Article

Attacking the IPsec Standards in Encryption-only Configurations

Authors:

Jean Paul Degabriele,

Kenneth G. PatersonAuthors Info & Claims

SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy

Pages 335 - 349

https://doi.org/10.1109/SP.2007.8

Published: 20 May 2007 Publication History

Publisher Site

Abstract

We describe new attacks which break any RFCcompliant implementation of IPsec making use of encryption-only ESP in tunnel mode. The new attacks are both efficient and realistic: they are ciphertext-only and need only the capability to eavesdrop on ESP-encrypted traffic and to inject traffic into the network. We report on our experiences in applying the attacks to a variety of implementations of IPsec.

Cited By

View all

Xue NMalla YXia ZPöpper CVanhoef MCalandrino JTroncoso C(2023)Bypassing tunnelsProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620557(5719-5736)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620557
Degabriele JKim YKim JVigna GShi E(2021)Hiding the Lengths of Encrypted Messages via Gaussian PaddingProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484590(1549-1565)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484590
Kupser DMainka CSchwenk JSomorovsky J(2015)How to break XML encryption – automaticallyProceedings of the 9th USENIX Conference on Offensive Technologies10.5555/2831211.2831222(11-11)Online publication date: 10-Aug-2015
https://dl.acm.org/doi/10.5555/2831211.2831222
Show More Cited By

Index Terms

Attacking the IPsec Standards in Encryption-only Configurations

Recommendations

Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Attacking and repairing the winZip encryption scheme
CCS '04: Proceedings of the 11th ACM conference on Computer and communications security

WinZip is a popular compression utility for Microsoft Windows computers, the latest version of which is advertised as having "easy-to-use AES encryption to protect your sensitive data." We exhibit several attacks against WinZip's new encryption method, ...
On the (in)security of IPsec in MAC-then-encrypt configurations
CCS '10: Proceedings of the 17th ACM conference on Computer and communications security

IPsec allows a huge amount of flexibility in the ways in which its component cryptographic mechanisms can be combined to build a secure communications service. This may be good for supporting different security requirements but is potentially bad for ...

Comments

Information & Contributors

Information

Published In

SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy

May 2007

362 pages

ISBN:0769528481

Publisher

IEEE Computer Society

United States

Publication History

Published: 20 May 2007

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Xue NMalla YXia ZPöpper CVanhoef MCalandrino JTroncoso C(2023)Bypassing tunnelsProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620557(5719-5736)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620557
Degabriele JKim YKim JVigna GShi E(2021)Hiding the Lengths of Encrypted Messages via Gaussian PaddingProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484590(1549-1565)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484590
Kupser DMainka CSchwenk JSomorovsky J(2015)How to break XML encryption – automaticallyProceedings of the 9th USENIX Conference on Offensive Technologies10.5555/2831211.2831222(11-11)Online publication date: 10-Aug-2015
https://dl.acm.org/doi/10.5555/2831211.2831222
Kayuni MKhan MLi WMitchell CYau P(2015)Generating Unlinkable IPv6 AddressesProceedings of the Second International Conference on Security Standardisation Research - Volume 949710.1007/978-3-319-27152-1_10(185-199)Online publication date: 15-Dec-2015
https://dl.acm.org/doi/10.1007/978-3-319-27152-1_10
Paterson KWatson G(2012)Authenticated-Encryption with paddingCryptography and Security10.5555/2184081.2184092(83-107)Online publication date: 1-Jan-2012
https://dl.acm.org/doi/10.5555/2184081.2184092
Boldyreva ADegabriele JPaterson KStam M(2012)Security of symmetric encryption in the presence of ciphertext fragmentationProceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques10.1007/978-3-642-29011-4_40(682-699)Online publication date: 15-Apr-2012
https://dl.acm.org/doi/10.1007/978-3-642-29011-4_40
Tezcan CVaudenay S(2011)On hiding a plaintext length by preencryptionProceedings of the 9th international conference on Applied cryptography and network security10.5555/2025968.2025995(345-358)Online publication date: 7-Jun-2011
https://dl.acm.org/doi/10.5555/2025968.2025995
Jager TSomorovsky JChen YDanezis GShmatikov V(2011)How to break XML encryptionProceedings of the 18th ACM conference on Computer and communications security10.1145/2046707.2046756(413-422)Online publication date: 17-Oct-2011
https://dl.acm.org/doi/10.1145/2046707.2046756
Preneel B(2010)Cryptography for network securityProceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security10.5555/1885194.1885199(36-54)Online publication date: 8-Sep-2010
https://dl.acm.org/doi/10.5555/1885194.1885199
Chen LMitchell C(2010)Parsing ambiguities in authentication and key establishment protocolsInternational Journal of Electronic Security and Digital Forensics10.1504/IJESDF.2010.0323333:1(82-94)Online publication date: 1-Mar-2010
https://dl.acm.org/doi/10.1504/IJESDF.2010.032333
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

Public-Key encryption from ID-Based encryption without one-time signature

Attacking and repairing the winZip encryption scheme

On the (in)security of IPsec in MAC-then-encrypt configurations

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations