Protocols insecure against Replay Attack

  • Thread starter ecy5maa
  • Start date
In summary, protocols a, c, and d are all insecure against replay attacks because they do not include a unique identifier that cannot be replicated. Only protocol b is secure because it includes a time-stamp that is hashed with the password, making it impossible to replay the authentication.
  • #1
ecy5maa
30
0

Homework Statement



Determine which of the following protocols are insecure
against replay attack , and explain why:

(a) A → B : username, password

(b) A → B : username, h(timestamp, password)

(c) A → B : username, timestamp, h(password)

(d) A → B : username, h(password), h(timestamp)



The Attempt at a Solution




I know a is insecure, b is secure but I am not certain about c and d.

Off the cuff, in C it seems that h(password) can be replicated as its in the open, as can timestamp, but then if timestamp can be replicated so can h(timestamp). No?

I guess my answer is that a,c and d are all insecure, so if possible can someone provide any input on this?
 
Physics news on Phys.org
  • #2
A is insecure because the password is sent in plaintext, and so it can be replayed.B is secure because the time-stamp is included and is hashed with the password, so it cannot be replayed.C is insecure because the time-stamp can be replayed with the hashed version of the password so the authentication can be replayed.D is also insecure because the time-stamp is included as a hash, so it can be replayed with the hashed version of the password.
 

FAQ: Protocols insecure against Replay Attack

What is a replay attack?

A replay attack is a type of cyber attack where an attacker intercepts and retransmits data that has already been transmitted, with the goal of tricking the system into accepting the repeated data as legitimate.

How do replay attacks occur in protocols?

Replay attacks can occur in protocols that use unencrypted or weakly encrypted communication channels, where the data being transmitted is not protected against interception and retransmission.

3. What are the risks associated with protocols insecure against replay attacks?

The main risk associated with protocols insecure against replay attacks is the potential for unauthorized access to sensitive data or systems. This can lead to identity theft, financial loss, and other negative consequences.

4. How can protocols be made more secure against replay attacks?

Protocols can be made more secure against replay attacks by using strong encryption methods, incorporating timestamp or nonce values, and implementing message authentication codes (MACs) to verify the authenticity of the data being transmitted.

5. What can individuals do to protect themselves against replay attacks?

Individuals can protect themselves against replay attacks by using secure protocols, such as HTTPS, for online transactions and communications. They can also regularly update their passwords and be cautious of suspicious emails or messages that may be attempts to initiate a replay attack.

Similar threads

Back
Top