Back to Security Pattern Catalog
Message Replay Detection
: Perimeter Security, Spoofing
How do you protect a service from an attacker who replays an intercepted message?
Cache an identifier for incoming messages, and use message replay detection to identify and reject messages that match an entry in the replay detection cache. Message replay detection requires that individual messages can be uniquely identified. This ensures that a legitimate message is not rejected because of a match in the replay detection cache. Message replay detection also requires that messages have not been tampered with in transit. This ensures that the replay detection cache does not accept messages that have been captured and modified by an attacker.
A message cache for detecting message replay to thwart an impersonation attack.
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz