![[Search]](/static/images/search.gif){kind=small}
![[A-Z Index]](/static/images/az.gif){kind=small}
![[Contact]](/static/images/contact.gif){kind=small}
![[University of Cambridge]](/static/images/identifier2.gif){kind=small}
![[Talks.cam]](/static/images/talkslogosmall.gif)
Kenny Paterson, Royal Holloway, University of London
Tuesday 07 March 2006, 16:15-17:15
Security Flaws in Tunnel Mode IPsec
- π€ Speaker: Kenny Paterson, Royal Holloway, University of London
- π Date & Time: Tuesday 07 March 2006, 16:15 - 17:15
- π Venue: FW11, Computer Laboratory, William Gates Building
Abstract
We present a variety of attacks that efficiently extract plaintext data from IP datagrams that are protected using the IPsec protocol ESP in tunnel mode. In contrast to earlier attacks of Bellovin, our attacks require only small amounts of time and network bandwidth to be successful. The attacks apply in situations where the IP packets are not integrity protected, or where integrity protection is supplied only by a higher layer protocol. While strongly discouraged by experts, these configurations of IPsec are still allowed by the relevant IPsec standards. In addition, we believe that these configurations may be widely used in practice. We report on successful implementation of the attacks against an IPsec VPN built using the native implementation of IPsec in Linux.
Joint work with Arnold K.L. Yau.
Series This talk is part of the Computer Laboratory Security Seminar series.
Included in Lists
- All Talks (aka the CURE list)
- bld31
- Cambridge talks
- Computer Laboratory Security Seminar
- Department of Computer Science and Technology talks and seminars
- FW11, Computer Laboratory, William Gates Building
- Interested Talks
- School of Technology
- Security-related talks
- Trust & Technology Initiative - interesting events
- yk449
Note: Ex-directory lists are not shown.