International audienceThis work introduces the "Packet Too Big"-"Packet Too Small" ICMP based attack against IPsec gateways. We explain how an attacker having eavesdropping and packet injection capabilities, from the insecure network where he only sees encrypted packets, can force a gateway to reduce the Path MTU of an IPsec tunnel to the minimum, which triggers severe issues for the hosts behind this gateway: depending on the Path MTU discovery algorithm in use, the attack either creates a Denial of Service or major performance penalties. This attack highlights two fundamental problems that we discuss, along with potential counter-measures to mitigate the attack while keeping ICMP benefits
Abstract In this paper, we report a subtle yet serious side channel vulnerability (CVE-2016-5696) i...
In past two decades, Internet has developed rapidly and has integrated in many aspects of human life...
The Internet Engineering Task Force (IETF) is in the process of adopting standards for IP-layer encr...
Work in Progress document of the IPSECME (IP Security Maintenance and Extensions) of the IETF (Inter...
In this work we show that the Internet Control Message Protocol (ICMP) can be used as an attack vect...
International audienceThis work analyzes the impacts of the ”Packet Too Big”- ”Packet Too Small” (PT...
In this thesis, we explore the design of a high-bandwidth IPsec gateway to secure communications bet...
Dans cette thèse nous abordons le problème de la conception de passerelle IPsec très haut débit pour...
This work is funded by the European Union’s Horizon 2020 research and innovation programme under gra...
Path MTU Discovery (PMTUD) allows to optimize the performance in the Internet by identifying the max...
The rapid increase in network bandwidth from mega bits per second to giga bits per second and potent...
Stateful network protocols, such as the Transmission Control Protocol (TCP), play a significant role...
International audienceMultipath communications at the Internet scale have been a myth for a long tim...
This paper studies the gaps that exist between cryptography as studied in theory, as defined in stan...
An "optimistic" acknowledgment (OptAck) is an acknowledgment sent by a misbehaving client for a dat...
Abstract In this paper, we report a subtle yet serious side channel vulnerability (CVE-2016-5696) i...
In past two decades, Internet has developed rapidly and has integrated in many aspects of human life...
The Internet Engineering Task Force (IETF) is in the process of adopting standards for IP-layer encr...
Work in Progress document of the IPSECME (IP Security Maintenance and Extensions) of the IETF (Inter...
In this work we show that the Internet Control Message Protocol (ICMP) can be used as an attack vect...
International audienceThis work analyzes the impacts of the ”Packet Too Big”- ”Packet Too Small” (PT...
In this thesis, we explore the design of a high-bandwidth IPsec gateway to secure communications bet...
Dans cette thèse nous abordons le problème de la conception de passerelle IPsec très haut débit pour...
This work is funded by the European Union’s Horizon 2020 research and innovation programme under gra...
Path MTU Discovery (PMTUD) allows to optimize the performance in the Internet by identifying the max...
The rapid increase in network bandwidth from mega bits per second to giga bits per second and potent...
Stateful network protocols, such as the Transmission Control Protocol (TCP), play a significant role...
International audienceMultipath communications at the Internet scale have been a myth for a long tim...
This paper studies the gaps that exist between cryptography as studied in theory, as defined in stan...
An "optimistic" acknowledgment (OptAck) is an acknowledgment sent by a misbehaving client for a dat...
Abstract In this paper, we report a subtle yet serious side channel vulnerability (CVE-2016-5696) i...
In past two decades, Internet has developed rapidly and has integrated in many aspects of human life...
The Internet Engineering Task Force (IETF) is in the process of adopting standards for IP-layer encr...