On the (In)Security of IPsec in MAC-then-Encrypt Configurations

被引:27
作者
Degabriele, Jean Paul [1 ]
Paterson, Kenneth G. [1 ]
机构
[1] Royal Holloway Univ London, Informat Secur Grp, Egham TW20 0EX, Surrey, England
来源
PROCEEDINGS OF THE 17TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'10) | 2010年
基金
英国工程与自然科学研究理事会;
关键词
IPsec; ESP; AH; MAC-then-encrypt; Traffic Flow Confidentiality; Fragmentation;
D O I
10.1145/1866307.1866363
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
IPsec allows a huge amount of flexibility in the ways in which its component cryptographic mechanisms can be combined to build a secure communications service. This may be good for supporting different security requirements but is potentially bad for security. We demonstrate the reality of this by describing efficient, plaintext-recovering attacks against all configurations of IPsec in which integrity protection is applied prior to encryption- so-called MAC-then-encrypt configurations. We report on the implementation of our attacks against a specific IPsec implementation, and reflect on the implications of our attacks for real-world IPsec deployments as well as for theoretical cryptography.
引用
收藏
页码:493 / 504
页数:12
相关论文
共 22 条
[1]  
[Anonymous], P 6 US UN SEC S SAN
[2]  
[Anonymous], IETF STANDARDS
[3]  
[Anonymous], 1998, RFC 2401
[4]  
[Anonymous], 2402 RFC
[5]  
[Anonymous], 2007, 4835 RFC
[6]  
[Anonymous], 2005, 4301 RFC
[7]  
Bellare M, 2000, LECT NOTES COMPUT SC, V1976, P531
[8]  
Braden R., 1989, REQUIREMENTS INTERNE
[9]  
Canvel B, 2003, LECT NOTES COMPUT SC, V2729, P583
[10]   Attacking the IPsec standards in encryption-only configurations [J].
Degabriele, Jean Paul ;
Paterson, Kenneth G. .
2007 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2007, :335-+
123