Signature Replay Vulnerability (SRV)
- SRV is a vulnerability where previously authenticated artifacts are reused due to lack of freshness, nonces, or adequate context binding.
- It manifests across domains such as IoT, smart contracts, voice interfaces, and OCSP, exposing critical flaws in authentication protocols.
- Mitigation strategies involve enforcing one-time use with nonces, timestamps, domain separation, and robust state tracking to ensure true validation.
Signature Replay Vulnerability (SRV) denotes a class of failures in which an artifact that was previously valid under an authentication or verification procedure remains reusable outside its intended scope. Across the literature, that artifact may be a digitally signed message, an HMAC-tagged packet, a local IoT command carrying a valid sign field or token, an OCSP response, an off-chain authorization for a smart contract, a recorded wake-word or command accepted by a voice interface, a copied return-address/MAC pair in backward-edge control-flow protection, or a replayed synthetic utterance whose physical re-recording masks the spoofing cues learned by an audio detector (Lazzaro et al., 2024, Wang et al., 12 Nov 2025, Ivanov, 2016, Malik et al., 2019, Li et al., 2019, Müller et al., 20 May 2025). The unifying condition is not mere duplication of traffic, but acceptance of stale or transplanted authenticated material because freshness, one-time-use semantics, or context binding is absent, weak, or misapplied.
1. Conceptual definition and distinguishing features
In its narrow cryptographic sense, SRV arises when a verifier accepts a previously authenticated or signed input more than once because the authenticated material is not bound to a nonce, timestamp, sequence counter, session, device identity, chain, contract, or other execution context. Consumer IoT makes this distinction explicit: naïve replay resends cleartext or encoded commands that were never authenticated, whereas SRV reissues an already authenticated or signed local command because the signature or token remains valid beyond its first use (Lazzaro et al., 2024). Smart-contract work formalizes the same problem at the application layer: a contract may verify an ECDSA signature correctly, yet still be vulnerable if it does not enforce one-time-use or proper domain binding, producing the archetype of “one signature, multiple payments” (Wang et al., 12 Nov 2025).
The OCSP literature extends SRV from simple reuse to signature repurposing. There, the responder signs for a predictable tbsResponseData structure. If is predictable, insufficiently unique, or collides with another message such that , then the same signature verifies for both and (Ivanov, 2016). In this setting, replay and collision-assisted misuse are both failures of context binding.
Other domains use the term more broadly but preserve the same logical core. In voice-driven systems, replayed audio is accepted as genuine because the interface does not distinguish a prior legitimate utterance from a live one (Malik et al., 2019). In audio deepfake detection, SRV denotes the phenomenon whereby replaying and re-recording a synthetic utterance through a loudspeaker–room–microphone path alters the acoustic signature that the detector has learned to treat as spoofing, so the deepfake appears bona fide (Müller et al., 20 May 2025). These usages move from cryptographic signatures to physical or learned signatures, but still center on reusability of previously valid evidence outside its intended verification context.
2. Principal manifestations across technical domains
The literature documents SRV in protocol security, consumer IoT, smart-contract authorization, control-flow integrity, message authentication, and audio systems.
| Domain | Replayed artifact | Immediate failure mode |
|---|---|---|
| Consumer IoT | Local command, token, ciphertext, or sign field |
No freshness binding; static tokens; stateless command processing |
| Voice-driven interfaces | Recorded wake-word or command audio | Replay accepted as genuine speech |
| OCSP | Signed tbsResponseData or stale signed status |
Weak context binding; predictability; collision/replay of valid responses |
| Smart contracts | Off-chain ECDSA signature | No nonce, no usedSig, no deadline, or weak EIP-712 binding |
| Backward-edge CFI | Valid pair | Independent per-return authentication permits reuse |
| Message authentication | pair | Integrity without freshness |
| Audio deepfake detection | Re-recorded synthetic utterance | Replay channel masks spoof signatures learned by detector |
These manifestations are structurally related but operationally distinct (Lazzaro et al., 2024, Malik et al., 2019, Ivanov, 2016, Wang et al., 12 Nov 2025, Li et al., 2019, Gupta, 2016, Müller et al., 20 May 2025).
