replay attack


Also found in: Dictionary, Thesaurus, Medical, Legal, Financial, Wikipedia.

replay attack

A breach of security in which information is stored without authorization and then retransmitted to trick the receiver into unauthorized operations such as false identification or authentication or a duplicate transaction. For example, messages from an authorized user who is logging into a network may be captured by an attacker and resent (replayed) the next day. Even though the messages may be encrypted, and the attacker may not know what the actual keys and passwords are, the retransmission of valid logon messages is sufficient to gain access to the network.

Also known as a "man-in-the-middle attack," a replay attack can be prevented using strong digital signatures that include time stamps and inclusion of unique information from the previous transaction such as the value of a constantly incremented sequence number. See piggybacking and hijacking.
References in periodicals archive ?
Thus, as can be seen from Table 1 and Table 2, our proposed method outperforms the state-of-the-art algorithms on CASIA-FAS and Replay Attack databases and shows comparable performances on 3DMAD and UVAD.
[7] claim that, the protocol can be prevented different types of attacks such as the man-in-the-middle replay attacks. However, this protocol lacks a set of necessary security features and limitations: (1) the protocol still lacks mutual authentication; and (2) the AuC deploys public key encrypted message without verify the recipient of the message.
In order to get the statistical results, we run 100 simulations for the covert agent and the replay attack, respectively.
We pay particular attention to message alteration, replay attacks, and identity impersonation of a vehicle.
Replay Attack. To launch the replay attack, an adversary first needs to eavesdrop these messages {[UID.sub.i], [X'.sub.i], [T.sub.i], [M.sub.1], {[M.sub.2], [Y'.sub.j], [T.sub.j]}, and {[M.sub.3], [T'.sub.i]} transmitted between a user [U.sub.i] and a service provider [S.sub.j] and then resends one of them to [U.sub.i] or [S.sub.j].
Besides, our scheme can defend against the replay attack and man-in-middle attack and offer data security, integrity, nonrepudiation, and confidentiality in a cloud environment.
Hence, it is vulnerable to spoofing and replay attack. Moreover, the tag's holder is easily traced and this protocol cannot satisfy forward security.
Second, in the SecOC, a freshness value is included in the authentication of messages [1], and to prevent replay attacks, the same pair of freshness value and key can never be used twice.
Although it was resistant to eavesdropping and impersonation attack but was vulnerable to replay attacks, offline password guessing attacks and password related problems.
(A1) Replay attack resistance: the proposed scheme is secure against replay attack by adding the random nonce [N.sub.1] and the timestamp [T.sub.i] into the message.
Thus, this enhanced RUASN still has the original advantages, such as resisting replay attacks, user impersonation attacks, gateway impersonation attacks, insider attacks, stolen-verifier attacks, offline-password guessing attacks, man-in-the-middle attacks, and gateway secret key guessing attacks.
(i) Replay Attack. The proposed method creates one-time secret key through one-way hash function using time stamp and password.