Providing Freshness

Freshness mechanisms are techniques that can be used to provide the assurance that a given message is ‘new’ in the sense that it is not a replay of a message sent at a previous time. The main threat such mechanisms are deployed against is the capture of a message by an adversary, who then later replays it at some valuable time. Freshness mechanisms are particularly important in providing time-relevant security services, of which one of the most important is entity authentication.

Note that entity authentication primarily requires a notion of liveness, which indicates that an entity is currently active. A freshness mechanism does not provide this by default since a message being ‘new’ does not imply that the sender is ‘alive.’ For example, an attacker could intercept a ‘fresh’ message and then delay relaying it to the intended receiver until some point in the future. When the receiver eventually receives the message, they may identify that it’s fresh (not a replay). However, they will not necessarily have any assurance that the sender is still ‘alive.’ Still, all freshness mechanisms can be used to provide liveness if they are managed appropriately, particularly by controlling the window of time within which a notion of ‘freshness’ is deemed acceptable.

There are three common types of freshness mechanisms, which we now review.