Replay Attack. To resist the replay attack, our protocol uses short-term keys. The lifetime of the short-term keys (kAi and kBi , i 1, 2, . . .) is only one session long, with a view to establishing n2 + 1 keys. For the next session, the two parties have to randomly choose new short-term keys again. When the intruder replays the previously intercepted mes- sage to Xxx for masquerading as Xxxxx, the request will be rejected because Xxx will discover the mes- sage has been used previously.
Replay Attack. The proposed scheme is secure against the replay attack due to the changeable session keys: SK = SKA = SKB = e(QA, QB )K(XA+XB)xAxBP. The session key derived from the hash value of the temporary identities and the public keys. The temporary identity GUTI is changeable according to the user’s loca- tion area, and hence when the attacker replays with the previous security parameters, then the request will be re- jected because the users UE’s will know that this request is invalid.
Replay Attack. Definition 4.6. A replay attack is a form of network attack in which a valid data trans- mission is maliciously or fraudulently repeated or delayed.
Replay Attack. An attacker sends a message that the server has already accepted, aiming to deceive the server and successfully pass the authentication process. In cross-domain authen- tication, the attacker might intercept a message sent by a device in domain A and forward the message to domain B to achieve successful authentication.
Replay Attack. The usage of random numbers and timestamps is common solution for preventing replay attack in the authentication process. The messages <XA, YA, PA>, <CTS >, <XB, YB, PB >, <CPA >contain freshly generated random numbers in the proposed protocol. Furthermore, these random numbers are also embedded in the protected messages XA = ê(RA, P), YA = ê(RA, F) ⨁XXX, CTS = EKB-TS(XXX||ZTS||T2|| IDB-T). Thus, each participant needs to check the freshness of the message to xxxx from the replay attack. Hence, the proposed protocol discards the possibility of replay attack.
Replay Attack. The random numbers xXX and gS prevent replay attacks. Suppose an adversary A cap- tures any or all of the aired messages such as QR, C0, and C1 and masquerades these messages either with a previous message or any arbitrary values, the enti- ties return a failure as the substituted message does not contain the correct response for a given challenge.
Replay Attack. During the communication between the B-GKAP entities, an attacker might sniff mes- sages in the network and re-transmit sniffed messages for malicious reasons such as Denial of Service (DoS) attacks. To protect against replay attacks, timestamp variable (T ) is added into the protocol messages. Hence, the receiver entity can check T value against replay attack attempts.
Replay Attack. In [12], Ȃ may initiate replay attack which may prevent user and ESP to authenticate the involved CSj. The attack may be initiated by taking the following steps:
Replay Attack. We assume that the intruder 𝒜, with the aim of intercepting communication between 𝒟ℛ𝒩𝑢 and 𝒟ℛ𝒩𝑣 , attempts to capture and then replay the message, 𝚿1: 𝚿1 = ( NON𝑒𝑢, Ω𝑢, 𝚲𝑢, 𝒷𝑢, 𝒳𝑢, 𝒞𝓇𝑢) To proceed ahead, 𝒜 will be required to compute the value of NON𝑒𝑢 = 𝛦 𝒷𝑣( N𝑢). However, to do so, the value 𝒶𝑣 needs to be extracted from the relation 𝒷𝑣 = 𝒶𝑣. 𝐷. The same process needs to be repeated in case replay is demanded for 𝛹2 and 𝛹3. Here, again, performing such computational effort is equivalent to solving the hyper elliptic curve discrete logarithm problem, which is far too complex to be resolved by the intruder 𝒜. Therefore, the proposed scheme guarantees protection from the Replay Attack.
Replay Attack. Our protocol uses timestamps t1 and t2 to defend against replay attacks. In addition, our protocol guarantees that the timestamp cannot be modified. For messages (SEi+1, Ci, t1i ), the adversary must obtain KTi+1 and Si before replacing a new valid timestamp t1′ i . For messages (Xi, Yi, Zi, t2i ), the adversary must obtain bi and Si before replacing a new valid timestamp t2′ i . However, the adversary cannot get KTi+1, bi or Si because they are never transmitted directly in the channel. In addition, due to the ECDL, it is difficult for the adversary to calculate these parameters.
