Re: attack on identity protection in IKE

[pau@watson.ibm.com]

> From owner-ipsec@lists.tislabs.com Tue Aug 24 00:09:03 1999
> Date: Tue, 24 Aug 1999 11:25:59 +0800 (SGT)
> From: Jianying Zhou <jyzhou@krdl.org.sg>
> X-Sender: jyzhou@arizona
> To: ipsec@lists.tislabs.com
> Cc: Jianying Zhou <jyzhou@krdl.org.sg>
> Subject: attack on identity protection in IKE
> In-Reply-To: <37BFE216.A097CEF@checkpoint.com>
> Message-Id: <Pine.GSO.4.02.9908241115290.12303-100000@arizona>
> Mime-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Sender: owner-ipsec@lists.tislabs.com
> Precedence: bulk
> Content-Length: 859
> Status: RO
> 
> Identity protection is a feature of the main mode protocol. However,
> an attack is possible for the main mode protocol using public key
> encryption for authentication (when RSA is the encryption algorithm).
> 
> In that protocol, the peer's identity payload is encrypted with the
> other party's public key. When the ID is only a 32-bit IP address,
> it is easy to find the encrypted ID by the brute force attack.

Yes. But IP addess is exposed anyway. It is in the IP header.
> 
> The main mode protocol using revised mode of public key encryption
> does not suffer from the attack.
> 
> Jianying
> ---------------------------------------------------------------------
> Dr. Jianying Zhou        | Tel:   +65-8742585
> Kent Ridge Digital Labs  | Fax:   +65-7744990
> 21 Heng Mui Keng Terrace | Email: jyzhou@krdl.org.sg
> Singapore 119613         | WWW:   http://www.krdl.org.sg
> ---------------------------------------------------------------------
> 
>

---

Follow-Ups:

• Re: attack on identity protection in IKE
• From: Derek Atkins <warlord@MIT.EDU>

---

• Prev by Date: RE: Weak authentication in Xauth and IKE
• Next by Date: Re: attack on identity protection in IKE
• Prev by thread: Re: attack on identity protection in IKE
• Next by thread: Re: attack on identity protection in IKE
• Index(es):
  • Main
  • Thread