A replay attack, or replay attack, is one of the most common vulnerabilities that affect blockchains. These attacks are usually executed during the implementation of a hard fork, since it is at these times that the best conditions for their implementation are given.
Un Replay Attack, or Replay Attack, happens when a malicious actor intercepts and then repeats a valid data transmission that goes through a network. This is possible because the attacker has gained access to valid credentials for the network. Because of this, network security protocols treat the attack as if it were normal data transmission. In this way, the attacker can carry out his attack without major problems.
Replay Attacks especially affect blockchain technology, due to its operation as a distributed system. This is because precisely this operating structure facilitates this type of malicious actions. All you need is to have access to valid credentials and that the attack is carried out at the right time, with it enough to achieve success.
A closer explanation
To more easily illustrate this problem, we can consider the following example:
Juan has a number of cryptocurrencies on the Bitcoin Cash blockchain. However, the blockchain is about to undergo a hard fork that will split the blockchain into two parts, the legacy and the new blockchain. After the split, Juan owns the same amount of cryptocurrency on both blockchains. In this situation, Juan, who had received several important transactions from Cristina before the hard fork, decides to act maliciously together with her. To do this, they perform past operations (in the legacy blockchain) again, within the new blockchain. This "replay" of transactions is validated by the miners on the new blockchain. This action allows them to obtain new cryptocurrencies for the same value of past transactions. With this, Juan and Cristina have successfully carried out a replay attack.
In this way, attackers can unscrupulously seize new funds, revealing the terrible consequences that this type of attack can have on the entire network.
Scope and consequences of a replay attack
A replay attack can have, in the first instance, the following scope:
- It allows to supplant the identity of one more system users. At this point, an attacker can effectively steal network access credentials and impersonate a user's identity. By doing this, the attacker has access to all of the user's action history. This point is a sufficient and necessary condition to carry out a replay attack with disastrous consequences.
- It allows to create attacks of denial of services (DoS). An attacker can make the replay attack massive within the blockchain. This scenario is possible due to the loss of computing power of the legacy blockchain. As the mining power of the legacy blockchain falls, space is opened for a 51% attack. This enables the creation of new transactions that can go to the new blockchain and take it out of service if its power is exceeded. Another way to carry out this type of action is to take advantage of a weakness in the message protocol of the P2P network. By means of this vulnerability, you can not only make the replay attack, but also control the network so that it only listens to messages formatted in a specific way.
In both cases, there are limitations on the malicious actions that can be taken. But perhaps the most important is that the data that is sent cannot be changed without being rejected by the network. This limits the effectiveness of the attack to repeating past actions, unless it is accompanied by a 51% attack.
Importance and implications of replay attacks
These types of attacks are very important to consider in blockchain technology. Especially when the blockchain is going through a hard fork process. This is because hard fork open the possibility to more easily carry out this type of actions.
This is because at those times, there are two blockchains with identical information at the same time. This means that; one transaction processed before the hard fork will also be valid on the other. As a result, a person who received a certain amount of cryptocurrency from another person on the old blockchain, could switch to the other, replicate the transaction, and fraudulently transfer an identical number of units to their account a second time.
However, this situation is only possible for users who have taken part in the hard fork. In other words, new users who have created a purse after the hard fork they are not vulnerable nor can they carry out this type of attack.
But these types of attacks can be carried out in spaces beyond blockchain technology. For example, contactless payment systems or NFC they are also susceptible. To deal with them, they must have countermeasures that prevent a user from executing them and stealing funds in that way.
How much do you know, cryptonuta?
Does a replay attack mean that the attacker is in control of the entire network?FALSE!
A Replay Attack only leads to the attacker having the ability to impersonate identities within the network and perform actions already performed on it. At no time does the attacker have full control of the network or the ability to overwrite the entire blockchain.
Protective measures against this type of attack
All the measures effective Anti-blockchain replay attacks fall into two categories: strong repeat protection y opt-in repeat protection.
In strong repeat protection, a marker special to the new blockchain that emerges from the hard fork. This in order to guarantee that the transactions made will not be valid on the blockchain legacy, not the contrary. This is the type of protection that was implemented when Bitcoin Cash separated from Bitcoin. When implemented, protection runs automatically as soon as the hard fork occurs.
On the other hand, opt-in playback protection requires that users make changes manually in your transactions. This in order to guarantee that they cannot be susceptible to replay attacks. This protection can be useful in cases where the fork is intended as an update to the blockchain of a cryptocurrency, instead of a complete division of it.
In addition to these solutions, individual users can also take steps to protect themselves. One method of doing this is prevent coins from being transferred until a certain number of blocks in the new blockchain. This prevents the network from verifying any replay attacks involving those units of coins. However, this is one opción which No. is available in many purses or blockchains.