[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE
>>>>> "Franck" == Franck Le <Franck.Le@nokia.com> writes:
Franck> Hi, I have some questions on IKE. Actually I was wondering
Franck> if in the Main Mode, protection against man in the middle
Franck> attacks is provided. Since the first messages are sent in
Franck> clear mode and without any authentication, can't a Bad Guy
Franck> modify for example the SA payload ? That can bring to a
Franck> denial of service. So if it the case, is there a way to
Franck> protect against man in the middle attacks ?
The "man in the middle" that IKE protects against is a man in the
middle who wants to listen to your traffic, or modify it without being
detected.
It is impossible to define any protocol that prevents an active
attacker from deleting your traffic (or modifying it and forcing you
to discard it because the HMAC fails). The only solution in that case
is to route around the attacker, if you can. See Radia Perlman's PhD
thesis for more.
paul
References:
- IKE
- From: Franck.Le@nokia.com