Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [replay-attack]

Attacks that are based on recording an encrypted and/or signed communication and replaying it at a later time.

Attacks that are based on recording an encrypted communication and replaying it at a later time. For example Alice sends Bob a signed message with an order of a book. Malice records this message sends it again to Bob, creating a second order.

In order to prevent replay attacks, each valid message needs to be unique:

  • The message may contain a serial number and both parties need to keep track of used serial numbers.

  • During a handshake, the recipient may generate a random number (nonce), which the sender must include in her message.

Sometimes session ids or timestamps are used. They narrow the window of opportunity to the validity period of the timestamp or session. But they do not prevent replay attacks entirely.

53 questions
29
votes
3 answers

How does a rolling code work?

I have general questions regarding rolling codes. Basically there is a sender and a receiver. Both have a sequence generator. The receiver checks if the received sequence matches the newly generated. An example used is KeeLoq. Assuming a car opener…
matcauthon
  • 393
  • 1
  • 3
  • 6
10
votes
1 answer

Can I use a HMAC for Replay Attack protection?

I am considering a system where a small device accepts messages/commands from another device over a wireless channel. I am worried about replay attacks. The messages will be encrypted. What are well-vetted schemes for protection against these…
err
  • 195
  • 2
  • 8
9
votes
1 answer

Replay attack prevention in connectionless UDP encrypted communication

What are the options for replay attack prevention when two parties exchange UDP messages. No connection or session is estabilished. Communicating parties have pre shared key that is used for encryption (aes-256) and authentication…
PanJanek
  • 193
  • 1
  • 6
8
votes
1 answer

Is a key ratchet effective against replay attacks?

In the answer to this question, a message counter is used to protect against replay attacks. Could a key ratchet be used instead? The basic idea is that with every message sent, the symmetric encryption key is replaced with a hash of itself. The…
awelkie
  • 203
  • 1
  • 3
6
votes
3 answers

How can I prevent a message replay with RSA?

I am using RSA to encrypt some data but I would like to eliminate the possibility of message replay. By message replay I mean sending a valid message multiple times to the original recipient. It is obvious that an attacker can capture a valid…
Chris Smith
  • 1,202
  • 1
  • 11
  • 18
6
votes
2 answers

Replay attack in ECB mode

How do replay attacks work in ECB mode? I found this in Wikipedia: "ECB mode can also make protocols without integrity protection even more susceptible to replay attacks, since each block gets decrypted in exactly the same way. For example, the…
goldroger
  • 1,737
  • 8
  • 33
  • 41
5
votes
1 answer

Why doesn't this replay attack work on ECDSA?

I've just started working with elliptic curves and ECSDA in particular, so my understanding of the underlying math isn't great. The thing I'm currently stuck on is trying to understand why replay attacks don't work on ECSDA. For this scenario, the…
Kevin Howe
  • 51
  • 1
5
votes
0 answers

How can Alice and Bob safeguard their message exchanges against replay attacks?

Assume Alice and Bob communicate over an insecure channel using one-time perfectly-secret encryption together with one-time secure message authentication code. Say Eve has the ability to eavesdrop and to inject messages into this insecure channel,…
Nick
  • 139
  • 1
  • 1
  • 2
4
votes
1 answer

Replay attacks and LWE

Just a small question. Since in LWE the error is rather small, is there a problem with replay attacks? What I mean is that if we use the typical scheme of Regev [1] to encrypt a vector m, but this vector is sent, e.g. 1000 times, then an…
absinthe_minded
  • 475
  • 4
  • 10
4
votes
1 answer

Why is a nonce used to initialize Hash_DRBG, HMAC_DRBG, and CTR_DRBG?

In NIST 800-90A, Hash_DRBG, HMAC_DRBG and CTR_DRBG (with derivation function) all require a nonce for instantiation. I understand the usual application for a nonce to prevent replay attacks. However, I don't understand the security benefit a nonce…
Natto_Jihen
  • 41
  • 2
3
votes
1 answer

Advantages/disadvantages of different message numbering schemes

For a stream of packets, where each packet is individually encrypted with a block cipher, it's desirable to have each encrypted packet only valid for that position in the stream. A message number would work, but there are many different ways of…
Nuoji
  • 813
  • 1
  • 7
  • 21
3
votes
1 answer

Timestamps, sequence numbers, and nonces for replay attack

What are the best practices or standardized methods to prevent replay attacks in a simple server client setup (preferably where the server is stateless) ? When should timestamps, sequence numbers, and nonces be used, and what is the main…
NuminousName
  • 452
  • 4
  • 14
3
votes
1 answer

Getting a Keeloq manufacturer key

I have seen a lot of articles and research papers about breaking the Keeloq algorithm. My understanding is that the hardest part is getting the 64 bit manufacturer key. Some methods use crypto-analysis and some use power analysis to get the key.…
Tareq Sulaiman
  • 31
  • 1
  • 3
3
votes
3 answers

Prevent replay attack without storage

I am designing a set of low-power sensing motes. Each mote will communicate to a central base over RF. I want the mote to be able to authenticate itself with the base, and send its data without being vulnerable to replay attacks while not using a…
kd5pev
  • 33
  • 1
  • 3
3
votes
1 answer

Avoiding replay attack on certified announcements

Suppose two agents A and B share a common secret and A makes a regular unique 16-byte announcement to B every 10mins which B must verify authenticity. I'm thinking of letting the first 8 bytes be the message and the last 8 bytes be the HMAC(key,…
Kar
  • 473
  • 3
  • 9
1
2 3 4