A Denial of Service and Some IPsec-Implementations

ABSTRACT

IP security (IPSec) is in global use for example in corporate Virtual Private Networks. It is also intended for the protection of nodes in the third generation (3G) mobile networks. Denial of Service (DoS) is a threat especially in 3G networks where availability requirements are very strict. This thesis is about identifying those threats and presenting methods for analyzing IPSec implementations and their vulnerabilities to certain Denial of Service attacks.

The objective of this study is to review IPSec DoS vulnerabilities, and to produce and analyze tools for this. The best entry points for DoS attacks are in IKE (Internet Key Exchange) protocol, so the scope of the study is limited to attacks against IKE.

The results show that implementations differ very much from each other in robustness against chosen attacks. In some attacks the best implementations do not suffer from DoS at all, but poor implementations may even crash. Simple protections, such as hard-coded limits for memory consumption, work well against the tested DoS attacks.


AUTHORS

System Management, Network Security, Ericsson

Mika Müller is working on system management in the area of network security at Ericsson. He graduated last year with a major in network security, and minor in telecommunications management. His Professional interests include analyzing different vulnerabilities and designing software to exploit those vulnerabilities

Professor of Communication Software, Helsinki University of Technology

Teemupekka Virtanen is working as a professor of communication software at Helsinki University of Technology. His main areas are information and corporation security. During his career in security he has also been the chief information security officer of the Finnish Defence Forces and security manager of a large media company.

Sr. Communications Research Engineer, Ericsson Research Nomadiclab

Jari Arkko is a Senior Communications Research Engineer at Ericsson Research Nomadiclab. He has a Lic. Tech. Degree from Helsinki University of Technology. Jari's interests include secure mobility, secure IPv6 control protocols, AAA, authentication protocols, IP Security, and tradeoffs between security and cost. He is active in the IETF, and has co-authored various RFCs and Internet Drafts, including the DIAMETER AAA and Mobile IPv6 base protocols.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Media Parner to JIW.

Media Partner

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com