1 / 5

Securing IPSec/IKE: Aggressive Mode Vulnerability Countermeasures

Learn about the vulnerability in IPSec/IKE Public Key Encryption Aggressive Mode and how to address it effectively. Discover the Chess Grandmaster attack, prevention strategies, and the importance of message signatures. Enhance your understanding of the risks and solutions in securing your communication channels.

hunter-blankenship
Télécharger la présentation

Securing IPSec/IKE: Aggressive Mode Vulnerability Countermeasures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPSec/IKE Public Key Encryption Aggressive Mode vulnerability Initiator Responder ----------- ----------- HDR, SA, [ HASH(1),] KEi, <IDi>Pubkey_r, <Ni>Pubkey_r -----> <----- HDR, SA, KEr, <IDr>PubKey_i, <Nr>PubKey_i, HASH_R HDR,HASH_I ----->

  2. IPSec/IKE Public Key Encryption Aggressive Mode vulnerability • “Chess Grandmaster” attack

  3. IPSec/IKE Public Key Encryption Aggressive Mode vulnerability Initiator Cheater Responder ----------- ----------- ----------- HDR, SA, KEi, <IDi>Pubkey_c, <Ni>Pubkey_c -----> HDR, SA, KEi, <IDc>Pubkey_r, <Ni>Pubkey_r -----> HDR, SA, KEr, <IDr>PubKey_c, <----- <Nr>PubKey_c, HASH_R HDR, SA, KEr, <IDc>Pubkey_i, <----- <Nr>Pubkey_i, HASH_C HDR,HASH_I -----> HDR, HASH_C ----->

  4. IPSec/IKE Public Key Encryption Aggressive Mode vulnerability • HASH_x=prf(SKEIDxc,KEx|KEc|CKY-X|CKY-Y|IDxc) HASH_C=prf(SKEIDir, Kei|Ker|CKY-I|CKY-R|IDir) prf=HMAC or Keyed MAC KEx=g^DHPrivKey_x x=i, r SKEIDir=prf(HASH(Ni|Nr), CKY-I|CKY-R) • If Cheater isn’t agreed with any side, attack will be stopped in Phase 2 • If Cheater is agreed with Initiator(cheater knows DHPrivKey_i), they can fake Responder • Attack is possible in Main and Aggressive Mode

  5. IPSec/IKE Public Key Encryption Aggressive Mode vulnerability • How to resolve problem? In protocol first and second message apply signature: 1. SIGNi(KEi) 2. SIGNr(KEr)

More Related