Which two countermeasures help reduce the risk of playback attacks? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.BE.
Playback attacks occur when an attacker intercepts and records a legitimate message sent between two parties and replays it later to obtain unauthorized access to a system or sensitive data. To reduce the risk of playback attacks, the following countermeasures can be implemented:
Implement Message Authentication (HMAC): This is a technique used to verify the integrity and authenticity of a message. HMAC uses a secret key to generate a hash of the message, which is sent along with the message. The recipient then uses the same key to regenerate the hash and compare it with the received hash. If the two hashes match, the message is considered valid. By using HMAC, attackers cannot modify the message without changing the hash, which will be detected by the recipient.
Enable End-to-End Encryption: End-to-end encryption (E2EE) ensures that data is protected throughout the communication channel. With E2EE, the message is encrypted at the sender's end and can only be decrypted by the intended recipient. By encrypting the message, attackers cannot intercept and replay the message later since they will not be able to read the message.
Other options listed in the question are:
A. Store data in a NoSQL database: This countermeasure is not related to reducing the risk of playback attacks. NoSQL databases are used for storing and retrieving data that does not follow a fixed schema, unlike traditional relational databases.
D. Remove stack traces from errors: This countermeasure is also not related to reducing the risk of playback attacks. Stack traces are used for debugging purposes to identify where an error occurred in the code.
E. Use short-lived access tokens: This countermeasure helps reduce the risk of token theft or misuse, but it is not directly related to reducing the risk of playback attacks. Short-lived access tokens have a limited lifespan, so they become invalid after a certain time, making them less useful for attackers.
In summary, the two countermeasures that help reduce the risk of playback attacks are implementing message authentication (HMAC) and enabling end-to-end encryption.