IPSec Security

A Denial of Service and Some IPsec-Implementations

ABSTRACT

IP security (IPSec) is in global use for example in corporate Virtual Private Networks. It is also intended for the protection of nodes in the third generation (3G) mobile networks. Denial of Service (DoS) is a threat especially in 3G networks where availability requirements are very strict. This thesis is about identifying those threats and presenting methods for analyzing IPSec implementations and their vulnerabilities to certain Denial of Service attacks.

Malware-based Information Leakage over IPSec Tunnels

ABSTRACT

IPSec-based protocols are often presented by practitioners of information security as an efficient solution to prevent attacks against data exchange. More generally, use of encryption to protect communication channels or to seclude sensitive networks is seen as the ultimate defence. Unfortunately, this confidence is illusory since such “armoured” protocols can be manipulated or corrupted by an attacker to leak information whenever an access is managed with simple user’s permission. In this paper, we present how an attacker and/or a malware can subvert and bypass IPSec-like protocols to leak data from the system under attack. By using a covert channel, we show how to code the information to be stolen, how to insert it in the legitimate encrypted traffic and finally collect/decode the information on the attacker’s side. We first present how to exploit the covert channel and to steal sensitive data without triggering any alert. Subsequently, the detailed results of extensive experiments to validate the attack techniques on an operational level are given. Finally, some potential prevention and protection techniques are presented to limit such attacks. However, this analysis demonstrates that residual weaknesses are bound to remain unless the communication protocols involved are significantly modified.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com