Back to Security Pattern Catalog




Message Replay Detection


Classification Key : Perimeter Security, Spoofing

Problem

How do you protect a service from an attacker who replays an intercepted message?

Solution

Cache an identifier for incoming messages, and use message replay detection to identify and reject messages that match an entry in the replay detection cache. Message replay detection requires that individual messages can be uniquely identified. This ensures that a legitimate message is not rejected because of a match in the replay detection cache. Message replay detection also requires that messages have not been tampered with in transit. This ensures that the replay detection cache does not accept messages that have been captured and modified by an attacker.

Known Uses

A message cache for detecting message replay to thwart an impersonation attack.

Related Patterns

Intercepting Validator

Source

Microsoft Book

Tags

Replay


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz