Presentation is loading. Please wait.

Presentation is loading. Please wait.

IPSec/IKE Public Key Encryption Aggressive Mode vulnerability Initiator Responder ----------- ----------- HDR, SA, [ HASH(1),] KEi, Pubkey_r, Pubkey_r.

Published byEthan O’Neal’ Modified over 8 years ago

Similar presentations

Presentation on theme: "IPSec/IKE Public Key Encryption Aggressive Mode vulnerability Initiator Responder ----------- ----------- HDR, SA, [ HASH(1),] KEi, Pubkey_r, Pubkey_r."— Presentation transcript:

1 IPSec/IKE Public Key Encryption Aggressive Mode vulnerability Initiator Responder ----------- ----------- HDR, SA, [ HASH(1),] KEi, Pubkey_r, Pubkey_r -----> PubKey_i, PubKey_i, HASH_R HDR,HASH_I ----->

2 IPSec/IKE Public Key Encryption Aggressive Mode vulnerability “Chess Grandmaster” attack“Chess Grandmaster” attack

3 IPSec/IKE Public Key Encryption Aggressive Mode vulnerability Initiator CheaterResponder ----------- ----------- ----------- HDR, SA, KEi, Pubkey_c, Pubkey_c -----> HDR, SA, KEi, Pubkey_r, Pubkey_r -----> HDR, SA, KEr, PubKey_c, PubKey_c, HASH_R HDR, SA, KEr, Pubkey_i, Pubkey_i, HASH_C HDR,HASH_I -----> HDR, HASH_C ----->

4 IPSec/IKE Public Key Encryption Aggressive Mode vulnerability HASH_x=prf(SKEIDxc,KEx|KEc|CKY-X|CKY-Y|IDxc) HASH_C=prf(SKEIDir, Kei|Ker|CKY-I|CKY-R|IDir) prf=HMAC or Keyed MAC KEx=g^DHPrivKey_x x=i, r SKEIDir=prf(HASH(Ni|Nr), CKY-I|CKY-R)HASH_x=prf(SKEIDxc,KEx|KEc|CKY-X|CKY-Y|IDxc) HASH_C=prf(SKEIDir, Kei|Ker|CKY-I|CKY-R|IDir) prf=HMAC or Keyed MAC KEx=g^DHPrivKey_x x=i, r SKEIDir=prf(HASH(Ni|Nr), CKY-I|CKY-R) If Cheater isn’t agreed with any side, attack will be stopped in Phase 2If Cheater isn’t agreed with any side, attack will be stopped in Phase 2 If Cheater is agreed with Initiator(cheater knows DHPrivKey_i), they can fake ResponderIf Cheater is agreed with Initiator(cheater knows DHPrivKey_i), they can fake Responder Attack is possible in Main and Aggressive ModeAttack is possible in Main and Aggressive Mode

5 IPSec/IKE Public Key Encryption Aggressive Mode vulnerability How to resolve problem? In protocol first and second message apply signature: 1. SIGNi(KEi) 2. SIGNr(KEr)How to resolve problem? In protocol first and second message apply signature: 1. SIGNi(KEi) 2. SIGNr(KEr)

Download ppt "IPSec/IKE Public Key Encryption Aggressive Mode vulnerability Initiator Responder ----------- ----------- HDR, SA, [ HASH(1),] KEi, Pubkey_r, Pubkey_r."

Similar presentations

IKE : Internet Key Exchange

IKE : Internet Key Exchange
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.

Security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
ISAKMP RFC 2408 Internet Security Association & Key Management Protocol Protocol Establish, modify, and delete SAs Negotiate crypto keys Procedures Authentication.

ISAKMP RFC 2408 Internet Security Association & Key Management Protocol Protocol Establish, modify, and delete SAs Negotiate crypto keys Procedures Authentication.
IKEv2 extension: MOBIKE Faisal Memon Erik Weathers CS 259.

IKEv2 extension: MOBIKE Faisal Memon Erik Weathers CS 259.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
IPsec – IKE CS 470 Introduction to Applied Cryptography

IPsec – IKE CS 470 Introduction to Applied Cryptography
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
OPEN PROBLEMS IN PROTOCOL VERIFICATION Catherine Meadows Code 5543 Center for High Assurance Computer Systems Naval Research Laboratory Washington, DC.

OPEN PROBLEMS IN PROTOCOL VERIFICATION Catherine Meadows Code 5543 Center for High Assurance Computer Systems Naval Research Laboratory Washington, DC.

Similar presentations

Ads by Google