Question

Cyber Security Q&R

Alice || Bob ll r Cathy Cathy Bob Alice {Alice || Bob Il ri ll ks Il ( Alice Il ks Kał kA Alice Alice II ks ) ke Alice Alice Bob Alice Bob Charge an iPhone X to my credit card 12345678 and have it delivered to my house) ks Alice Bob

Based on the above message exchange between the parties, can Eve launch a successful replay attack??

If no, then explain. If yes, draw a similar picture as the above image with all the messages exchanged.

Thanks!!

Answer 1

Answer:

A replay attack is a class of system attack in which an assailant distinguishes an information transmission and deceitfully has it postponed or rehashed. The deferral or rehash of the information transmission is completed by the sender or by the vindictive element, who captures the information and retransmits it. As it were, a replay attack is an attack on the security convention utilizing replays of information transmission from an alternate sender into the expected into getting framework, in this way tricking the members into trusting they have effectively finished the information transmission. Replay assaults assist assailants with gaining access to a system, gain data which would not have been effectively available or finish a copy exchange.

A replay attack is otherwise called a playback attack.

Except if relieved, systems and PCs subject to replay attack would see the attack procedure as genuine messages. One case of a replay attack is to replay the message sent to a system by an aggressor, which was prior sent by an approved client. Despite the fact that the messages may be encoded and the aggressor may not get the real keys, retransmission of substantial information or logon messages could enable them to increase adequate access to the system. A replay attack can access the assets by replaying a validation message and can confound the goal have.

Extraordinary compared to other strategies to turn away replay assaults is by utilizing solid advanced marks with timestamps. Another procedure that could be utilized to dodge a replay attack is by making irregular session keys which are time bound and process bound. A one-time secret phrase for each demand additionally helps in forestalling replay assaults and is every now and again utilized in managing an account tasks. Different systems utilized against replay assaults incorporate sequencing of messages and disapproval of copied messages.

Here is an ex\mple of replay attack

A case of replay attack on TAP introductory confirmation convention. í µí±2 ′ : Intruder í µí±(í µí° ¶ í µí± ) blocks M2 and replays the message towards í µí± í µí± ′ . í µí±3 ′ : í µí±í µí°¸íµí°¸í µí± gets comparative numerous join demands from í µí± í µí± and í µí± í µí± ′ , which is a possible sign of a noxious client. í µí±í µí°¸íµí°¸í µí± will send í µí±4 and í µí±4 ′ to í µí± í µí± and í µí± í µí± ′ , separately. The two messages comprise of an alarm flag and two unique difficulties. í µí±6 ′ : The gatecrasher neglects to finish the assault, as the normal answer is í µí°¸íµí°¸í µí± í µí± (í µí° ¶ í µí± ||í µí± 1 ′ + 1), and í µí± í µí± ′ advises í µí±í µí°¸íµí°¸í µí± of the presence of an interloper. b) Replay assault on Re-Authentication Protocol-1 For the situation of {í µí± í µí± ′ , í µí± í µí± }∆í µí±í µí°¸íµí°¸í µí± , the gatecrasher í µí±(í µí° ¶ í µí± ) can replay a couple of messages in re-confirmation convention 1; in any case, it neglects to finish the convention run and the nearness of the interloper is in this manner identified after a couple of messages are traded.