Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS470, A.SelcukIPsec Attacks1 IPsec ESP Attacks CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CS470, A.SelcukIPsec Attacks1 IPsec ESP Attacks CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk."— Presentation transcript:

1 CS470, A.SelcukIPsec Attacks1 IPsec ESP Attacks CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk

2 CS470, A.SelcukIPsec Attacks2 Attacks on ESP Encryption S.Bellovin, “Problem areas for the IP security protocols”, Usenix Security Symposium, 1996. C.McCubbin, A.Selcuk, D.Sidhu, “Initialization Vector Attacks on the IPsec Protocol Suite”, IEEE Workshop on Enterprise Security, 2000. Attack model: –Host-pair keying –ESP encryption without authentication –CBC mode of encryption

3 CS470, A.SelcukIPsec Attacks3 TCP Header 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

4 CS470, A.SelcukIPsec Attacks4 UDP Header 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

5 CS470, A.SelcukIPsec Attacks5 IPv4 Header 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

6 CS470, A.SelcukIPsec Attacks6 Reading Encrypted Data L A, L B : Legitimate user accounts on hosts A, B X A, X B : Attacker’s accounts on A and B ESP K IPsecretTCPL A L B : ESP K IPanyUDPX A X B : ESP K IPUDPX A X B :secretTCP Monitored data: Re-injected data:

7 CS470, A.SelcukIPsec Attacks7 Reading Encrypted Data (cont’d) Due to CBC, only first block of the pasted packet will be corrupted. (Can be avoided if IV is copied as well) Padding may be added to re-injected packet if needed to make lengths match If IPv6 in use, UDP checksum mandatory. 2 16 trials are needed on average to pass validation. If L A, L B are using UDP, attack is easier: –Wait till session ends –Allocate L B ’s UDP port to X B –Replay all packets

8 CS470, A.SelcukIPsec Attacks8 Session Hijacking ESP K IPdataTCPL A L B : ESP K IPCBC padUDPX A X B : L A L B :TCP Monitored data: Re-injected data: rm –rf / CBC padckfix rm –rf / ESP K IP

9 CS470, A.SelcukIPsec Attacks9 Session Hijacking (cont’d) Due to CBC, the first pasted block will be corrupted; the “CBC pad”. Some extra bytes may be needed to restore to a known state (e.g., shell prompt) “ckfix” is to fix the checksum; takes on average 2 16 trials. Attack can work without having logins X A, X B. (e.g., with SMTP-level source routing)

10 CS470, A.SelcukIPsec Attacks10 IV Attacks IV is sent in the payload; subject to modification By modifying IV, the first plaintext block can be modified in controllable manner: P 1 = D K (C 1 )  IV Attacks have further impact: First block includes the upper-layer header Checksums, if present, may be fixed by modifying insensitive fields in the first block

11 CS470, A.SelcukIPsec Attacks11 IV Attacks on TCP Fields in first 64 bits: Source Port, Destination Port, Seq.No. Fields in bits 65-128: Window Size, Ack.No., Offset, flags Attacks on Destination Port: Decrypted packets delivered to X B. Other attacks: Seq.No. (reordering), Window Size (flooding/stalling) Checksum fixing: by “reserved” or Ack.No.

12 CS470, A.SelcukIPsec Attacks12 IV Attacks on UDP Fields in first 64 bits: Source Port, Destination Port, Length, Checksum Bits 65-128: Data payload Dest. Port: Decrypted packets delivered to X B. Length: Packets can be truncated. Checksum can be fixed directly. With a 128-bit cipher, the first 64 bits of the payload can be modified.

13 CS470, A.SelcukIPsec Attacks13 Conclusion Encryption without integrity protection can be all but useless. Authentication is better made mandatory in IPsec. Moral of the story: It is safe to always use authentication/integrity protection when confidentiality is desired; the cost is marginal.

Download ppt "CS470, A.SelcukIPsec Attacks1 IPsec ESP Attacks CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk."

Similar presentations

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.

IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
TCP/IP Christopher Zacky. lolwut Decimal Numbers.

TCP/IP Christopher Zacky. lolwut Decimal Numbers.
CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.

Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.
Instructor: Sam Nanavaty TCP/IP protocol. Instructor: Sam Nanavaty Version – Allows for the evolution of the protocol IHL (Internet header length) – Length.

Instructor: Sam Nanavaty TCP/IP protocol. Instructor: Sam Nanavaty Version – Allows for the evolution of the protocol IHL (Internet header length) – Length.
IP SECURITY – Chapter 16 IP SECURITY – Chapter 16 Security Mechanisms: email – S/MIME, PGP client/server - Kerberos web access - Secure Sockets Layer network.

IP SECURITY – Chapter 16 IP SECURITY – Chapter 16 Security Mechanisms: – S/MIME, PGP client/server - Kerberos web access - Secure Sockets Layer network.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Lesson 4 The IPv6 Header.

Lesson 4 The IPv6 Header.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
Attacking the IPSec Standards in Encryption- only Configurations Jean Paul Degabriele and Kenneth G. Paterson Presented by Chan Wing Cheong Mar 31, 2008.

Attacking the IPSec Standards in Encryption- only Configurations Jean Paul Degabriele and Kenneth G. Paterson Presented by Chan Wing Cheong Mar 31, 2008.
CSEE W4140 Networking Laboratory Lecture 6: TCP and UDP Jong Yul Kim 03.01.2010.

CSEE W4140 Networking Laboratory Lecture 6: TCP and UDP Jong Yul Kim
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.

1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.
Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.

Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.

Similar presentations

Ads by Google