Message Replay Detection
Classification Key
: Perimeter Security, Spoofing
Problem
How do you protect a service from an attacker who replays an intercepted message?
Solution
Cache an identifier for incoming messages, and use message replay detection to identify and reject messages that match an entry in the replay detection cache. Message replay detection requires that individual messages can be uniquely identified. This ensures that a legitimate message is not rejected because of a match in the replay detection cache. Message replay detection also requires that messages have not been tampered with in transit. This ensures that the replay detection cache does not accept messages that have been captured and modified by an attacker.
Known Uses
A message cache for detecting message replay to thwart an impersonation attack.
Related Patterns
Intercepting Validator
Source
Microsoft Book
Tags
Replay
|