What Is a Replay Attack?
Replay Attacks, also known as replay attacks and replay attacks, refer to an attacker sending a packet that the destination host has received to deceive the system. It is mainly used in the identity authentication process and destroys the correctness of authentication. Replay attacks can be carried out by the initiator or by an adversary who intercepts and retransmits the data. The attacker uses network monitoring or other methods to steal authentication credentials, and then sends it back to the authentication server. Replay attacks can occur in any network pass, and it is one of the common attacks used by hackers in the computer world. [1]
- The basic principle of a replay attack is to resend previously eavesdropped data to the receiver. Many times, the data transmitted on the network is encrypted, and at this time the eavesdropper cannot get the exact meaning of the data. But if he knows the role of the data, he can fool the receiver by sending the data again without knowing the content of the data. For example, some systems will simply encrypt the authentication information for transmission. Although attackers cannot eavesdrop on the password, they can first intercept the encrypted password and then replay it, thereby using this method to carry out effective attacks. . As another example, suppose that in an online deposit system, a message indicates that a user has withdrawn a deposit. An attacker can send this message multiple times to steal the deposit. [2]
- 1. According to the relationship between the receiver of the replay message and the intended receiver of the message, replay attacks can be divided into 3 types:
- The first is direct replay, that is, replay to the original verifier, and the sender and receiver of the direct replay are unchanged.
- The second is reverse playback, which reverses the message originally sent to the receiver to the sender.
- The third is the third-party replay, which replays the message to other verifiers in the domain. [3]
- (1) Add random numbers . The advantage of this method is that the two sides of the authentication do not need time synchronization, and the two sides remember the used
- The main effects of replay attacks are as follows:
- · Ingenious implementation of information injection, no need to understand and analyze communication protocols;
- · A traffic attack is implemented, that is, the transmission delay of the normal data stream is affected by the additional data stream, which consumes the bandwidth of the communication link;
- · Possible error attacks have been implemented. The general link communication protocols all implement flow control functions. Through data stream playback, it is likely to interfere with normal flow control windows and data frame transmission (response) sequence numbers, resulting in data retransmission. Or received by mistake. [5]