[deleted]

A repudiation attack is any attack that makes one of the endpoints wrongly assume that a message has been tampered with and therefore refuse it.

Most common example is token exchange. Every time Bob and Alice send a message to each other they send a token, proving that it was really them who sent the message. A repudiation attack would be to tamper with the token.

Let’s start with the simplest attack, and work up to the more complex.

Alice owns a bank. Bob somehow gains access ( dumpster diving for passwords on paper, or threatening Alice employee, etc ). Bob then can steal information, This is known as an ACCESS ATTACK. The downside ( from Bob’s point of view ) is that Bob has information, but he has to engage in some second activity to monetize it.

Suppose Bob wants to do a bit more, particularly if he wants to damage Alice’s bank. He goes to his stockbroker, buys puts ( contracts that guarantee the sale of a stock at a certain price ) then changes Alices web page. Bob has graduated from reading data to writing data. This is known as a MODIFICATION ATTACK.

When the world reads that Alice’s web page that now openly supports Stormfront, her stock tanks, and Bob buys the stock at a low price, invokes the contract with his broker, and sells at a high price. This is riskier than a simple access attack because there are now clear traces showing how Bob profited. There is also the downside that Alice will be very aware that she has been attacked, and this will lead her to harden her defenses, and to call the cops.

So Bob may add a new wrinkle. He not only modifies information in Alice’s database, but he then defrauds Alice directly, using her corrupted data against her. **It is this direct, post-modification contact that make Bob’s actions a REPUDIATION ATTACK**.

Bob, in preparation for the attack, took out a loan with Alice’s bank. When he does his modification attack, he changes Alice’s records to show that he paid off the loan. When Alice’s bank requests the regular monthly payment from Bob, Bob calls up Alice’s customer service, and informs them that they made a mistake. They check their records, and decide that the loan is indeed paid off.

So Bob walks away with free money. The upside of the repudiation attack is that if Bob has done it skillfully, Alice may never know. Bob may be able to do it multiple times.

The downside – from Bob’s point of view – of a repudiation attack is that he has to give up some contact information to Alice. If Alice’s security people are on their toes, they might be able to trap Bob.

Suppose that Charlie, Alice’s data security officer, is indeed on his toes. Prior to Bob’s attack, Charlie wrote a maintenance program that runs in the background, checking all alleged payments. Any time a payment is recorded as having been made, Charlie’s program attempts to match the payment with ACH records from whichever bank was the other party in the transfer.

Any time that the maintenance program detects a problem, it sends a text message to Charlie. When Bob commits his modification attack, Charlie knows about it within minutes.

Charlie contacts Dave, the agent who works in the financial crimes division of the local FBI office. Charlie has Bob’s telephone number from the call to customer service, and Bob’s social security number and home address from the loan application. Dave then gets a warrant to search Bob’s premises.

Dave then goes…well, we are getting a bit off topic now. We will leave Dave and Bob to their cat and mouse games. The important point here is that a repudiation attack involves post-attack involvement with the victim, and therefore can be very risky.