Anecdotal accounts suggest payment associations are moving to improve the on-chip cryptographic features of these cards, including challenge-response protocols, to further frustrate
replay attacks.
The former needs a continuous connection from the client-side to the server-side, and the
replay attack can be prevented by means of continuous server-side verification.
8 shows the effect of
replay attack on network energy when five attackers replay the packets at the rate of 10 to 50 copies per second.
Message 9: RSU sends RR for CA, containing Serial Number and Time to avoid
replay attack and Signature to avoid fabrication, Revocation Reason to state what is the reason for revocation, and sen id to know which vehicle is the problematic one and message code to know what is the message category; the message is encrypted with PK of CA.
Based on symmetric key cryptography and one way hash function, Song [9] suggested an efficient smart card authentication scheme and claimed that the scheme is secure against impersonation attack, parallel session attack,
replay attack and modification attack.
s Lee-Chiu Hwang-Li \ scheme [12] scheme [4] scheme [1] Without X O O verification table Choose O O X password at will Change O O X password at will Resist DoS X O O attack (Denial of Service) Resist X O O
replay attack Resist O O O guessing attack Resist X O O man-in-the- middle attack Lu-Cao Proposed \ scheme [6] scheme Without O O verification table Choose X O password at will Change X O password at will Resist DoS O O attack (Denial of Service) Resist O O
replay attack Resist O O guessing attack Resist O O man-in-the- middle attack Table 2.
To prevent
replay attacks, we add a timestamp to the request to set a time limitation.
This verification process prevents the
replay attacks.
11] have proposed a secure authentication scheme to enable the session initiation protocol to withstand server spoofing, off-line password guessing attacks and
replay attacks, but their scheme still keeps the password table, leaving room for security problems arising from it [9].
s protocol would suffer from the
replay attack in the initial phase.
They claimed that their scheme is secure against ID theft,
replay attack, forgery attack, guessing attack, insider attack and stolen verifier attack.
Compared with other data aggregation schemes, the proposed scheme has two contributions: 1) The proposed scheme not only resists many well know attacks, such as external attack, internal attack,
replay attack, impersonation attack and modification attack, but also it is robust against the new HDA attack.
