Back to Tuomas Aura's home page

Strategies against Replay Attacks

Tuomas Aura
Helsinki University of Technology, FIN-02015 HUT, Finland


The goal of this paper is to present a set of design principles for avoiding replay attacks in cryptographic protocols. The principles are easily applied to real protocols and they do not consume excessive computing power or communications bandwidth. In particular, we describe how to type-tag messages with unique cryptographic functions, how to inexpensively implement the full information principle with hashes, and how to produce unique session keys without assuming mutual trust between the principals. The techniques do not guarantee security of protocols, but they are concrete ways for improving the robustness of the protocol design with relatively low cost. }

Full paper in Postscript

  author = 	 {Tuomas Aura},
  title = 	 {Strategies against replay attacks},
  booktitle = 	 {Proc.\ 10th IEEE Computer Security Foundations Workshop},
  year =	 1997,
  address =      {Rockport, MA},
  pages =        "59--68",
  publisher =	 {IEEE Computer Society Press},
  month =	 jun