Cryptography in theory and practice: The case of encryption in IPsec

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4004 LNCS, Issue , 2006, Pages 12-29

  Paterson, Kenneth G ^a   Yau, Arnold K L ^a  

^a UNIVERSITY OF LONDON   (United Kingdom)

Author keywords

Encryption; ESP; Integrity; IPsec

Indexed keywords

ARTIFICIAL INTELLIGENCE; COMPUTER CRIME; COMPUTER SCIENCE; NETWORK PROTOCOLS; SECURITY OF DATA; STANDARDS;

INTEGRITY PROTECTION; IPSEC; IPSEC-PROTECTED DATAGRAMS; UNAUTHENTICATED ENCRYPTION;

CRYPTOGRAPHY;

EID: 33746067483     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11761679_2     Document Type: Conference Paper

References (30)

1. R. Atkinson, "IP Encapsulating Security Payload (ESP)", RFC 1827, August 1995.
2. F. Baker, "Requirements for IPv4 Routers", RFC 1812, June 1995.
3. M. Bellare, T. Kohno and C. Namprempre, "Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm." ACM TISSEC, Vol. 7, No. 2, May 2004, pp. 206-241.
4. M. Bellare and C. Namprempre, "Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm." In T. Okamoto (ed.), Advances in Cryptology - ASIACRYPT 2000, LNCS Vol. 1976, Springer-Verlag, 2000, pp. 531-545.
5. M. Bellare and P. Rogaway, "Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography." In T. Okamoto (ed.), Advances in Cryptology - ASIACRYPT 2000, LNCS Vol. 1976, Springer-Verlag, 2000, pp.317-330.
6. S. Bellovin, "Problem Areas for the IP Security Protocols", in Proceedings of the Sixth Usenix Unix Security Symposium, pp. 1-16, San Jose, CA, July 1996.
7. N. Borisov, I. Goldberg and D. Wagner, "Intercepting Mobile Communications: The Insecurity of 802.11", in Proc. MOBICOM 2001, ACM Press, 2001, pp. 180-189.
8. B.Canvel, A.P. Hiltgen, S. Vaudenay and M. Vuagnoux, "Password Interception in a SSL/TLS Channel," in D. Boneh (ed.), Advances in Cryptology - CRYPTO 2003, LNCS Vol. 2729, Springer-Verlag, 2003, pp. 583-599
9. N. Doraswamy and D. Harkins, IPsec: the new security standard for the Internet, Intranets and Virtual Private Networks (second edition), Prentice Hall PTR, 2003.
10. N. Ferguson and B. Schneier, "A cryptographic evaluation of IPsec." Unpublished manuscrip available from http://www.schneier.com/paper- ipsec.html.
11. S. Frankel, R. Glenn and S. Kelly, "The AES-CBC Cipher Algorithm and Its Use with IPsec", RFC 3602, Sept. 2003.
12. S. Frankel, K. Kent, R. Lewkowski, A.D. Orebaugh, R.W. Ritchey and S.R. Sharma, "Guide to IPsec VPNs", NIST Special Publication 800-77 (Draft), January 2005.
13. D. Harkins and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, Nov. 1998.
14. J. Katz and M. Yung, "Unforgeable encryption and chosen ciphertext secure modes of operation," In B. Schneier (ed.), FSE 2000, LNCS Vol. 1978, Springer-Verlag 2001, pp. 284-299.
15. S. Kent and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, Nov. 1998.
16. S. Kent and R. Atkinson, "IP Encapsulating Security Payload (ESP)", RFC 2406, Nov. 1998.
17. S. Kent and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301 (obsoletes RFC 2401), Dec. 2005.
18. S. Kent, "IP Encapsulating Security Payload (ESP)", RFC 4303 (obsoletes RFC 2406), Dec. 2005.
19. H. Krawczyk, "The Order of Encryption and Authentication for Protecting Communications (Or: How Secure Is SSL?)", in J. Kilian (ed.), Advances in Cryptology - CRYPTO 2001, LNCS Vol. 2139, Springer-Verlag 2001, pp. 310-331.
20. Internet Protocol, RFC 791, Sept. 1981.
21. C. Madson and N. Doraswamy, "The ESP DES-CBC Cipher Algorithm With Explicit IV", RFC 2405, Nov. 1998.
22. C.B. McCubbin, A.A. Selcuk and D. Sidhu, "Initialization vector attacks on the IPsec protocol suite." In WETICE 2000, IEEE Computer Society, pp. 171-175.
23. P.Q. Nguyen, "Can we trust cryptographic software? Cryptographic flaws in GNU Privacy Guard v1.2.3", in C. Cachin (ed.), Advances in Cryptology - EUROCRYPT 2004, LNCS Vol. 3027, Springer-Verlag 2004, pp. 555-570.
24. NISCC Vulnerability Advisory IPSEC - 004033, 9th May 2005. Available from http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en.
25. K.G. Paterson and A.K.L. Yau, "Cryptography in Theory and Practice: The Case of Encryption in IPsec." Extended version of this paper available from http://eprint.iacr.org/2005/416.
26. R. Pereira and R. Adams, "The ESP CBC-Mode Cipher Algorithms", RFC 2451, Nov. 1998.
27. J. Postel, "Internet Control Message Protocol", RFC 792, Sept. 1981.
28. S. Stubblebine and V. Gligor, "On Message Integrity in Cryptographic Protocols", in IEEE Security and Privacy, May 1992, pp. 85-104.
29. S. Vaudenay, "Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS...", in L.R. Knudsen (ed.), Advances in Cryptology - EUROCRYPT 2002, LNCS Vol. 2332, Springer-Verlag 2002, pp. 534-545.
30. T. Yu, S. Hartman and K. Raeburn, "The perils of unauthenticated encryption: Kerberos version 4", in Proc. NDSS 2004, The Internet Society, 2004.