I'm interested in avoiding replay attacks on a protocol that uses UDP. Assume a secret key is shared. As far as I can tell, it is *fundamental* that you use either sequence numbers for a series of packets, or perform a challenge-response handshake for each packet. (The latter is essentially a "sequence" of length 1 re-established for each packet) Both methods require the maintenance of some state, essentially creating a "session", although that state is just the active sequence number (and a window given UDPs un-ordering), not a whole moby IPSEC security association. Yes, I'm aware that if you use UDP you end up reinventing TCP... My question is, are there less well known methods, or is this statefulness fundamentally *imposed* by replay attack resistance, by virtue of what it means to "re-play"? (Which is my suspicion)