Proceedings of the 17th ACM Conference on Computer and Communications Security 2010
DOI: 10.1145/1866307.1866363
|View full text |Cite
|
Sign up to set email alerts
|

On the (in)security of IPsec in MAC-then-encrypt configurations

Abstract: IPsec allows a huge amount of flexibility in the ways in which its component cryptographic mechanisms can be combined to build a secure communications service. This may be good for supporting different security requirements but is potentially bad for security. We demonstrate the reality of this by describing efficient, plaintext-recovering attacks against all configurations of IPsec in which integrity protection is applied prior to encryption -so-called MAC-then-encrypt configurations. We report on the impleme… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
27
0

Year Published

2013
2013
2023
2023

Publication Types

Select...
7
1

Relationship

1
7

Authors

Journals

citations
Cited by 40 publications
(27 citation statements)
references
References 19 publications
0
27
0
Order By: Relevance
“…For example, attacks on TLS in [10,2,3] and IPsec in [12] exploit weaknesses in specific MtE constructions, while attacks against deployed EtM constructions seem rarer.…”
Section: The Security Of Encode-then-encrypt-then-macmentioning
confidence: 99%
See 1 more Smart Citation
“…For example, attacks on TLS in [10,2,3] and IPsec in [12] exploit weaknesses in specific MtE constructions, while attacks against deployed EtM constructions seem rarer.…”
Section: The Security Of Encode-then-encrypt-then-macmentioning
confidence: 99%
“…Other examples in the asymmetric setting were subsequently discovered [15,20] and called reaction attacks. Vaudenay then showed that similar issues can arise in the symmetric setting [26], and his ideas were extended to produce significant attacks against (among others) SSL/TLS [10,22], IPsec [11,12], ASP.NET [13], XML encryption [18] and DTLS [2]. Analysis of error messages in the symmetric setting was also crucial to the success of attacks against the SSH Binary Packet Protocol [1].…”
Section: Introductionmentioning
confidence: 99%
“…During the 10-15 years since the protocols of Section 2 largely took their present form, a large number number of security proofs, counter-proofs and attacks have been presented, starting with [38][39][40] and [23,[41][42][43][44] representing some of the more recent work.…”
Section: Rethinking Privacy and Authenticationmentioning
confidence: 99%
“…Although significant efforts have been devoted to analyzing the security implications of different generic compositions (see, e.g., [11,12,22,27,49,52]), little effort has been devoted to the study of the performance implications of different generic compositions [7]. Of particular interest to this work is the performance aspect of generic compositions when the encryption algorithm is blockcipher based and the MAC algorithm is universal hash-function family based.…”
Section: Introductionmentioning
confidence: 99%