Messages exchanged between two or more parties in a wireless network or over the Internet are vulnerable to eavesdropping and manipulation by other parties. Security is required to protect the confidentiality and integrity of the message exchanges. Typically, messages are protected through encrypting and authenticating the messages with a pairwise temporal key (PTK) or session key that is shared between the intended parties.
However, even if a malicious third party cannot decrypt an encrypted message or forge an authenticated message because it does not have the PTK, the third party can cause other problems during a communication session between a sender and intended recipient. By capturing encrypted and/or authenticated messages and resending them one or more additional times to the intended recipient (i.e. replaying the messages), a malicious third party may cause the intended recipient to act on the same single message multiple times. Such a message replay attack may result in a dangerous condition depending upon the actions that are triggered in the intended recipient by the replayed message. For example, if the intended recipient takes a medical action in response to an original message, the replayed message(s) would result in taking excessive actions, such as causing the recipient to over-dispense medication.