Analysis and Verification of IPSec VPN Security Vulnerability

• Published in: Jisuanji gongcheng
• Main Author: ZHOU Yimin, LIU Fangzheng, DU Zhenyu, ZHANG Kai
• Format: Article
• Language: English
• Published: Editorial Office of Computer Engineering 2021-06-01
• Subjects: ipsec vpn technology|ike protocol|man-in-the-middle attack|ospf protocol|routing spoofing attack
• Online Access: https://www.ecice06.com/fileup/1000-3428/PDF/20210618.pdf

Network boundary is the necessary channel for providing access services. As a key technique widely used in network boundary protection, IPSec VPN has a significant influence on the overall security of network. This paper analyzes the security vulnerabilities of the radical mode of the IKE protocol and the OSPF routing protocol in IPSec VPN. Then three commonly used OSPF routing deception methods are studied for their performance in the man-in-the-middle attacks on IPSec VPN. On this basis, the traffic hijacking model for IPSec VPN and the attack data packet are constructed. The traffic hijacking algorithm for IPSec VPN and KEYMAT key acquisition algorithm are also designed. Finally, a simulation environment is built to verify the security vulnerabilities of IPSec VPN. By employing the dual LSA injection route spoofing attack method, the experiment realizes the cross-network-segment man-in-the-middle attacks on IPSec VPN. The result of the study is of great importance to the protection of network boundary devices and backbone network traffic.