[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Losing one private key

To: ipsec@lists.tislabs.com
Subject: Losing one private key
From: Sandy Harris <sandy@storm.ca>
Date: Fri, 06 Oct 2000 13:01:10 -0400
Sender: owner-ipsec@lists.tislabs.com

For IKE with public key authentication, I'm wondering about the situation
where one private key is compromised, e.g. some evildoer has acquired root
privilege on one gateway and grabbed the key.

I know that:

	with one key, he can impersonate its owner and wreak diverse havocs
	if he gets both keys, we are vulnerable to man-in-the-middle attacks
	if he plants a trojan on the compromised gateway, or otherwise maintains
		control of that machine, all is lost

I suspect that with only one key, he cannot conduct a man-in-the-middle attack and
intercept genuine gateway-to-gateway traffic. The worst he can do is impersonate
the compromised gateway and grab whatever the other side sends him. That is bad
enough, but better than the results when IKE with shared secrets or manual keying
are used. In those cases compromising one gateway gets him everything.

Am I right about that, or is there some even nastier attack available with one
private key?

How would one add impersonation detection? Obviously not in the IPSEC protocol
suite; they're too complex already and this is outside their scope, but is
there some fairly simple client-to-client check you could do that would detect
an impersonating gateway? I'm thinking of the situation where your public key
is compromised, I don't know that and my gateway is talking to an impostor.
What do I ask of some system behind your gateway to double-check things?

Prev by Date: RE: Notification payloads IV
Next by Date: Re: Rijndael selected as AES
Prev by thread: RE: Larger DH groups?
Next by thread: Reliable delete notifies
Index(es):
- Main
- Thread