1. Field of the Invention
The present invention concerns security against replay attacks of messages transmitted over a network. More particularly, the present invention concerns security against replaying an intercepted message by comparing a unique message enabling code included with the message with a listing of unique message enabling codes stored in a receiving device, in order to determine whether or not to enable processing of the message.
2. Description of the Related Art
Replay attacks of messages transmitted over a network have, unfortunately, become a common occurrence. A replay attack typically consists of a hacker intercepting a message transmitted over a network and then, at some later time, re-transmitting the message to the intended device a second time (or replaying the message). As an example, a message may be transmitted over the Internet from a home or business user to a financial institution for the transfer of money from one account to another. A hacker who intercepts the message may, at some later time, send the message to the financial institution a second time, thereby resulting in a second transfer of funds. As another example, the transmission of a confidential print job over a network to a printer may be intercepted by a hacker, who then may replay (i.e., re-transmit) the print job to the printer at a later time, thereby obtaining the confidential information.
While many transmissions over the network, like the foregoing, may utilize some type of security, such as a digital signature, to verify that the message is genuine, such a signature does little to prevent a replay attack. In this regard, by intercepting the message, the hacker can obtain the necessary signature to replay the message at a later time. Since the signature was validated in the first play of the message, it is also likely to be validated in the second play (playback) of the message.
One technique (known as Kerberos) that has been proposed to address replay attacks involves adding a ticket and a time stamp to a transmitted message. When a message is received by a receiving device, the ticket and time stamp are temporarily retained in the receiving device for a specified time (e.g., 5 minutes). When additional messages are received, the ticket and time stamp of the newly-received messages are extracted to determine whether they are the same as any temporarily retained ticket and time stamp. If so, then an error message is returned. Thus, while this system provides some security against replay attacks, it does however suffer from some problems.
One problem with the foregoing system is an increase in overhead due to each receiving device having to provide sufficient storage space to store used tickets and time stamps. As more and more messages are received, a greater amount of storage space is needed to maintain the used tickets. Moreover, as the number of tickets grows larger and larger, more processing time is required to search for the used tickets, thereby degrading the performance of the system with time.
Additionally, a hacker may be able to delete a temporarily retained ticket and time stamp from the receiving device and then replay the message. Thus, although a ticket and time stamp may have been used once, since the ticket and time stamp are removed from the temporarily retained information, the replayed message will be perceived as being valid; presuming that the message is replayed within an allowable timeframe of the time stamp. As a result, the Kerberos process of temporarily retaining used tickets and time stamps, while providing some protection, still has some weakness in the prevention of replay attacks.