I am currently trying to understand the IKEv2 protocol which is used for IPsec and am wondering why/how the authentication process works.
From my understanding, in the prior IKE_SA_INIT exchange, the Initiator and Responder agree on a crypto suite, send each other their DH values and a nonce.
The following IKE_AUTH exchange is supposed to verify the peers identity to each other. The protocol derived a lot of keys from the shared secret SKEYSEED that got calculated using the DH values and nonces.
In the IKE_AUTH exchange a one of the keypairs is used to basically just sign a block of data - a copy of the prior IKE_SA_INIT exchange, the peer's nonce and prf(SK, ID).
What I don't understand is the fact that since the DH values and nonces are sent unauthenticated and unencrypted in the IKE_SA_INIT exchange, couldn't an attacker just spoof the identity of the opposing communication partner and perform a MitM attack?
At what point in the protocol would such a MitM attack, that e.g. replaces the DH values, be recognized by the other side?
Thank you very much in advance!
Aucun commentaire:
Enregistrer un commentaire