Encrypted Traffic and IPsec Challenges for Intrusion Detection System

  • Manish Kumar
  • M. Hanumanthappa
  • T. V. Suresh Kumar
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 174)


Now a day IPsec has now become a standard information security technology throughout the Network and Internet society. It provides confidentiality, authentication, integrity, secure key exchange and protection mechanism though encrypting a packet. The use of IPsec, which encrypts network traffic, renders network intrusion detection, virtually useless, unless traffic is decrypted at network layer. In this paper we are discussing that how a IPSec or other encryption techniques create challenges for Intrusion Detection System.


Intrusion Detection Intrusion Detection System Virtual Private Network Selective Encryption Explicit Congestion Notification 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    A DoS Attack Against the Integrity-Less ESP (IPSec):- A DoS Attack Against the Integrity-Less ESP (IPSec), Ventzislav Nikov Google Scholar
  2. 2.
    Studer, A., McLain, C., Lippmann, R.: Tuning Intrusion Detection to Work with a Two Encryption Key Version of IPsec. MIT Lincoln Laboratory, Carnegie Mellon University, Lexington, Pittsburgh, PAGoogle Scholar
  3. 3.
    Herzberg, A., Bar, H.S.: Stealth DoS Attacks on Secure Channels, Ilan University Department of Computer Science, Ramat Gan, 52900, IsraelGoogle Scholar
  4. 4.
    Kaufman, C., Perlman, R., Sommerfeld, B.: DoS protection for UDP-based protocols. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, p. 7. ACM (2003)Google Scholar
  5. 5.
    McCubbin, C., Selcuk, A., Sidhu, D.: Initialization vector attacks on the IPSec protocol suite. In: WETICE 2000, pp. 171–175. IEEE Computer Society (2000)Google Scholar
  6. 6.
    McLain, C., Studer, A., Lippmann, R.: Making Network Intrusion Detection Work with IPsec, March 9 (2007)Google Scholar
  7. 7.
    Paterson, K.G., Yau, A.K.L.: Cryptography in Theory and Practice: The Case of Encryption in IPsec. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 12–29. Springer, Heidelberg (2006)Google Scholar
  8. 8.
    Ramakrishnan, K., Floyd, S., Black, D.: The addition of explicit congestion notification (ECN) to IP (2001)Google Scholar
  9. 9.
    Roesch, M.: Snort: Lightweight intrusion detection for networks. In: Proceedings of the 13th Conference on Computer and Communication Security (LISA 1999), pp. 229–238 (November 1999)Google Scholar
  10. 10.
    Karir, M.: IPSEC and the internet. Master’s Dissertation, University of Maryland, Department of Electrical Engineering (1999)Google Scholar
  11. 11.
    Braden, R., Borman, D., Partridge, C.: Computing the Internet Checksum, RFC 1071 (September 1988)Google Scholar
  12. 12.
    Kent, S., Seo, K.: Security architecture for the Internet Protocol. Internet Engineering Task Force, RFC 4301 (December 2005), http://www.rfc-editor.org/rfc/rfc4301.txt
  13. 13.
    Kent, S., Seo, K.: Security Architecture for the Internet Protocol. RFC 4301 (Proposed Standard) (December 2005)Google Scholar
  14. 14.
    Kasera, S.K., Mizikovsky, S., Sundaram, G.S., Woo, T.Y.C.: On securely enabling intermediary-based services and performance enhancements for wireless mobile users. In: Workshop on Wireless Security, pp. 61–68 (2003)Google Scholar
  15. 15.
    Mallory, T., Kullberg, A.: Incremental Updating of the Internet Checksum, RFC 1141 (January 1990)Google Scholar
  16. 16.
    Nikov, V.: A DoS Attack Against the Integrity-Less ESP (IPSec). Philips TASS and AppTech, Leuven, BelgiumGoogle Scholar
  17. 17.
    Cheswick, W.R., Bellovin, S.M., Rubin, A.D.: Firewalls and Internet Security, 2nd edn. Repelling the Wily Hacker, pages 10,281. Addison-Wesley (2003)Google Scholar
  18. 18.
    Gilad, Y., Herzberg, A.: Lightweight Opportunistic Tunneling (LOT). In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 104–119. Springer, Heidelberg (2009)Google Scholar
  19. 19.
    Zhang, Y.: Multi-layer protection scheme for IPsec. IETF Internet Draft, IETF (1999), http://tools.ietf.org/html/draft-zhang-ipsec-mlipsec-00

Copyright information

© Springer India 2013

Authors and Affiliations

  • Manish Kumar
    • 1
  • M. Hanumanthappa
    • 2
  • T. V. Suresh Kumar
    • 1
  1. 1.Dept. of MCAM S Ramaiah Institute of TechnologyBangaloreIndia
  2. 2.Dept. of Computer Science and ApplicationsBangalore UniversityBangaloreIndia

Personalised recommendations