Security Gaps Found in IPsecby@KaylaEMatthews
5,493 reads
5,493 reads

Security Gaps Found in IPsec

by Kayla MatthewsAugust 17th, 2018
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

You’ve probably heard of <a href="" target="_blank">Internet</a> Protocol <a href="" target="_blank">Security</a> (IPsec) referred to by many as one of the most secure data encryption methods.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Security Gaps Found in IPsec
Kayla Matthews HackerNoon profile picture

You’ve probably heard of Internet Protocol Security (IPsec) referred to by many as one of the most secure data encryption methods.

It’s comprised of several security protocols that send data packets over IP networks in ways that make them hidden and inaccessible to third parties.

But recent research warns even IPsec has its flaws.

Hackers Could Decrypt IPsec Information

Ordinarily, IPsec ensures cryptographically secured communications when people use insecure and publicly accessible portals, such as when browsing the internet.

However, a team of researchers discovered numerous security vulnerabilities related to an internet key exchange protocol called “IKEv1.” IPsec maintains encrypted connections between two parties when both of them define and exchange shared keys during communications.

While investigating the matter, the team successfully orchestrated something called a “Bleichenbacher’s Attack.” It was invented in 2008 and involves purposefully filling an encoded message with errors and then repeatedly sending that content to a server.

A hacker can then study the server’s replies and gain increasingly accurate intelligence about the contents of encrypted information. Eventually, the infiltrator gets enough information to falsely assume the identity of one of the communicating parties and steal data.

The researchers realized this issue affected hardware manufactured by Clavister, Zyxel, Cisco, and Huawei, and promptly contacted the four companies. All have since fixed the issue, and Zyxel posted content about the problem in the support section of their website and encouraged customers to update their firmware.

To clarify, this vulnerability is not a bug, but it relates to how manufacturers implement the IPsec protocol in their devices.

As such, it’s an implementation error that could be avoided. It’s also notable that infiltrators have to enter the network before successfully taking advantage of the now-repaired vulnerability.

Further research performed by the scientists indicate there are also security flaws with another internet key exchange protocol called “IKEv2.” Numerous differences exist between IKEv1 and IKEv2. The latter is the more recent of the two. Despite IKEv1 being considered obsolete, it’s still popular and even used on newer devices.

The first phase of the cybersecurity experts’ research involved using IPsec’s logon-based encryption mode.

However, they decided to also check for vulnerabilities associated with password-based logins for both the IKEv1 and IKEv2 protocols. Password authentication requires hash values, which are similar to fingerprints.

When a user enters a password, it is hashed and compared with stored hash values. If they match, the person gets access. However, research carried out not long ago by the same team that uncovered the first vulnerability found the IKEv1 and IKEv2 protocols are easy to hack, primarily when people use weak passwords.

The findings of their research compelled researchers to suggest that when people use IPsec through password-based logins, they should only choose extremely complex passwords.

Making Your Password Stronger

If you need help with creating better passwords, use a combination of upper and lowercase letters, plus numbers and special characters. Also, avoid using words found in the dictionary, pets’ names, or numbers that make up your birthdate, anniversary, or other information easily found through social media or other means.

For further details on the password vulnerability, consider reading a detailed post about it on the researchers’ blog.

After getting knowledge of the issue, the group reached out to the Computer Emergency Response Team (CERT). That organization coordinated responses and assisted with contacting more than 250 parties once the researchers made their findings available to the tech industry at large.

Why Are These Revelations So Important?

IPsec is commonly depended on while building virtual private networks (VPNs). Many people use those to consume content that’s not available in their geographic regions.

But, more importantly, users frequently employ VPN tools or other resources that allow offsite access while working remotely or traveling for business purposes.

By viewing work-related content through VPNs while accessing public internet portals, they can theoretically keep sensitive data secure. The problems found by the researchers could make data unsecured in some instances, though.

Even Long-Standing Protocols Aren’t Perfect

This team of cybersecurity specialists proved that although IPsec is a long-standing way to secure internet-based communications via cryptography, it’s not without possible failures.

As such, the ongoing research of proactive and inquisitive internet security experts will continue to have value, since new knowledge highlights previously unknown weaknesses.

Image by Negative Space