A DoS Attack Against the Integrity-Less ESP (IPSEC)

نویسنده

Ventzislav Nikov

چکیده

This paper describes a new practical DoS attack that can be mounted against the “encryptiononly” configuration (i.e. without authenticated integrity) of ESP as allowed by IPSec. This finding can serve as a strong argument to convince those in charge of the IPSec standardization to improve it by banning the “encryption-only” configuration from the standard.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

C-ISCAP(Controlled Internet Secure Connectivity Assurance Platform) : Design, Implementation and Evaluation

IPsec has now become a standard information security technology throughout the Internet society. It provides a well-defined architecture which takes into account confidentiality, authentication, integrity, secure key exchange and protection mechanism against replay attack also. For the connectionless security services on packet basis, IETF IPsec Working Group has standardized two extension head...

متن کامل

Stealth DoS Attacks on Secure Channels

We initiate study of the use of ‘secure tunnel’ protocols, specifically IPsec, and its availability and performance guarantees to higher-layer protocols, in particular TCP, against Denial/Degradation of Service (DoS) attacks. IPsec is designed to provide privacy and authentication against MITM attackers, and employs an anti-replay mechanism to ensure performance. For our analysis, we define a n...

متن کامل

Ingress Filtering at Edge Network to Protect Vpn Service from Dos Attack

Internet Protocol (IP) examines only the packet header to forward the packet but it does not examine the data in it. As internet is open to public, the seeking for sensitive data by the attacker has increased. It has become a necessity to protect data through the Internet. Virtual Private Network (VPN) is a popular service to logically construct private network using the existing public infrast...

متن کامل

Attacking Predictable IPsec ESP Initialization Vectors

Predictable initialization vectors in IPsec ESP encryption, allowed by the IPsec specifications and used by most implementations, compromise IPsec confidentiality. By using an adaptive chosen plaintext attack, an attacker can break low entropy plaintext blocks using brute force, and confirm guesses of the contents of arbitrary plaintext blocks. We analyze the preconditions and the seriousness o...

متن کامل

Mitigating Strategy to Shield the VPN Service from DoS Attack

The exponential growth of internet and drastic enhancement in telecommunication has made the Internet a part of every aspect in the world. Internet is now the heart of the day to day business dealings throughout the world. This has increased the seeking for sensitive data by the attacker. This in turn increased the necessity to protect data through the Internet. Virtual Private Network (VPN) is...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2006

A DoS Attack Against the Integrity-Less ESP (IPSEC)

نویسنده

چکیده

منابع مشابه

C-ISCAP(Controlled Internet Secure Connectivity Assurance Platform) : Design, Implementation and Evaluation

Stealth DoS Attacks on Secure Channels

Ingress Filtering at Edge Network to Protect Vpn Service from Dos Attack

Attacking Predictable IPsec ESP Initialization Vectors

Mitigating Strategy to Shield the VPN Service from DoS Attack

عنوان ژورنال:

اشتراک گذاری