From the course: Threat Modeling: Tampering in Depth
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Replay and reflection
From the course: Threat Modeling: Tampering in Depth
Replay and reflection
- [Instructor] I can also tamper with the data flow by replaying messages. And holy cow. They're signed, so they must be authentic. Do you think that's enough? I'll send a lot of signed messages to your bank, saying please pay Adam $1,000. Thank you. That's why checks have sequence numbers on them. And that's a good lesson for you in replay attacks. When they're tampering with the channel, but not the message. I can also reflect messages. That is, send them back to their sender. If your code simply checks for a signature like this, then that code will accept messages signed by you. And once again, I laugh all the way to the bank. Or, maybe the courthouse. Don't try this with checks or any system with checks and balances. I can cause collisions by sending a bunch of fake messages. If the sequence numbers get updated at the wrong place in the code, then the receiver may be confused about which sequence numbers might…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.