Current location - Quotes Website - Personality signature - Network security-replay attack and its defense
Network security-replay attack and its defense
Playback attack means that the attacker sends the data packet that the destination host has received to deceive the system, which is mainly used in the identity authentication process and destroys the correctness of authentication. Replay attacks can be carried out by the initiator or the enemy who intercepts and forwards data. Attackers use network monitoring or other means to steal authentication credentials and then resend them to the authentication server. Replay attack can occur in any network communication process, and it is one of the commonly used attack methods of hackers in the computer field. According to the relationship between the recipient of the replayed message and the original recipient of the message.

The advantage of this method is that both parties do not need time synchronization, and both parties remember the random number used. If any previously used random number is found in the message, it is considered as a replay attack. The disadvantage is that the random number used needs extra storage. If the recording period is long, the cost of saving and querying will be high.

The advantage of this method is that there is no need to save additional information. The disadvantage is that both parties need accurate time synchronization, and the better the synchronization, the less likely it is to be attacked. But when the system is huge and spans a wide area, it is not easy to achieve accurate time synchronization. (Limited by network conditions and clients)

That is, both parties add an increasing integer to the message, and as long as they receive a discontinuous sequence number message (too big or too small), they think there is a replay threat. The advantage of this method is that it does not need time synchronization, and the amount of information saved is smaller than that of random number method. The disadvantage is that once the attacker successfully decrypts the message, he can get the serial number, thus deceiving the authentication terminal by incrementing the serial number every time.

Nonce is a random string that is valid only once, and requires different parameters every time, so this parameter is generally related to timestamp. For convenience, we directly use the timestamp as the seed here, and randomly generate a 16-bit string as the nonce parameter.

Every HTTP request needs to add a timestamp parameter, and then digitally sign the timestamp with other parameters. Because a normal HTTP request will never arrive at the server for more than 60s, the server first judges whether the timestamp parameter exceeds 60s compared with the current time after receiving the HTTP request, and if it exceeds 60s, it is considered as an illegal request.

Our common mechanism to prevent replay is the replay mechanism composed of timestamp and nonce.

The timestamp of each request cannot exceed the current time by a specific time (60 seconds). In this way, even if the request is intercepted, the replay attack can only be carried out within 60 seconds, and it will be invalid after the expiration.

But the attacker still has 60 seconds to attack. So we need to add a nonce random number to prevent repeated requests within 60 seconds.

Chrome now supports DNSOVERHTTPS encryption service.

In the latest GoogleChromeV83 MeV 83 stable version, DNS (DNS-over-HTTPS) based on HTTPS is officially launched.

DNS over HTTPS is a controversial internet privacy technology, which can encrypt DNS connections and hide them in common HTTPS traffic, thus making it impossible for third parties (such as ISP) to know the website you are browsing.