Re: Possibility of replay attacks in manually keyed IPsec?

["Stefan Norberg" <stnor () sweden hp com>]

Mikael,
IPSec does NOT use fixed encryption keys. IKE's purpose is "to negotiate,
and provide authenticated keying material for, security associations in a
protected manner." The shared secret is not to be confused with the
symmetric session encryption key. The shared secret is ONLY used for
authentication.

RFC2401 provides an excellent overview of the IPSec protocols.

Rgs,

Stefan Norberg
Hewlett-Packard Sweden

----- Original Message -----
From: "Mikael Olsson" <mikael.olsson () enternet se>
To: <firewall-wizards () nfr net>
Sent: Friday, December 03, 1999 8:53 AM
Subject: Possibility of replay attacks in manually keyed IPsec?


> Hello,
>
> Quick question. I'm getting conflicting answers from different
> people, so I decided I'd hand it over to you guys:
>
> Is IPsec vulnerable to replay attacks when IKE is configured
> to use pre-shared keys, rather than basing the SA negotiation
> on certificates?
>
> I'd imagine that if IPsec itself uses fixed encryption keys,
> it would be vulnerable to replay attacks, but this is not
> the case. Here, we only handle fixed keys to IKE, so the
> fixed keys only get used in the SA negotiation.
>
> (If there is a vulnerability, is this a flaw in the algorithm,
> or just in someone's imlementation of it?)
>
> Thanks in advance,
> /Mike
>
> --
> Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
> Phone: +46 (0)660 105 50           Fax: +46 (0)660 122 50
> Mobile: +46 (0)70 248 00 33
> WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se