Cryptology ePrint Archive: Report 2006/370

A DoS Attack Against the Integrity-Less ESP (IPSec)

Ventzislav Nikov

Abstract: This paper describes a new practical DoS attack that can be mounted against the ``encryption-only'' configuration (i.e. without authenticated integrity) of ESP as allowed by IPSec.

This finding can serve as a strong argument to convince those in charge of the IPSec standardization to improve it by banning the ``encryption-only'' configuration from the standard.

Category / Keywords: applications / IPSec (ESP) Standard, Denial of Service Attack

Publication Info: An extended version of the paper presented at SECRYPT 2006

Date: received 26 Oct 2006

Contact author: venci nikov at gmail com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20061103:162051 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]