A Denial of Service and Some IPsec-Implementations
ABSTRACT
IP security (IPSec) is in global use for example in corporate Virtual Private Networks. It is also intended for the protection of nodes in the third generation (3G) mobile networks. Denial of Service (DoS) is a threat especially in 3G networks where availability requirements are very strict. This thesis is about identifying those threats and presenting methods for analyzing IPSec implementations and their vulnerabilities to certain Denial of Service attacks.
The objective of this study is to review IPSec DoS vulnerabilities, and to produce and analyze tools for this. The best entry points for DoS attacks are in IKE (Internet Key Exchange) protocol, so the scope of the study is limited to attacks against IKE.
The results show that implementations differ very much from each other in robustness against chosen attacks. In some attacks the best implementations do not suffer from DoS at all, but poor implementations may even crash. Simple protections, such as hard-coded limits for memory consumption, work well against the tested DoS attacks.
AUTHORS
System Management, Network Security, Ericsson
Mika Müller is working on system management in the area of network security at Ericsson. He graduated last year with a major in network security, and minor in telecommunications management. His Professional interests include analyzing different vulnerabilities and designing software to exploit those vulnerabilities.
Professor of Communication Software, Helsinki University of Technology
Teemupekka Virtanen is working as a professor of communication software at Helsinki University of Technology. His main areas are information and corporation security. During his career in security he has also been the chief information security officer of the Finnish Defence Forces and security manager of a large media company.
Sr. Communications Research Engineer, Ericsson Research Nomadiclab
Jari Arkko is a Senior Communications Research Engineer at Ericsson Research Nomadiclab. He has a Lic. Tech. Degree from Helsinki University of Technology. Jari's interests include secure mobility, secure IPv6 control protocols, AAA, authentication protocols, IP Security, and tradeoffs between security and cost. He is active in the IETF, and has co-authored various RFCs and Internet Drafts, including the DIAMETER AAA and Mobile IPv6 base protocols.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive
