Intercepting mobile communications: the insecurity of 802.11
Proceedings of the 7th annual international conference on Mobile computing and networking
IPSec
The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?)
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Initialization Vector Attacks on the IPsec Protocol Suite
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS ...
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
On Message Integrity in Cryptographic Protocols
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
ACM Transactions on Information and System Security (TISSEC)
Problem areas for the IP security protocols
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Cryptography in theory and practice: the case of encryption in IPsec
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
What can identity-based cryptography offer to web services?
Proceedings of the 2007 ACM workshop on Secure web services
Semi-automatic e-chartering through multi-agent systems and satellite IP networks
International Journal of Internet Protocol Technology
A cryptographic tour of the IPsec standards
Information Security Tech. Report
On the (in)security of IPsec in MAC-then-encrypt configurations
Proceedings of the 17th ACM conference on Computer and communications security
On hiding a plaintext length by preencryption
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
How secure is WiFi MAC layer in comparison with IPsec for classified environments?
Proceedings of the 14th Communications and Networking Symposium
Cryptography in theory and practice: the case of encryption in IPsec
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Practical realisation and elimination of an ECC-Related software bug attack
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
IPsec over IEEE 802.15.4 for low power and lossy networks
Proceedings of the 11th ACM international symposium on Mobility management and wireless access
| Hi-index | 0.00 |
Despite well-known results in theoretical cryptography highlighting the vulnerabilities of unauthenticated encryption, the IPsec standards mandate its support. We present evidence that such “encryption-only” configurations are in fact still often selected by users of IPsec in practice, even with strong warnings advising against this in the IPsec standards. We then describe a variety of attacks against such configurations and report on their successful implementation in the case of the Linux kernel implementation of IPsec. Our attacks are realistic in their requirements, highly efficient, and recover the complete contents of IPsec-protected datagrams. Our attacks still apply when integrity protection is provided by a higher layer protocol, and in some cases even when it is supplied by IPsec itself.