This page describes how the RadioLink protocol prevents replay attacks.

Design Overview

RadioLink uses a combination of an epoch value and a monotonic counter to ensure that previously transmitted frames cannot be accepted again by a receiver.

The system follows an epoch‑per‑boot model.

TX node behavior:

A new epoch is generated on boot
The epoch is persisted once to FRAM
A counter increases for every transmitted frame

RX node behavior:

Tracks the last seen counter for each node
Rejects frames with stale counter values

Replay Protection Flow

Security Properties

The replay protection mechanism provides:

monotonic frame ordering
detection of stale frames
minimal persistent storage writes

Because the epoch is written only once per boot, FRAM wear is minimized while still providing replay protection across power cycles.

Relationship to RX Pipeline

Replay freshness is enforced during the RX processing pipeline by the stage:

radioLinkRxReplayIsFresh()

This stage verifies that the received counter is newer than the last accepted value for the sending node.