Representative cases are concrete. In consumer IoT, Meross smartplug and Meross Garage Opener carried a sign field that remained valid on reissue; Nanoleaf’s companion app used secure HTTP locally but its local API exposed a fixed token; Tapo smartplug replay worked until reboot because a new key was negotiated only on restart (Lazzaro et al., 2024). In voice-driven interfaces, Amazon Echo executed replayed orders and IoT control, while Google Home verified only the wake-word and then accepted subsequent commands in another person’s voice (Malik et al., 2019). In smart contracts, the literature distinguishes Cross-chain Replay Attack, Cross-project Replay Attack, Contract Account Signature Replay, Signature State Management Issue, and Signature Malleability Attack as five SRV families (Wang et al., 12 Nov 2025). In backward-edge CFI, the vulnerability appears when returns are protected by storing or similarly weak context, allowing a previously observed valid pair to be copied back onto the stack before a return (Li et al., 2019).
3. Failure mechanisms and threat models
The most common mechanism is absence of freshness. IoT studies attribute successful replay to missing nonces, timestamps, or sequence counters in authenticated fields; static API tokens or session identifiers that do not expire or rotate; and devices that do not track used freshness values (Lazzaro et al., 2024). The smart-contract literature describes the same pattern as omission of nonce consumption, per-signature usage tracking, or deadline checks (Wang et al., 12 Nov 2025). The HMAC literature states the principle directly: HMAC provides integrity and origin authentication, not freshness, so the exact same pair 0 is accepted again if resent later (Gupta, 2016).
A second mechanism is insufficient context binding. Smart contracts require domain separation through chainId, verifyingContract, and a function-specific TYPEHASH; omitting these enables reuse across chains, contracts, identities, or functions (Wang et al., 12 Nov 2025). OCSP signatures cover tbsResponseData, but the response is not bound to the requester, the Nonce is optional and may be mirrored from the requester, and certificate identification is based on serialNumber; predictable timestamps and attacker-controlled variability create conditions in which a responder behaves as a signing oracle (Ivanov, 2016). Consumer IoT studies describe analogous weaknesses as poor session binding, missing transport security, or message authentication computed over message content alone rather than over freshness materials or device/session identifiers (Lazzaro et al., 2024).
A third mechanism is stateless verification. Stateless command processors accept a command based solely on syntactic correctness and a valid sign field, without validating state transitions or prior receipt (Lazzaro et al., 2024). In control-flow integrity, naïve MAC-based schemes authenticate each return address independently; a copied pair remains valid wherever the same input is rechecked. Zipper Stack counters this by chaining return addresses through a protected register, with
1
so every valid return is bound to the exact prior chain state rather than to the return address alone (Li et al., 2019).
Threat models vary by domain but share a common posture: the adversary can capture valid artifacts and later reinject them. In IoT, the attacker is on the same LAN, can sniff traffic promiscuously, and can inject packets (Lazzaro et al., 2024). In voice systems, proximity may be physical or achieved acoustically through another IoT device, and Amazon Alexa “Drop-In” was used to relay recordings into Google Home (Malik et al., 2019). In smart contracts, the adversary can observe signatures on-chain and replay them where consumption semantics are absent (Wang et al., 12 Nov 2025). In backward-edge CFI, the attacker can read and write process memory and even know the MAC key, but cannot modify a small set of privileged CPU registers (Li et al., 2019).
4. Detection methodologies and empirical evidence
The most extensive empirical study in consumer IoT is REPLIOT, a device-agnostic methodology that runs on the access point and automates a Training Module, Attack Module, and Detection Module (Lazzaro et al., 2024). Traffic is captured with tcpdump, pre-processed with Pyshark, and novelty detection is trained over transport-layer payloads using Local Outlier Factor, Isolation Forest, and Elliptic Envelope. During replay, flows are replayed in reverse order, and the detector examines only the first 2 responses in the queue, empirically 3. On 41 consumer devices, 21 of 41 devices (51%) did not support local app↔device communication, and of the 20 devices with local connectivity, 15 (75%) were vulnerable to replay. All 15 were exploitable in the Non-Restart scenario, and 14 remained exploitable after restart. With Local Outlier Factor, detection accuracy ranged from 0.98 to 1 across devices and both scenarios (Lazzaro et al., 2024).
