Rouse
Editor

Margaret jest nagradzaną technical writerką, nauczycielką i wykładowczynią. Jest znana z tego, że potrafi w prostych słowach pzybliżyć złożone pojęcia techniczne słuchaczom ze świata biznesu. Od dwudziestu lat jej definicje pojęć z dziedziny IT są publikowane przez Que w encyklopedii terminów technologicznych, a także cytowane w artykułach ukazujących się w New York Times, w magazynie Time, USA Today, ZDNet, a także w magazynach PC i Discovery. Margaret dołączyła do zespołu Techopedii w roku 2011. Margaret lubi pomagać znaleźć wspólny język specjalistom ze świata biznesu i IT. W swojej pracy, jak sama mówi, buduje mosty między tymi dwiema domenami, w ten…