The ESP CBC-Mode Cipher Algorithms

Pereira, Rafael Mendes; Adams, Robert F.

doi:10.17487/rfc2451

Cited by 25 publications

(12 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In tunnel mode, the entire inner IP datagram is encrypted and forms part of the payload of the outer IP datagram. The use in ESP of a variety of block ciphers has been specified, including DES [21], triple-DES [26] and AES [11]. ESP in tunnel mode inserts security information in the form of a header between the outer IP header and the encrypted version of the inner datagram.…”

Section: Ipsecmentioning

confidence: 99%

See 1 more Smart Citation

Cryptography in Theory and Practice: The Case of Encryption in IPsec

Paterson

Yau

2006

Advances in Cryptology - EUROCRYPT 2006

View full text Add to dashboard Cite

Abstract. Despite well-known results in theoretical cryptography highlighting the vulnerabilities of unauthenticated encryption, the IPsec standards mandate its support. We present evidence that such "encryption-only" configurations are in fact still often selected by users of IPsec in practice, even with strong warnings advising against this in the IPsec standards. We then describe a variety of attacks against such configurations and report on their successful implementation in the case of the Linux kernel implementation of IPsec. Our attacks are realistic in their requirements, highly efficient, and recover the complete contents of IPsec-protected datagrams. Our attacks still apply when integrity protection is provided by a higher layer protocol, and in some cases even when it is supplied by IPsec itself.

show abstract

Section: Ipsecmentioning

confidence: 99%

“…For more details, see [16,21,11,26]. First of all, the original (inner) datagram that is to be protected is treated as a sequence of bytes.…”

Section: Cbc Mode Encryption In Espmentioning

confidence: 99%

Cryptography in Theory and Practice: The Case of Encryption in IPsec

Paterson

Yau

2006

Advances in Cryptology - EUROCRYPT 2006

View full text Add to dashboard Cite

show abstract

“…IPSec supports different encryption algorithms: AES [8,19] is the most commonly used but other block ciphers as DES [16], 3DES [17], CAST128 [1,2], RC5 [24], IDEA [12], and Blowfish [26] are also allowed. All block ciphers are used in CBC mode [23,9]. Additionally, AES in CTR mode is a valid alternative [10] but in this case the standard states that "AES-CTR implementations MUST employ a non-NULL ESP authentication method, since it is trivial to forge an AES-CTR ciphertext".…”

Section: Esp In Tunnel Modementioning

confidence: 99%

A Dos Attack Against the Integrity-Less Esp (Ipsec)

2006

Proceedings of the International Conference on Security and Cryptography

View full text Add to dashboard Cite

show abstract

“…IPsec does not indicate a single protocol, but instead is a framework consisting of a group of multiple protocols, namely, a security protocol [5,6], security association (SA) [4], key management [14], and authentication/encryption algorithms [8][9][10][11][12][13]. In addition, IPsec provides the following security services on the IP layer [4].…”

Section: Ipsec Components and Provided Servicesmentioning

confidence: 99%

A security protocol intended to ease QoS management in IP networks

Shiraishi¹,

Fukuta

Morii

2004

Electron Comm Jpn Pt II

View full text Add to dashboard Cite

SUMMARYMany research projects and implementations related to QoS (Quality of Service) management technologies for providing stable network services have been undertaken. To perform QoS management, traffic classes are required. Generally, traffic is classified by setting priorities for packets, and the methods of setting those priorities include passive admission control in which clients set priorities and active admission control in which network edge routers check traffic and set priorities. To perform active admission control, identification information such as a TCP or UDP header must be inspected. However, with existing security protocols such as ESP (Encapsulating Security Payload) or SSH (Secure Shell), these kinds of information cannot be inspected because they are encrypted. Based on the point of view that active admission control should be performed to simplify QoS management of IP networks, the authors of this paper propose a security protocol named ESPQ (ESP considered QoS) for constructing active admission controllable packets and investigate the stability of that protocol. They also perform implementation experiments to show that existing control equipment such as routers can perform QoS management of ESPQ packets.

show abstract

The ESP CBC-Mode Cipher Algorithms

Cited by 25 publications

References 7 publications

Cryptography in Theory and Practice: The Case of Encryption in IPsec

Cryptography in Theory and Practice: The Case of Encryption in IPsec

A Dos Attack Against the Integrity-Less Esp (Ipsec)

A security protocol intended to ease QoS management in IP networks

Contact Info

Product

Resources

About