International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Attacking the IPsec Standards in Encryption-only Configurations

Jean Paul Degabriele
Kenneth G. Paterson
Search ePrint
Search Google
Abstract: At Eurocrypt 2006, Paterson and Yau demonstrated how flaws in the Linux implementation of IPsec could be exploited to break encryption-only configurations of ESP, the IPsec encryption protocol. Their work highlighted the dangers of not using authenticated encryption in fielded systems, but did not constitute an attack on the actual IPsec standards themselves; in fact, the attacks of Paterson and Yau should be prevented by any standards-compliant IPsec implementation. In contrast, this paper describes new attacks which break any RFC-compliant implementation of IPsec making use of encryption-only ESP. The new attacks are both efficient and realistic: they are ciphertext-only and need only the capability to eavesdrop on ESP-encrypted traffic and to inject traffic into the network. The paper also reports our experiences in applying the attacks to a variety of implementations of IPsec, and reflects on what these experiences tell us about how security standards should be written so as to simplify the task of software developers.
  title={Attacking the IPsec Standards in Encryption-only Configurations},
  booktitle={IACR Eprint archive},
  keywords={applications / IPsec, integrity, encryption, ESP, standard.},
  note={Full version of a paper to appear at the 2007 IEEE Symposium on Security and Privacy 13734 received 3 Apr 2007, last revised 9 Aug 2007},
  author={Jean Paul Degabriele and Kenneth G. Paterson},