Replay Attack

What Does Replay Attack Mean?

A replay attack is a category of network attack in which an attacker detects a data transmission
and fraudulently has it delayed or repeated. The delay or repeat of the data transmission
is carried out by the sender or by the malicious entity, who intercepts the data and
retransmits it. In other words, a replay attack is an attack on the security protocol
using replays of data transmission from a different sender into the intended
into receiving system, thereby fooling the participants into believing they
have successfully completed the data transmission. Replay attacks help attackers to gain access to a network, gain information which would not
have been easily accessible or complete a duplicate transaction.

Advertisements

A replay attack is also known as a playback attack.

Techopedia Explains Replay Attack

Unless mitigated, networks and computers subject to replay attack would see the attack process as legitimate messages. One example of a replay attack is to replay the message sent to a network by an attacker, which was earlier sent by an authorized user. Although the messages might be encrypted and the attacker may not get the actual keys, retransmission of valid data or logon messages could help them gain sufficient access to the network. A replay attack can gain access to the resources by replaying an authentication message and can confuse the destination host.

One of the best techniques to avert replay attacks is by using strong digital signatures with timestamps. Another technique that could be used to avoid a replay attack is by creating random session keys which are time bound and process bound. A one-time password for each request also helps in preventing replay attacks and is frequently used in banking operations. Other techniques used against replay attacks include sequencing of messages and non-acceptance of duplicated messages.

Advertisements

Related Terms

Margaret Rouse

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.