In this attack a message, or a portion of a message, is recorded and replayed at some later date. For example, an instruction to a bank to transfer a sum of money from account A to account B could be recorded and replayed some time later to fool the bank into making a second payment to account B. The incorporation of a freshness indicator in the message is a means of thwarting attacks of this kind. In this section I introduce three methods for indicating freshness: time stamps, sequence numbers and nonces.
A digital time stamp is analogous to a conventional postmark on an envelope: it provides some check of when a message was sent. Returning to the example of Alice and Bob, Alice could add the time and date to her communication to Bob. If she encrypts this with her own private key, or with a key that is known only to Alice and Bob, then Bob may feel reassured that Alice's message is not an old one that has been recorded and replayed.
which introduced some types of active attack. If the encrypted message and the encrypted time stamp were sent together, could Bob be truly sure of the freshness of the message?
To prevent this kind of message replay attack, the message and the time stamp need to be bound together in some way. One method of doing this is to encrypt them together. Only those in possession of the decryption key can then separate the two elements.
Sequence numbers are an alternative way of indicating freshness. If Alice is sending a stream of messages to Bob she can bind each one to a sequential serial number, and encryption will prevent an eavesdropper from altering any sequence number. If Bob is suspicious he can check that the numbers in Alice's messages are incremented sequentially. It would be a straightforward matter for him to spot a replayed message since the sequence order would be incorrect and its number would duplicate that of an earlier message.
In a connectionless packet-switched network, would sequence numbers provide effective freshness indicators?
This third method of freshness indication uses an unpredictable value in a challenge–response sequence. The sequence of events is illustrated in fig 11 Bob wants to communicate with Alice but she needs reassurance that his message is not an old one that is simply being replayed. She generates some random number, which she encrypts and sends to Bob. He then binds the decrypted version of the random number to his message to Alice. On receipt she checks that the returned number is indeed the one she recently issued and sent to Bob. This number, which is used only once by Alice, is called a nonce (derived from ‘number used once’). The term ‘nonce’ is also often used in a wider sense to indicate any freshness indicator.