A DOS ATTACK AGAINST THE INTEGRITY-LESS ESP (IPSEC)

Ventzislav Nikov

Abstract

This paper describes a new practical DoS attack that can be mounted against the “encryption-only” configuration (i.e. without authenticated integrity) of ESP as allowed by IPSec. This finding can serve as a strong argument to convince those in charge of the IPSec standardization to improve it by banning the “encryption-only” configuration from the standard.

References

  1. A. Menezes, P. van Oorschot, S. V. (1996). Handbook of applied cryptography. In CRC Press.
  2. Adams, C. (1997a). Constructing symmetric ciphers using the CAST design procedure. In Designs, Codes, and Cryptography 12(3) pp. 283-316.
  3. Adams, C. (1997b). The CAST-128 encryption algorithm. In RFC 2144.
  4. Bellovin, S. (1996). Problem areas for the IP security protocols. In Usenix Unix Security Symposium, pp. 1-16.
  5. C. McCubbin, A. Selcuk, D. S. (2000). Initialization vector attacks on the IPSec protocol suite. In WETICE'00, IEEE Computer Society, pp. 171-175.
  6. Canvel, B., Hiltgen, A., Vaudenay, S., and Vuagnoux, M. (2003). Password interception in a SSL/TLS channel. In CRYPTO'03, LNCS 2729, pp. 583-599.
  7. R. Pereira, R. A. (Nov. 1998). The ESP CBC-mode cipher algorithms. In RFC 2451.
  8. Rivest, R. (1994). The RC5 encryption algorithm. In FSE'94, pp. 86-96.
  9. S. Frankel, R. Glenn, S. K. (Sept. 2003). The AES-CBC cipher algorithm and its use with IPSec. In RFC 3602.
  10. Schneier, B. (1993). Description of a new variable-length key, 64-bit block cipher (blowfish). In FSE'93, pp. 191-204.
  11. Schulzrinne, H., Casner, S., Frederick, R., and Jacobson, V. (July 2003). RTP: A transport protocol for real-time applications. In RFC 3550.
  12. T. Mallory, A. K. (Jan. 1990). Incremental updating of the internet checksum. In RFC 1141.
  13. T. Yu, S. Hartman, K. R. (2004). The perils of unauthenticated encryption: Kerberos version 4. In NDSS'04.
  14. Tanenbaum, A. (2002). Computer networks. In Prentice Hall.
  15. X. Lai, J. M. (1990). A proposal for a new block encryption standard. In EUROCRYPT'90, pp 389-404.
Download


Paper Citation


in Harvard Style

Nikov V. (2006). A DOS ATTACK AGAINST THE INTEGRITY-LESS ESP (IPSEC) . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 192-200. DOI: 10.5220/0002095701920200


in Bibtex Style

@conference{secrypt06,
author={Ventzislav Nikov},
title={A DOS ATTACK AGAINST THE INTEGRITY-LESS ESP (IPSEC)},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={192-200},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002095701920200},
isbn={978-972-8865-63-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - A DOS ATTACK AGAINST THE INTEGRITY-LESS ESP (IPSEC)
SN - 978-972-8865-63-4
AU - Nikov V.
PY - 2006
SP - 192
EP - 200
DO - 10.5220/0002095701920200