Internet IPsec is Vulnerable against Attacks
Bleichenbacher’s attack broke through the defenses of the IKEv1 which makes IPsec vulnerable to security attacks.
The Internet has attained the status of a key necessity without which we cannot even imagine a day of our lives in today’s digital world. It has become a part and parcel of our daily routine which helps us without discriminating on the basis of our age, gender, and profession. Technological advancement has played a massive role in its expansion. The impact of this revolutionary technology can simply be judged by the fact that we can access the web from any part of the world these days. As a result, all the issues related to physical distances have faded away because we can send information across thousands of miles within a couple of clicks. Although all of us use the internet regularly, we hardly care about the mechanisms that ensure continuous and efficient service.
Humanity has seen a variety of internet protocols including TCP, IPv4, and IPv6. Similarly, scientists came up with an internet protocol called ‘IPsec’. However, a recent research showed that it is quite vulnerable to attacks and needs immediate upgrading in order to ensure secure transmission of data. The researchers from the Horst Görtz Institute for IT Security (HGI) at the Ruhr-Universität Bochum (RUB) collaborated with the scientists of the Opole University to achieve these findings. Marcin Szymanek and Adam Czubak represented Opole University while the participants from RUB included Martin Grothe, Prof. Dr. Jörg Schwenk, and Dennis Felsch. They detected that ‘IKEv1’, the Internet Key Exchange Protocol in IPsec, allows the attackers to intercept confidential information which can lead to some disastrous results.
IPsec was originally developed to assist the internet protocol during cryptographically secure communication via publicly accessible insecure networks. Common examples of such connections include authentication mechanisms and encryption. This tool is used largely by those companies which allow their employees to operate and use company resources from decentralized places. In addition to that, IPsec can be used to create virtual private networks (VPNs). Having said that, the definition and authentication of shared keys, by both parties, is necessary for establishing and communicating over such connections. For this purpose, Automated Key Management and Authentication is needed which uses digital signatures or passwords. They can be generated through IKEv1, which seems to have a lot of gaps for the attackers to exploit. Dennis Felsch described that by saying,
“Even though the protocol is considered obsolete and a newer version, namely IKEv2, has been long available in the market, we see in real-life applications that it is still being implemented in operating systems and still enjoys great popularity, even on newer devices.”
The researchers used Bleichenbacher’s attack to break through the encryption-based login mode of IPsec in their experiment and found that it offers significant assistance to the attacker. The working principle of this attack is that errors are deliberately incorporated into an encoded message, which is sent repeatedly to a server. The responses of the server to these corrupted messages allow the attacker to decrypt the hidden contents over time. Martin Grothe mentioned that in the following words:
“Thus, the attacker approaches the target step by step until he reaches his goal. It is like a tunnel with two ends. It’s enough if one of the two parties is vulnerable. Eventually, the vulnerability permits the attacker to interfere with the communication process, to assume the identity of one of the communication partners, and to actively commit data theft.”
The researchers found that the Bleichenbacher’s attack is successful against the hardware of Cisco, Zyxel, Huawei, and Clavister. All these providers of network equipment have been notified about these loopholes and according to the reports, they have eliminated the security gaps. Likewise, the researchers also tried to scrutinize password-based login systems and found the deficiencies there as well. Grothe talked about that and said,
“Authentication via passwords is carried out with hash values, which are similar to a fingerprint. During our attack, we demonstrated that both IKEv1 and the current IKEv2 present vulnerabilities and may be easily attacked — especially if the password is weak. Accordingly, a highly complex password provides the best protection if IPsec is deployed in this mode.”
According to the researchers, this vulnerability to the Bleichenbacher’s attack is not a standard bug and can be avoided through implementation. It all comes down to the ways adopted by the manufacturer to integrate the protocol in his devices. Having said that, IPsec is still vulnerable to attacks and the researching team has also informed the Computer Emergency Response Team (CERT) about their findings.