Initialization vector attacks on the IPsec protocol suite

McCubbin, Christopher; Selçuk, Ali Aydın; Sidhu, Deepinder P.

doi:10.1109/enabl.2000.883723

Cited by 7 publications

(9 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…McCubbin [2] analysed several IV attacks which are based on modifying the unauthenticated initialization vector (IV) of a CBC-encrypted packet during transmission. The attacker can change the first block of the decrypted plaintext by modifying the IV then use it to spoof the packet receiver.…”

Section: Introductionmentioning

confidence: 99%

Attacking the IPsec standards when applied to IPv6 in confidentiality-only ESP tunnel mode

Fang

Zeng

Yang

2014

16th International Conference on Advanced Communication Technology

View full text Add to dashboard Cite

Abstract-Attacks which can break RFC-compliant IPsec implementation built on IPv6 in confidentiality-only ESP tunnel mode are proposed. The attacks combine the thought of IV attack, oracle attack and spoof attack to decrypt a encrypted IPv6 datagram. The attacks here are more efficient than the attacks presented by Paterson and Degabriele because no checksum issue has to be handled. The paper shows that using IPsec with confidentiality-only ESP configuration is insecure to convince users to select it carefully.

show abstract

Section: Introductionmentioning

confidence: 99%

Attacking the IPsec standards when applied to IPv6 in confidentiality-only ESP tunnel mode

Fang

Zeng

Yang

2014

16th International Conference on Advanced Communication Technology

View full text Add to dashboard Cite

show abstract

“…As illustrated in [3,4,6,7,15,28], it is, today, common knowledge in the cryptographic community that encryption without authenticated integrity opens the door to various attacks. More recently, the authors of [22] illustrate this argument on the encryption-only configuration allowed by IPSec for the secure payload encapsulation (ESP) [11].…”

Section: Introductionmentioning

confidence: 99%

“…IPSec encryption-only configuration was shown to be exposed to variety of "initialization vector attacks" [15]. The authors of [15] analyze the security risks posed on encryption-only IPSec when it is used as intermediate layer of the protocol stack.…”

Section: Introductionmentioning

confidence: 99%

“…The authors of [15] analyze the security risks posed on encryption-only IPSec when it is used as intermediate layer of the protocol stack. But their analysis has a limited scope -just the implication on the next (possible) upper-layer protocol (e.g.…”

Section: Introductionmentioning

confidence: 99%

“…We stress that our attack is not just a reply attack since the attacker can deviate/multiply the flow to different targets. We also assume, as in [15,22], that the datagrams are not checked after IPSec processing to see if the correct IPSec policies were applied; this is the case in the Linux kernel implementation (as pointed out in [22]). …”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Dos Attack Against the Integrity-Less Esp (Ipsec)

2006

Proceedings of the International Conference on Security and Cryptography

View full text Add to dashboard Cite

show abstract

Cryptography in Theory and Practice: The Case of Encryption in IPsec

Paterson

Yau

2006

Advances in Cryptology - EUROCRYPT 2006

View full text Add to dashboard Cite

Abstract. Despite well-known results in theoretical cryptography highlighting the vulnerabilities of unauthenticated encryption, the IPsec standards mandate its support. We present evidence that such "encryption-only" configurations are in fact still often selected by users of IPsec in practice, even with strong warnings advising against this in the IPsec standards. We then describe a variety of attacks against such configurations and report on their successful implementation in the case of the Linux kernel implementation of IPsec. Our attacks are realistic in their requirements, highly efficient, and recover the complete contents of IPsec-protected datagrams. Our attacks still apply when integrity protection is provided by a higher layer protocol, and in some cases even when it is supplied by IPsec itself.

show abstract

Initialization vector attacks on the IPsec protocol suite

Cited by 7 publications

References 9 publications

Attacking the IPsec standards when applied to IPv6 in confidentiality-only ESP tunnel mode

Attacking the IPsec standards when applied to IPv6 in confidentiality-only ESP tunnel mode

A Dos Attack Against the Integrity-Less Esp (Ipsec)

Cryptography in Theory and Practice: The Case of Encryption in IPsec

Contact Info

Product

Resources

About