Abstract
Predictable initialization vectors in IPsec ESP encryption, allowed by the IPsec specifications and used by most implementations, compromise IPsec confidentiality. By using an adaptive chosen plaintext attack, an attacker can break low entropy plaintext blocks using brute force, and confirm guesses of the contents of arbitrary plaintext blocks. We analyze the preconditions and the seriousness of such attacks, and provide results of practical attack experiments.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Antti Nuopponen, Sami Vaarala: An Attack against IPsec Transport Mode HTTP Access, http://www.hut.fi/~svaarala/publications/espiv/webaccess.html, March 2002.
Antti Nuopponen, Sami Vaarala: An Attack against Single Character TCP Segments Protected by IPsec Tunnel Mode, http://www.hut.fi/~svaarala/publications/espiv/login.html, March 2002.
Jon Postel: Internet Protocol. Request For Comments 760, January 1980.
Jon Postel: User Datagram Protocol. Request For Comments 768, August 1980.
Jon Postel: Transmission Control Protocol. Request For Comments 793, September 1981.
Randall Atkinson, Stephen Kent: Security Architecture for IP. Request For Comments 2401, November 1998.
Randall Atkinson, Stephen Kent: IP Encapsulating Security Payload (ESP). Request For Comments 2406, November 1998.
Dave Carrel, Dan Harkins: The Internet Key Exchange (IKE). Request For Comments 2409, November 1998.
Naganand Doraswamy, Cheryl Madson: The ESP DES-CBC Cipher Algorithm. Request For Comments 2405, November 1998.
Rob Adams, Roy Pereira: ESP CBC-Mode Cipher Algorithms. Request For Comments 2451, November 1998.
Serge Vaudenay: CBC Padding: Security Flaws in SSL, IPSEC, WTLS,...
Phillip Rogaway: Problems with Proposed IP Cryptography. Internet-Draft (expired; see http://www.cs.ucdavis.edu/~rogaway/papers/comments.html), April 1995.
Anon.: The IPsec mailing list (see http://www.ietf.org/for moreinformation; archive currently at ftp://ftp.tis.com/pub/lists/ipsec).
Steven M. Bellovin: Problem Areas for the IP Security Protocols. Proceedings of the Sixth Usenix UNIX Security Symposium, July 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vaarala, S., Nuopponen, A., Virtanen, T. (2002). Attacking Predictable IPsec ESP Initialization Vectors. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds) Information and Communications Security. ICICS 2002. Lecture Notes in Computer Science, vol 2513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36159-6_14
Download citation
DOI: https://doi.org/10.1007/3-540-36159-6_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00164-5
Online ISBN: 978-3-540-36159-6
eBook Packages: Springer Book Archive