On the (In)Security of IPsec in MAC-then-Encrypt Configurations

被引：26

作者：

Degabriele, Jean Paul ^{[1
]}

Paterson, Kenneth G. ^{[1
]}

机构：

[1] Royal Holloway Univ London, Informat Secur Grp, Egham TW20 0EX, Surrey, England

来源：

PROCEEDINGS OF THE 17TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'10) | 2010年

基金：

英国工程与自然科学研究理事会;

关键词：

IPsec; ESP; AH; MAC-then-encrypt; Traffic Flow Confidentiality; Fragmentation;

D O I：

10.1145/1866307.1866363

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

IPsec allows a huge amount of flexibility in the ways in which its component cryptographic mechanisms can be combined to build a secure communications service. This may be good for supporting different security requirements but is potentially bad for security. We demonstrate the reality of this by describing efficient, plaintext-recovering attacks against all configurations of IPsec in which integrity protection is applied prior to encryption- so-called MAC-then-encrypt configurations. We report on the implementation of our attacks against a specific IPsec implementation, and reflect on the implications of our attacks for real-world IPsec deployments as well as for theoretical cryptography.

引用

页码：493 / 504

页数：12

共 22 条

[1] [Anonymous], P 6 US UN SEC S SAN
[2] [Anonymous], IETF STANDARDS
[3] [Anonymous], 1998, RFC 2401
[4] [Anonymous], 2402 RFC
[5] [Anonymous], 2007, 4835 RFC
[6] [Anonymous], 2005, 4301 RFC
[7] Bellare M, 2000, LECT NOTES COMPUT SC, V1976, P531
[8] Braden R., 1989, REQUIREMENTS INTERNE
[9] Canvel B, 2003, LECT NOTES COMPUT SC, V2729, P583
[10] Attacking the IPsec standards in encryption-only configurations
Degabriele, Jean Paul
Paterson, Kenneth G.
[J]. 2007 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2007, : 335 - +

← 1 2 3 →