T 0.43 Replaying Messages

In this form of attack, attackers send specially prepared messages to individuals or systems with the aim of gaining an advantage for themselves or to cause damage to the victim. To construct the messages in a proper way, attackers use interface descriptions, protocol specifications, or records logging of the communication behaviour from the past.

In practice, there are two important special cases of message replay:

• In a "replay attack" (replay of messages) attackers record valid messages and play this information at a later time almost unchanged. Also only part of a message may suffice, such as a password, to enter into an IT system without authorisation.

• In a "man-in-the-middle attack" the attacker assumes unnoticed a mediating position in the communication among various participants. In general, the attacker pretends here to be the sender of a message to the intended recipient, and he pretends to the recipient that he is the actual sender. If successful, the attacker can receive messages, which are not intended for him, evaluate them and purposefully manipulate them before they are forwarded to the intended recipient.

An encryption of the communication does not protect against man-in-the-middle attacks, if no secure authentication of communication partners is performed.

Examples:

• An attacker records the authentication data (e.g. user ID and password) during a user¿s login and uses this information to gain access to a system. In purely static authentication protocols a password, although if it is transferred in an encrypted way, can be used to illegally access a third party system.
• To cause financial harm to the employer (company or public body), an employee places an approved purchase order several times.