Encrypted Traffic and IPsec Challenges for Intrusion Detection System

Now a day IPsec has now become a standard information security technology throughout the Network and Internet society. It provides confidentiality, authentication, integrity, secure key exchange and protection mechanism though encrypting a packet. The use of IPsec, which encrypts network traffic, renders network intrusion detection, virtually useless, unless traffic is decrypted at network layer. In this paper we are discussing that how a IPSec or other encryption techniques create challenges for Intrusion Detection System.

[1]  Alan Kullberg,et al.  Incremental updating of the Internet checksum , 1990, RFC.

[2]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[3]  Deepinder P. Sidhu,et al.  Initialization vector attacks on the IPsec protocol suite , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[4]  Richard P. Lippmann,et al.  Making Network Intrusion Detection Work With IPsec , 2007 .

[5]  Peng Ning,et al.  Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings , 2009, ESORICS.

[6]  Kenneth G. Paterson,et al.  Cryptography in Theory and Practice: The Case of Encryption in IPsec , 2006, EUROCRYPT.

[7]  Manish Karir IPSEC and the Internet , 1999 .

[8]  Ventzislav Nikov,et al.  A DoS Attack Against the Integrity-Less ESP (IPSEC) , 2006, SECRYPT.

[9]  Juan M. Estévez-Tapiador,et al.  Concepts and Attitudes for Internet Security (A review of Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin). , 2003 .

[10]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[11]  Radia J. Perlman,et al.  DoS protection for UDP-based protocols , 2003, CCS '03.

[12]  Yongguang Zhang Multi-Layer Protection Scheme for IPSEC , 1999 .

[13]  David L. Black,et al.  The Addition of Explicit Congestion Notification (ECN) to IP , 2001, RFC.

[14]  Amir Herzberg,et al.  Stealth DoS Attacks on Secure Channels , 2010, NDSS.

[15]  Sneha Kumar Kasera,et al.  On securely enabling intermediary-based services and performance enhancements for wireless mobile users , 2003, WiSe '03.

[16]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[17]  Amir Herzberg,et al.  Lightweight Opportunistic Tunneling (LOT) , 2009, ESORICS.

[18]  Richard Lippmann,et al.  Tuning Intrusion Detection to Work with a Two Encryption Key Version of IPsec , 2007, MILCOM 2007 - IEEE Military Communications Conference.