Flawed cryptography is leaving people using IPsec security protocols vulnerable to hacking, according to the UK's National Infrastructure Security Coordination Centre (NISCC).The organisation has released an advisory about the discovery of three key flaws in the Encapsulating Security Payload (ESP) that provides base-level encryption of data, typically travelling though virtual private networks.
"An attacker could modify sections of the IPsec packet, causing either the cleartext inner packet to be redirected or a network host to generate an error message," warned NISCC.
"In the latter case, these errors are relayed via the Internet Control Message Protocol. Because of the Protocol's design, these messages directly reveal segments of the header and payload of the inner datagram in cleartext.
"The attacks have been implemented and demonstrated to work under realistic conditions."
The organisation rates the flaws as 'highly critical' and added that the Authentication Header protocols that guarantee the authenticity of data packets are also vulnerable.The advisory provides three ways to work around the problem, including reconfiguring the ESP system and using Authentication Header and ESP simultaneously to defeat eavesdroppers.
IP Security (IPsec) is a set of protocols developed by the Internet Engineering Task Force (IETF) to support secure exchange of packets at the IP layer; IPsec has been deployed widely to implement Virtual Private Networks (VPNs).
Three attacks that apply to certain configurations of IPsec have been identified. These configurations use Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, or with integrity protection being provided by a higher layer protocol. Some configurations using AH to provide integrity protection are also vulnerable. In these configurations, an attacker can modify sections of the IPsec packet, causing either the cleartext inner packet to be redirected or a network host to generate an error message. In the latter case, these errors are relayed via the Internet Control Message Protocol (ICMP); because of the design of ICMP, these messages directly reveal segments of the header and payload of the inner datagram in cleartext. An attacker who can intercept the ICMP messages can then retrieve plaintext data. The attacks have been implemented and demonstrated to work under realistic conditions. http://www.vnunet.com/news/1163022
No comments:
Post a Comment