What is a Replay Attack and how to prevent it
7 min read
If you’ve made it this far, you’ve probably been the victim of some kind of theft or, simply, the title of this post intrigued you and you want to know what a Replay Attack is. In both cases you have come to the right place! Today you will learn what a Replay Attack is and how to prevent it.
What Replay Attack Means: Definition
A Replay Attack o is a type of network attack in which a hacker detects a data transmission and gets access to confidential data acting as original sender and sending a communication to its original destination.
Hence, this attack makes the receiver think that the message is an authenticated message when in fact it was sent by a hacker. If the recipient forwards the message, the attack is successful. Since the recipient receives the same message twice, it is called Replay Attack.
To make you understand, a Replay Attack occurs when the message sent by an attacker to a network is replayed and was previously sent by an authorized user. While messages may be encrypted and the attacker may not obtain the real keys, retransmission of valid data may help to gain sufficient access to network resources.
The most interesting thing is that networks and equipment subject to Replay Attack see the attack as legitimate messages.
The replay attack is often compared to the Man in the middle attack , MitM).
In cryptography, a MitM occurs when the attacker can observe and intercept messages between two victims and ensure that none of the victims know that the link between them has been breached.
Usually, a man in the middle attack is just a general term for almost any attack where the hacker captures traffic between two hosts. So we can say that the Replay Attack is a specific type of Mitm.
A frequent example of Replay Attack is data theft from credit cards.
Imagine that a hacker intercepted the credit card information of a customer who is paying in a store, and then sent this data over the Internet and made fraudulent purchases.
Another example could be the theft of confidential information via e-mail.
One of the features of the Replay Attack is that the attacker gives proof of his identity and authenticity.
How to Prevent a Replay Attack
Although this type of attack may seem very dangerous and difficult to detect, the good news is that is relatively easy to avoid and there are several methods that can work to avoid Replay Attack.
Among these, the ones you will find below seem to be the most effective:
- Use of solid electronic signatures with time stamps;
- Create random access keys that have a time limit;
- Use a disposable password for each request (as for banking);
- Use sequence of messages and non-acceptance of duplicate messages.
How does the Replay Attack affect the world of cryptocurrencies?
As mentioned above, Replay Attacks do not apply only to credit cards and, unfortunately, also affect the world of cryptocurrencies.
The reason why Replay Attack can be generated is that the blockchain of a certain cryptocurrency can undergo updates that result in hard forks or bifurcations of the chain.
When a hard fork takes place, there is a split between the protocol and the ledger, and 2 larger books are created governed by 2 separate protocols.
So the blockchain is split in two: one runs the inherited version of the software and the other runs the new updated version.
In addition, some Hard Forks result in the creation of a new cryptocurrency (see the case of Ethereum Classic (ETC) or Bitcoin Cash (BCH) ).
It is therefore more likely that during one of these forks, cybercriminals take the opportunity to perform a Replay Attack contra la blockchain.
This is because, with the fork, a transaction processed in the blockchain by one person, whose wallet was valid before the hard fork, will be valid in the other.
This means that a person who receives a certain amount of cryptocurrency tokens from another person through a blockchain, could move to the other blockchain, replicate the transaction and fraudulently transfer an identical number of units to his account for the second time.
Imagine that a user tries to send coins on the Bitcoin blockchain and the network reflects the action on the other chain (that of Bitcoin Cash), the result of the bifurcation. This means that when 1 BTC is sent, 1 BCH is also sent, without the user noticing.
How to protect blockchains from Replay Attack?
Although the vulnerability of forked blockchain ledgers to this type of attack is a real concern, most hard forks include security protocols designed to prevent these attacks from being successful.
The most effective measures against Replay Attack blockchain are divided into two categories:
Strong Replay Protection
In the Strong Replay Protection, a special bookmark is added to the new ledger that emerges from the hard fork, to ensure that transactions made on it are invalid in the inherited ledger and vice versa. This is the kind of protection that was put in place when Bitcoin Cash was forked from Bitcoin. Bitcoin Cash implemented a unique indicator that would allow Bitcoin Cash nodes to distinguish spent transactions on the legacy Bitcoin chain as independent of the Bitcoin Cash chain.
Opt-in Replay Protectio
Opt-in protection is usually implemented when the hard fork is the result of an update of the main ledger of a cryptocurrency and not a complete split of it.
This type of protection requires users to manually make changes to their transactions to make sure they cannot be replayed.
In addition to these strategies used to implement replay protection, there are some other techniques that help mitigate replay attacks if the cryptocurrency used by users does not provide protection from replay.
For example, users can also take measures to protect themselves from being a victim of Replay Attack.
An easy protection against Replay attacks is to block the transfer of cryptocurrencies until the ledger reaches a certain number of blocks, thus preventing the network from checking for any Replay attacks involving those monetary units.
In case of not spending any cryptocurrencies until the problems with the new fork are solved, the Replay attack will not find any vulnerable flaws and, for this reason, this method is an effective solution.