Increased risk in network security gives rise to various challenges to ensure secure and effective communication between devices in a network. Anti-replay techniques can be employed for secure communication over a network to avoid replay attacks. Anti-replay helps prevent an intercepted packet of data to be sent to a receiver multiple times wherein the sender is unaware of the replay of the message. Anti-replay ensures IP (Internet Protocol) packet-level security by making it difficult for a hacker or other malicious agent to copy message packets and send them repeatedly into the data stream between a source computer and a destination computer.
Most data encryption protocols, such as Internet Protocol Security (IPSec) include anti-replay mechanisms to detect replayed packets at the receiving end. If a receiver cannot detect replayed packets, a hacker can employ the replayed packet to cause the receiver to accept stale data such that the receiver is unaware that the data received is not fresh. In general, time sensitive packets can be greatly affected by such replays.
Further, processing replayed packets can waste resources. Replayed packets can cause the decryption module at the receiving end to unnecessarily expend CPU (central processing unit) or memory resources. An attacker can keep resending a packet thereby wasting system resources and employing the replayed packets in Denial of Service (DoS) attacks as well as attacks to fool the receiver.
As the number of devices in the network increases, these attacks can produce disastrous consequences. Conventionally, these attacks can be avoided by employing a sequence number based anti-replay mechanism that keeps track of sequence numbers in each packet as the packet arrives at the receiver. Each packet is assigned a sequence number by a sender. For example, the first packet sent will have a sequence number of 1, the second 2, and so on. Each time a packet is sent, the receiver verifies that the number is not that of a previously sent packet. When detection of a replayed packet occurs, such that the receiver receives packets out of sequence, the program sends an error message, discards the replayed packet, and logs the event—including in the log entry identifiers such as the date/time received, source address, destination address, and the sequence number.
The traditional sequence number anti-replay mechanism, however, is designed for pair-wise communications between two systems and can only provide replay protection to detect duplicate packets between two systems. It cannot be expanded to protect multi-sender group traffic. For example, if IPSec is employed to protect multi-sender group traffic, replay protection can become problematic since multiple senders can use the same sequence number. Thus, the receiver might drop a valid data packet received from a sender that employed the same sequence number as another sender. In other words, IPSec sequence numbers cannot prevent replay in a multi-sender group traffic scenarios because the uniqueness property of sequence numbers is violated and thus receiving two packets having the same sequence number does not necessarily indicate replay.