### Attacking the IPsec Standards in Encryption-only Configurations

Jean Paul Degabriele and Kenneth G. Paterson

##### Abstract

At Eurocrypt 2006, Paterson and Yau demonstrated how flaws in the Linux implementation of IPsec could be exploited to break encryption-only configurations of ESP, the IPsec encryption protocol. Their work highlighted the dangers of not using authenticated encryption in fielded systems, but did not constitute an attack on the actual IPsec standards themselves; in fact, the attacks of Paterson and Yau should be prevented by any standards-compliant IPsec implementation. In contrast, this paper describes new attacks which break any RFC-compliant implementation of IPsec making use of encryption-only ESP. The new attacks are both efficient and realistic: they are ciphertext-only and need only the capability to eavesdrop on ESP-encrypted traffic and to inject traffic into the network. The paper also reports our experiences in applying the attacks to a variety of implementations of IPsec, and reflects on what these experiences tell us about how security standards should be written so as to simplify the task of software developers.

Note: Minor update to Section 9.2.

Available format(s)
Category
Applications
Publication info
Published elsewhere. Full version of a paper to appear at the 2007 IEEE Symposium on Security and Privacy
Keywords
IPsecintegrityencryptionESPstandard.
Contact author(s)
kenny paterson @ rhul ac uk
History
2007-08-09: revised
See all versions
Short URL
https://ia.cr/2007/125

CC BY

BibTeX

@misc{cryptoeprint:2007/125,
author = {Jean Paul Degabriele and Kenneth G.  Paterson},
title = {Attacking the IPsec Standards in Encryption-only Configurations},
howpublished = {Cryptology ePrint Archive, Paper 2007/125},
year = {2007},
note = {\url{https://eprint.iacr.org/2007/125}},
url = {https://eprint.iacr.org/2007/125}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.