ISSN 
Analysis to Man-in-the-Middle Attack for IKEv1 on the Aggressive Mode
-
摘要: 分析了对IKEv1的一种中间人攻击方法,该方法基于IKEv1密钥交换在预共享密钥认证机制下的激进模式。实施中间人攻击的步骤是首先利用IKEv1的离线口令穷举获取预共享密钥,获得预共享密钥后,把Diffie-Hellman (DH)中间人攻击原理应用于IKEv1的激进模式,实现对IKEv1的中间人攻击。通过分析该模式的中间人攻击原理,得出了对IKEv1的激进模式进行中间人攻击的条件、实施方法并评估了其对IPsec的危害性。由于该模式存在用户名枚举漏洞,攻击者可以离线穷尽预共享密钥,在现实中IKE中间人攻击的威胁是存在的,建议在使用IPsec VPN时不使用激进模式的密钥协商,并加强中间路由器的安全防护。Abstract: In the paper a method of man-in-the middle attack to IKEv1 is discussed and analyzed is based on the aggressive mode of IKEv1 key exchange with pre-share-key authentication.The conditions and implementing methods of the attack are obtained by analyzing the principle of the attack to IKEv1 on the mode.For implementing man-in-the middle attack,the pre-share-key is first achieved by exhaustion method with offline password of IKEv1. The theory of Diffie-Hellman (DH) man-in-the middle attack to applied to the aggressive mode of IKEv1.Because there are some offline password leaks in the mode for obtaining pre-share-key,the conclusion is that the attack would jeopardize IPsec VPN in practice.
-
Keywords:
- cryptography /
- IKEv1 protocol /
- man-in-the-middle attack /
- security of data
-
计量
- 文章访问数: 4781
- HTML全文浏览量: 200
- PDF下载量: 81
下载: