[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: attack on identity protection in IKE
Tell me if I'm wrong, but I don't think main mode with
either preshared keys or digital signatures protects the
identity of the initiator against an active attack.
Anybody capable of sending / receiving IP packets
corresponding to the real responder will be able to
get that identity. This does not apply to either
encryption mode.
Ari
Derek Atkins wrote:
> You can always see the IP address of the IKE hosts. But that's ok.
> The question is: can you see the identity of the authenticated entity
> (be it a host identification or user indentification)? The answer
> is: no. IKE isn't using raw RSA on the identity, that would be
> stupid (and insecure, as you point out). It would also lead to
> traffic-analysis attacks, where the same identity would encrypt to
> the same ciphertext. PKCS solves both of these problems, as already
> mentioned, by adding random padding to extend the actual message
> out to the size of the RSA key.
>
> -derek
>
> pau@watson.ibm.com writes:
>
> > > Date: Tue, 24 Aug 1999 11:25:59 +0800 (SGT)
> > > From: Jianying Zhou <jyzhou@krdl.org.sg>
> > > To: ipsec@lists.tislabs.com
> > > Cc: Jianying Zhou <jyzhou@krdl.org.sg>
> > > Subject: attack on identity protection in IKE
> > >
> > > Identity protection is a feature of the main mode protocol. However,
> > > an attack is possible for the main mode protocol using public key
> > > encryption for authentication (when RSA is the encryption algorithm).
> > >
> > > In that protocol, the peer's identity payload is encrypted with the
> > > other party's public key. When the ID is only a 32-bit IP address,
> > > it is easy to find the encrypted ID by the brute force attack.
> >
> > Yes. But IP addess is exposed anyway. It is in the IP header.
> > >
> > > The main mode protocol using revised mode of public key encryption
> > > does not suffer from the attack.
> > >
> > > Jianying
> > > ---------------------------------------------------------------------
> > > Dr. Jianying Zhou | Tel: +65-8742585
> > > Kent Ridge Digital Labs | Fax: +65-7744990
> > > 21 Heng Mui Keng Terrace | Email: jyzhou@krdl.org.sg
> > > Singapore 119613 | WWW: http://www.krdl.org.sg
> > > ---------------------------------------------------------------------
> > >
> > >
>
> --
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL N1NWH
> warlord@MIT.EDU PGP key available
--
Ari Huttunen GSM: +358 40 5524634
Senior Software Engineer fax : +358 9 8599 xxxx
Data Fellows Corporation http://www.DataFellows.com
F-Secure products: Integrated Solutions for Enterprise Security
Follow-Ups:
References: