The Subtle Art of Chaining Headers - IKEv2 Attack Surface Case Study

Conference:  BlackHat EU 2020



Internet Key Exchange (IKE) is a significant component of IP Security (IPsec), a suite of protocols used extensively for creating Virtual Private Networks. IKE is used for performing mutual authentication, establishing and maintaining the required Security Associations. IKE is of a particular interest in the context of IPSec since a part of it is neither encrypted, nor authenticated and hence, it constitutes the only attack surface for unauthenticated attackers. This paper provides a network protocol analysis of the attack surface of the latest version of the protocol, IKE version 2 (IKEv2). By diving into the corresponding specifications, the main points of interest are identified and attacking opportunities are discussed. As it will be shown, despite IKEv2 has considerably been simplified in comparison with IKEv1, the format of its messages can vary multifariously, mainly due to the different types and number of payloads that can be incorporated. This complexity has already resulted in several known vulnerabilities. An open-source tool, authored especially for implementing the identified attack opportunities, is used to describe and test the described scenarios. By using this tool in combination with the described attack scenarios, potential flaws on IKEv2 implementations can be identified and hence, have them fixed before they are exploited in the wild.