5.12 REPLAY IT AGAIN SAM!
EXERCISE 5.12: REPLAY IT AGAIN SAM!
Use either MAC or signatures to send a message from Alice to Bob or vice versa. Include a nonce in the message to prevent replays using all three mechanisms described in this section. Send some replays from Eve and try to get around Alice and Bob’s defenses.
It is impossible for Eve to get around this defense, if the defense is using all three mechanisms.
The three mechanisms are:
- Adding timestamp to every message
- Adding nonce/ID-ing every message
- Adding a sender and receiver to every message.
For those that want to go an extra mile…
Alice and Bob, can use a redis db, to store the id of every message with in some window, say 24 hours. They can use SET <id of message> <some value> EX 86400. Then, any time a message comes in, they check if the id of the message is already in their DB. If it is, it is a replay attack. They can use the TTL command to check the existence of the key:
But even before they check in the database, Alice and Bob need to check first if the timestamp of the message is earlier than 24 hours. If it is, Eve might be performing a replay attack, and they must ignore the message with out further processing.
Where is this useful in the real world?
One example I can come up with, that actually happened to me: integrating with Google AdMob’s Server Side Verification when a user completes watching a video of a rewarded ad.