[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

attack on identity protection in IKE



Identity protection is a feature of the main mode protocol. However,
an attack is possible for the main mode protocol using public key
encryption for authentication (when RSA is the encryption algorithm).

In that protocol, the peer's identity payload is encrypted with the
other party's public key. When the ID is only a 32-bit IP address,
it is easy to find the encrypted ID by the brute force attack.

The main mode protocol using revised mode of public key encryption
does not suffer from the attack.

Jianying
---------------------------------------------------------------------
Dr. Jianying Zhou        | Tel:   +65-8742585
Kent Ridge Digital Labs  | Fax:   +65-7744990
21 Heng Mui Keng Terrace | Email: jyzhou@krdl.org.sg
Singapore 119613         | WWW:   http://www.krdl.org.sg
---------------------------------------------------------------------




Follow-Ups: References: