Paper 2007/125
Attacking the IPsec Standards in Encryption-only Configurations
Jean Paul Degabriele and Kenneth G. Paterson
Abstract
At Eurocrypt 2006, Paterson and Yau demonstrated how flaws in the Linux implementation of IPsec could be exploited to break encryption-only configurations of ESP, the IPsec encryption protocol. Their work highlighted the dangers of not using authenticated encryption in fielded systems, but did not constitute an attack on the actual IPsec standards themselves; in fact, the attacks of Paterson and Yau should be prevented by any standards-compliant IPsec implementation. In contrast, this paper describes new attacks which break any RFC-compliant implementation of IPsec making use of encryption-only ESP. The new attacks are both efficient and realistic: they are ciphertext-only and need only the capability to eavesdrop on ESP-encrypted traffic and to inject traffic into the network. The paper also reports our experiences in applying the attacks to a variety of implementations of IPsec, and reflects on what these experiences tell us about how security standards should be written so as to simplify the task of software developers.
Note: Minor update to Section 9.2.
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Published elsewhere. Full version of a paper to appear at the 2007 IEEE Symposium on Security and Privacy
- Keywords
- IPsecintegrityencryptionESPstandard.
- Contact author(s)
- kenny paterson @ rhul ac uk
- History
- 2007-08-09: revised
- 2007-04-03: received
- See all versions
- Short URL
- https://ia.cr/2007/125
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2007/125,
author = {Jean Paul Degabriele and Kenneth G. Paterson},
title = {Attacking the IPsec Standards in Encryption-only Configurations},
howpublished = {Cryptology ePrint Archive, Paper 2007/125},
year = {2007},
note = {\url{https://eprint.iacr.org/2007/125}},
url = {https://eprint.iacr.org/2007/125}
}
