What is a replay attack and how to protect yourself from it?
What is a replay attack? A replay attack is a network, a "Man-in-the-middle" attack that involves intercepting data packets and replaying them. This means resending them as is (with no decryption) to the receiving server. Another common name for this kind of attack is playback attack
What are the dangers?
As a result, depending on the context, the hacker can benefit from the user's rights. Imagine a scenario in which a client sends an encrypted username and password to a server to log in. If a hacker intercepts the communication (using monitoring software) and replays the sequence, they will obtain the same rights as the user. If the system enables password modification, they could even replace it with another one, depriving the user of his access. So, what are the possible solutions?
Session ID
One of the most general solutions is using an ID session (session tokens) for every encrypted component, as well as a component number. Session IDs are generated randomly which makes them unique and thus, they decrease the chances of replaying them. With this solution, there is no interdependency and thus, fewer vulnerabilities.
Message Authentication Code
Another way to prevent replay attacks is to send an arbitrary number (single use) and add a message authentication code (MAC).
Timestamping
Timestamping is (encoded) information as to when a given event occurs. The receiver can broadcast this information with a MAC and then the sender has to give an accurate estimation of it to send them a message. If the estimation is correct, the receiver can then accept the message.
One-time Password
One-time passwords expire after a certain amount of time. They can be used when authenticating transactions or in order to establish communication between two parties.