Problem Areas for the IP Security Protocols

The Internet Engineering Task Force (IETF) is in the proces of adopting standards for IP-layer encryption and authentication (IPSEC). We describe a number of attacks against various versions of these protocols, including confidentiality failures and authentication failures. The implications of these attacks are troubling for the utility of this entire effort.

[1]  Eli Biham,et al.  Differential Cryptanalysis of the Full 16-Round DES , 1992, Annual International Cryptology Conference.

[2]  David A. Wagner,et al.  A "bump in the stack" encryptor for MS-DOS systems , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[3]  Hemma Prafullchandra,et al.  Simple Key-Management For Internet Protocols (SKIP) , 1995 .

[4]  Perry Metzger,et al.  The ESP Triple DES Transform , 1995, RFC.

[5]  Marcel Waldvogel,et al.  The ESP Stream Transform , 1998 .

[6]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[7]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[8]  R. Jueneman,et al.  Message authentication , 1985, IEEE Communications Magazine.

[9]  Perry Metzger,et al.  IP Authentication using Keyed MD5 , 1995, RFC.

[10]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[11]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[12]  Ralph Howard,et al.  Data encryption standard , 1987 .

[13]  Jon Postel,et al.  User Datagram Protocol , 1980, RFC.

[14]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[15]  Van Jacobson,et al.  TCP Extensions for High Performance , 1992, RFC.

[16]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[17]  S.G. Stubblebine,et al.  Protocol design for integrity protection , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[18]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[19]  Darren Reed,et al.  Security Considerations for IP Fragment Filtering , 1995, RFC.

[20]  Virgil D. Gligor,et al.  On message integrity in cryptographic protocols , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[21]  Randall J. Atkinson,et al.  IP Authentication Header , 1995, RFC.

[22]  G. E. Thyer,et al.  Modes of operation , 1991 .

[23]  Perry Metzger,et al.  The ESP DES-CBC Transform , 1995, RFC.

[24]  Donald E. Eastlake,et al.  Domain Name System Security Extensions , 1997, RFC.