Relay attack

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A Relay attack in computer security is a type of hacking technique related to man-in-the-middle and replay attacks. In a classic man-in-the-middle attack, an attacker intercepts and manipulates communications between two parties initiated by one of the parties. In a classic relay attack, communication with both parties is initiated by the attacker who then merely relays messages between the two parties without manipulating them or even necessarily reading them.

Example attack[edit]

Peggy works in a high security building that she accesses using a smart card in her purse. When she approaches the door of the building, the building detects the presence of a smart card and initiates an exchange of messages that constitute a zero-knowledge password proof that the card is Peggy's. The building then allows Peggy to enter. Mallory wants to break into the building. Mallory approaches the building with a device that simulates a smart card, and he building responds by initiating the exchange of messages. Mallory forwards the message to her accomplice Evelyn who is tailing Peggy as she runs errands in another part of town. Evelyn relays the message to Peggy's smart card, listens for the answer, and forwards the answer to Mallory, who relays it to the building. Continuing in this way, Mallory and Evelyn relay messages between the building and Peggy's smart card until the building is satisfied that it is communicating with Peggy's smart card. The building opens and Mallory enters.

External links[edit]