The Dangers of Key Reuse: Practical Attacks on IPsec IKE

Authors: 

Dennis Felsch, Martin Grothe, and Jörg Schwenk, Ruhr-University Bochum; Adam Czubak and Marcin Szymanek, University of Opole

Abstract: 

IPsec enables cryptographic protection of IP packets. It is commonly used to build VPNs (Virtual Private Networks). For key establishment, the IKE (Internet Key Exchange) protocol is used. IKE exists in two versions, each with different modes, different phases, several authentication methods, and configuration options.

In this paper, we show that reusing a key pair across different versions and modes of IKE can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers. We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA encrypted nonces are used for authentication. Using this exploit, we break these RSA encryption based modes, and in addition break RSA signature based authentication in both IKEv1 and IKEv2. Additionally, we describe an offline dictionary attack against the PSK (Pre-Shared Key) based IKE modes, thus covering all available authentication mechanisms of IKE.

We found Bleichenbacher oracles in the IKEv1 implementations of Cisco (CVE-2018-0131), Huawei (CVE-2017-17305), Clavister (CVE-2018-8753), and ZyXEL (CVE-2018-9129). All vendors published fixes or removed the particular authentication method from their devices’ firmwares in response to our reports.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {217585,
author = {Dennis Felsch and Martin Grothe and J{\"o}rg Schwenk and Adam Czubak and Marcin Szymanek},
title = {The Dangers of Key Reuse: Practical Attacks on {IPsec} {IKE}},
booktitle = {27th USENIX Security Symposium (USENIX Security 18)},
year = {2018},
isbn = {978-1-939133-04-5},
address = {Baltimore, MD},
pages = {567--583},
url = {https://www.usenix.org/conference/usenixsecurity18/presentation/felsch},
publisher = {USENIX Association},
month = aug
}

Presentation Video 

Presentation Audio