Voice-driven interface work uses higher-order spectral analysis (HOSA) rather than supervised learning (Malik et al., 2019). Replay is modeled as
4
or, in discrete Hammerstein form,
5
The detector uses 1024-sample frames, 50% overlap, 1024-point FFTs, Rao–Gabr optimal window smoothing, and Hinich Gaussianity and linearity tests. Replay recordings exhibited significant intermodulation distortion spread in magnitude and phase spectra, every non-silence frame of the replay recordings failed Gaussianity and linearity tests, and less than 35% of non-silence frames failed these tests for direct speech (Malik et al., 2019). The same study demonstrated cross-device replay from Alexa “Drop-In” into Google Home.
Audio deepfake detection shows a related but distinct form of SRV. ReplayDF contains 52,320 re-recordings derived from M-AILABS and MLAAD, spanning 109 loudspeaker–microphone combinations, six languages, and four TTS models (Müller et al., 20 May 2025). Across six open-source detectors, replay consistently degraded performance. For public checkpoints, W2V2-AASIST moved from EER 10.6% to 24.8%; for the retrained ODSS version, EER rose from 4.7% to 18.2%, and adaptive RIR retraining reduced ReplayDF EER only to 11.09% (Müller et al., 20 May 2025). The mechanistic finding is important: additive Gaussian/white/pink noise at 15–40 dB SNR barely affected accuracy, whereas real replay convolution caused 28–43 percentage-point drops for spoof, indicating that the dominant factor is the physical channel rather than additive noise (Müller et al., 20 May 2025).
In smart contracts, LASiR combines LLM-assisted static taint analysis with symbolic execution (Wang et al., 12 Nov 2025). From 1,419 audit reports across 37 blockchain security companies, the study identified 108 with detailed SRV descriptions and classified five types of SRVs. Large-scale experiments covered 15,383 contracts involving signature verification, selected from 918,964 contracts across Ethereum, Binance Smart Chain, Polygon, and Arbitrum. The results reported that 19.63% of contracts that use signatures on Ethereum contain SRVs, and affected contracts held $4.76 million in active assets. Manual verification showed an F1-score of 87.90% for detection; on a labeled subset, Precision was 82.14%, Recall 95.83%, and F1 88.46%, with average detection time around 40 seconds per contract (Wang et al., 12 Nov 2025).
Protocol-level measurements in OCSP reveal broad structural exposure. The survey reported that 57.1% of assessed responders still used SHA-1, 41.4% used SHA-1 and supported scaling by Nonce or non-existent serial numbers, 74.3% supported either Nonce mirroring or unknown responses for non-existent serials, and all used one-second granularity for times (Ivanov, 2016). These measurements do not themselves prove exploitation, but they define the predictable, attacker-scalable message space on which the autonomous collision attack relies.
5. Defensive constructions and mitigation strategies
The dominant mitigation pattern is to make authenticated messages fresh, unique, and context-bound. In consumer IoT, the recommended layers are per-message nonces $m$6, timestamps $m$7, monotonic counters $m$8, anti-replay windows, challenge–response, transport security with mutual authentication, session binding to device identity, rate limiting, and secure defaults on local APIs (Lazzaro et al., 2024). The message-level prescriptions are explicit:
$m$9
or
$m'$0
with the device tracking used $m'$1 values and accepting only counters within a configured anti-replay window (Lazzaro et al., 2024). The same study warns not to rely on AP firewalls for local security and cites ENISA GP‑TM‑43 in support of device/software-resident defenses (Lazzaro et al., 2024).
Smart contracts instantiate the same design principles through EIP-712 and EIP-2612-style patterns (Wang et al., 12 Nov 2025). The mitigation set is: domain separation with chainId and verifyingContract, a function-specific TYPEHASH, per-owner nonces that are read and incremented atomically, optional usedSig mappings for defense in depth, deadline checks, signer-identity binding in EIP-1271 flows, and low-$m'$2/valid-$m'$3 enforcement through OpenZeppelin’s ECDSA.recover (Wang et al., 12 Nov 2025). These measures are not interchangeable. chainId prevents Cross-chain Replay Attack, verifyingContract prevents Cross-project Replay Attack, identity binding prevents Contract Account Signature Replay, and nonce or usedSig state prevents Signature State Management Issue (Wang et al., 12 Nov 2025).
