<div dir="ltr">
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space" style="">Hello Andreas,</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"><br></span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space">Thanks for confirming that strongSwan isn't vulnerable to the mentioned attack.</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"><br></span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space">However the report claims to have exploits for PSK and RSA signature based authentication also... Quoting from the report abstract: </span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> "</span>We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA</p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica">encrypted nonces are used for authentication. Using this</p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica">exploit, we break these RSA encryption<span class="gmail-Apple-converted-space"> </span>based modes,</p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica">and in addition break RSA signature<span class="gmail-Apple-converted-space"> </span>based authentication</p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica">in both IKEv1 and IKEv2. Additionally, we describe</p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica">an offline dictionary attack against the PSK (Pre-Shared</p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica">Key) based IKE modes, thus covering all available authentication</p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica">mechanisms of IKE."</p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica"><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica">Can you please confirm that strongSwan isn't vulnerable to the Bleichenbacher attack against IKEv2 signature based auth and offline dictionary attack mentioned for PSK based auth (irrespective of the PSK chosen by the user)?</p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica"><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica">Thanks,</p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Helvetica">Sandesh</p><br><div class="gmail_quote"><div dir="ltr">On Fri, Aug 31, 2018 at 3:50 PM Andreas Steffen <<a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Sandesh,<br>
<br>
strongSwan is not vulnerable to the Bleichenbacher oracle attack<br>
since we did not implement the RSA encryption authentication variant<br>
for IKEv1.<br>
<br>
Best regards<br>
<br>
Andreas<br>
<br>
On 31.08.2018 10:53, Sandesh Sawant wrote:<br>
> Hi all,<br>
> <br>
> I came across below news about a paper enlisting attacks pertaining to<br>
> IKE protocol, and want to know whether the latest version of trongSwan<br>
> stack is vulnerable to the attacks mentioned in this<br>
> paper: <a href="https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf" rel="noreferrer" target="_blank">https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf</a><br>
> References:<br>
> <a href="https://latesthackingnews.com/2018/08/20/ipsec-vpn-connections-broken-using-20-year-old-flaw/" rel="noreferrer" target="_blank">https://latesthackingnews.com/2018/08/20/ipsec-vpn-connections-broken-using-20-year-old-flaw/</a><br>
> <a href="https://securityaffairs.co/wordpress/75352/hacking/key-reuse-ipsec-attack.html" rel="noreferrer" target="_blank">https://securityaffairs.co/wordpress/75352/hacking/key-reuse-ipsec-attack.html</a><br>
> <br>
> Thanks,<br>
> Sandesh<br>
<br>
======================================================================<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
strongSwan - the Open Source VPN Solution! <a href="http://www.strongswan.org" rel="noreferrer" target="_blank">www.strongswan.org</a><br>
Institute for Networked Solutions<br>
HSR University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[INS-HSR]==<br>
</blockquote></div></div>