|COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring.|
Security Flaws in Tunnel Mode IPsec
If you have a question about this talk, please contact Saar Drimer.
We present a variety of attacks that efficiently extract plaintext data from IP datagrams that are protected using the IPsec protocol ESP in tunnel mode. In contrast to earlier attacks of Bellovin, our attacks require only small amounts of time and network bandwidth to be successful. The attacks apply in situations where the IP packets are not integrity protected, or where integrity protection is supplied only by a higher layer protocol. While strongly discouraged by experts, these configurations of IPsec are still allowed by the relevant IPsec standards. In addition, we believe that these configurations may be widely used in practice. We report on successful implementation of the attacks against an IPsec VPN built using the native implementation of IPsec in Linux.
Joint work with Arnold K.L. Yau.
This talk is part of the Computer Laboratory Security Seminar series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
Other listsFriends of Cambridge University Library SPI Stem Cell Institute Research Associates
Other talksIntensified-Process Integration at All Scales – flow reactor networks and end-to-end intensified chemical plants "The game's afoot!": Mobility as method in Sherlockian fandom, 1970-1990 Brain circuits that govern sleep and wakefulness The German Reaction to Fukushima The waxing and waning of PIMMS: experimental but not computational support for prediction error driving episodic memory Dr Piero Mastroeni: Immunity and vaccination to invasive Salmonella infections: How can we integrate the lessons from animal models and man?