Protocol-oriented defenses against OCSP SRV focus on reducing predictability and removing catastrophic key reuse (Ivanov, 2016). The proposed measures are to use dedicated OCSP responder certificates with id-kp-OCSPSigning and CA=false, increase time granularity or randomize producedAt, thisUpdate, and nextUpdate, disable mirrored Nonce and refuse to sign for non-existent serial numbers, impose client-side limits on acceptable nextUpdate, prefer stronger hashes than SHA-1, and, at the standards level, add responder-generated nonces and more specific certificate identifiers (Ivanov, 2016). In this literature, disabling Nonce mirroring reduces attacker-controlled variability for collision search, but it also creates a tradeoff with anti-replay guidance; the tension is explicit rather than incidental (Ivanov, 2016).
The HMAC literature offers a clean replay-resistant construction based on time-scoped keys and unique message identifiers (Gupta, 2016). The time counter is
4
with
5
and final authentication factors
6
where 7 is a unique message identifier recorded in a per-bucket replay cache only after successful verification (Gupta, 2016). Under the paper’s stated assumptions—secure HMAC, bounded clock skew, unique identifiers within the acceptance window, and correct state handling—this construction is claimed to provide “perfect resistance” to replay attacks (Gupta, 2016).
Backward-edge CFI provides a structural answer to replayable authentication. Zipper Stack avoids per-pointer independence by authenticating the entire active call path as a MAC chain, protecting only the current chain anchor in a privileged register (Li et al., 2019). On FPGA, the hardware implementation reported average slowdown of 2.69% without cache and 1.86% with a MAC-result cache, with Shadow Stack at 2.36% (Li et al., 2019). In audio systems, defenses are correspondingly physical or signal-driven: HOSA-based replay detection can be inserted at wake-word and early-command stages, and the literature recommends complementing it with challenge–response, liveness checks, proximity or direction-of-arrival checks, and, for high-risk actions, second factors (Malik et al., 2019). ReplayDF further indicates that channel-invariant training and real or high-fidelity simulated room/device responses are necessary, though not sufficient, for robust audio deepfake detection (Müller et al., 20 May 2025).
6. Conceptual boundaries, limitations, and open issues
SRV should not be conflated with adjacent phenomena. In consumer IoT, authenticated replay and naïve replay are analytically distinct: the latter succeeds because the device accepts unauthenticated LAN inputs, while the former succeeds because already authenticated material remains valid on reissue (Lazzaro et al., 2024). In smart contracts, transaction replay is a transaction-layer problem, whereas SRV is an application-layer problem in which a contract function accepts the same off-chain signature multiple times or across contexts (Wang et al., 12 Nov 2025). Signature malleability is also not identical to SRV, although it can create replay-like effects by transforming one valid ECDSA signature into another valid signature for the same digest when 8 and 9 are not constrained (Wang et al., 12 Nov 2025). In audio deepfake detection, replay vulnerability is not reducible to simple additive noise; the paper attributes the degradation primarily to convolutional and device effects (Müller et al., 20 May 2025).
Current detectors and defenses have domain-specific blind spots. REPLIOT marks TLS/QUIC and strong proprietary encrypted protocols as FAILED without deeper decryption; some functions are not externally observable; script creation remains manual; and failure to exploit a device is explicitly only a lower bound on vulnerability (Lazzaro et al., 2024). HOSA depends on device-specific calibration and is sensitive to ambient noise, reverberation, high-linearity playback chains, and very short utterances (Malik et al., 2019). LASiR can produce false positives when unrelated state restrictions later block asset movement, and false negatives on inline assembly or non-standard crypto flows (Wang et al., 12 Nov 2025). ReplayDF spans 109 setups, but real rooms, devices, distances, sound pressure levels, and placements remain unbounded; adaptive RIR augmentation improves EER but does not restore baseline performance (Müller et al., 20 May 2025).
Taken together, these studies characterize SRV as a recurring failure of freshness, uniqueness, and binding across multiple layers of computing systems. Whether the replayed artifact is a LAN command, an OCSP response, an ECDSA authorization, a copied return-address/MAC pair, or a re-recorded acoustic signal, the decisive question is the same: does verification attest only that the artifact was once valid, or does it attest that it is valid exactly here, exactly now, and exactly once (Lazzaro et al., 2024, Ivanov, 2016, Wang et al., 12 Nov 2025, Li et al., 2019)?