Highest Voted 'ipsec' Questions - Cryptography Stack Exchange

10

votes

1 answer

What is the "shared secret" used for in IPSec VPN?

Can somebody explain what the "shared secret" and "password" do when opening/creating a VPN tunnel? In this specific case I setup a VPN to my Fritz!Box and I had to provide a shared secret (which was pregenerated and very long) and a password. I'd…

key-exchange transport-security ipsec

asked Aug 22 '13 at 19:11

Krumelur

1,205
2
11
8

8

votes

1 answer

Detection of weak keys for AES-GCM

There are many papers out there that show that a message authenticated and encrypted by AES-GCM can be forged if the used key is weak (e.g. by Handschuh and Preneel, Saarinen or Procter and Cid). With weak keys I refer to the definition given by…

aes keys tls gcm ipsec

asked Aug 26 '16 at 12:05

budderick

435
3
11

5

votes

1 answer

Is IPsec IND-CCA secure provided the used block cipher is a pseudorandom function?

I am trying to solve the question whether "IPsec is IND-CCA secure provided the used block cipher is a pseudorandom function" (with IPsec using a variant of Encrypt-then-MAC) As a resource I am given the paper Mihir Bellare & Chanathip Namprempre…

authenticated-encryption modes-of-operation pseudo-random-function ipsec

asked Jan 06 '16 at 13:21

Sky Passaro

51
4

4

votes

1 answer

What are the problems of IKEv1 aggressive mode (compared to IKEv1 main mode or IKEv2)?

I would like to seek confirmation/clarification of the following statements about IKE: IKEv1 aggressive mode is supposed to be “insecure” if used with PSK. But as far as I can see, correct (or more correct) would be the following IKEv1 aggressive…

key-exchange man-in-the-middle dictionary-attack ipsec

asked Aug 10 '15 at 00:30

Robert Siemer

141
1
5

4

votes

1 answer

Does IKEv2 protocol have two modes like IKE

IKE Protocol have 2 modes, that modes have different structure. Does IKEv2 protocol have two modes like IKE.

key-exchange protocol-analysis ipsec

asked Apr 15 '14 at 07:17

Gev_sedrakyan

125
1
1
5

3

votes

1 answer

Why can't AES-GCM be used in IKEv1 phase 1?

I was configuring a VPN on a firewall (fortigate) and realized that I could use AES-GCM for encryption in the IKEv1 phase 2 but not in the phase 1 and I was wondering why knowing that in IKEv2 we could use it in both phases. I have already checked…

aes gcm aes-gcm ipsec

asked Sep 19 '19 at 09:39

user1990088

175
12

3

votes

1 answer

Why is "Next Header" field part of ESP trailer instead of ESP header?

Are there any reasons to place the "Next Header" field in ESP trailer instead of ESP header?

ipsec

asked Mar 26 '18 at 14:59

Elena Gurevich

197
1
9

3

votes

1 answer

IPSec vs SSL : Similarities and Differences

I am studying SSL and IPSec. I can pretty much nail down the "very high level" differences and similarities between the two, but am struggling to find a "lower level" (but not too deep) look. This may seem like a dumb question, but do SSL and IPSec…

tls semantic-security ipsec

asked Mar 11 '18 at 18:25

AConcernedSloth

31
1
2

3

votes

1 answer

Can authenticated encryption reduce bandwidth overhead of per-packet encryption?

I know that authenticated encryption modes of operation like GCM offer certain security advantages, as well as increased performance. (On my laptop with AES-NI, the benchmark performance of AES-128-GCM is about 3.7× faster than…

block-cipher implementation authenticated-encryption gcm ipsec

asked Nov 01 '16 at 06:11

Dan Lenski

345
2
11

2

votes

1 answer

ipsec, esp: Which key is used to generate the HMAC

Short Question: Are the keys for the ICV calculation and the encryption the same in IPSEC/ESP? Or do there exist two keys in the SA? Long Question: Before a new IPSEC-ESP connection is established, IKEv2 is used to start a new session. This involves…

ipsec

asked Apr 13 '19 at 17:18

byteunit

123
4

2

votes

1 answer

IPsec : transmission of Initialization Vector

I am currently carrying scholar research about IPsec protocol, and I have a question regarding the IP Encapsulating Security Payload (ESP). Is the initialization vector of operation mode transmitted in clear in the message ESP Payload ? If it is…

initialization-vector ipsec

asked Mar 29 '19 at 09:41

Cedric

63
5

2

votes

2 answers

Bellovin ESP Attack on UDP Packets

In Bellovin's ESP Attack, it is stated that: If $L_A$, $L_B$ are using UDP, attack is easier: Wait till session ends Allocate $L_B$'s UDP port to $X_B$ Replay all packets So, how does attacker know the UDP port of legitimate user $L$? Isn't it…

protocol-design attack ipsec

asked Mar 29 '18 at 07:58

aselimkaya

125
1
7

2

votes

1 answer

where does the prime number taken in DH algorithm in IPSEC

I am studying & configuring IPSEC ikev1 and in between i am analysing the wireshark captures. I am using the linux kernel for TCP/IP stack and user-space i took ipsec-tools. In the first two packet exchanges initiator is offering the proposals &…

diffie-hellman prime-numbers ipsec

asked Feb 24 '17 at 07:30

Kumar2080

21
3

2

votes

0 answers

What are the well known protocols that offer perfect forward secrecy?

As far as I know these are the well known protocols that offer PFS TLS/SSL (with DHE-RSA, DHE-DSS, ECDHE-RSA or ECDHE-ECDSA) SSH (RFC4253) OTR (Protocol Version 3 Spec) IPsec (with IKEv1 and IKEv2) (RFC 2412) Are there any other well known…

protocol-design tls ssh forward-secrecy ipsec

asked Feb 27 '15 at 16:34

placeybordeaux

153
5

2

votes

1 answer

Bellovin 96' attack on IPsec ESP protocol on encryption only option

Can you explain the actual attack? Why does the attacker need to firstly send some arbitrary UDP packet? How can the attacker break the privacy between A and B? Link: The article of Bellovin I'm attaching the slide for a reminder:

encryption cryptanalysis cbc ipsec

asked Nov 16 '13 at 20:24

Bush

2,160
3
18
27

Questions tagged [ipsec]