Internet Protocol Security (IPsec)¶
IPsec secures IP communications through authentication and encryption at the network layer, widely deployed in VPNs and site-to-site tunnels. The surface it presents to an adversary is proportional to its complexity: key negotiation steps, cryptographic mode selection, identity verification, and implementation variation all create points where the security model can be degraded, abused, or circumvented rather than broken outright.
Compromising IPsec's cryptographic foundations to breach VPNs and network-layer security:
- Internet Protocol Security (IPsec) protocol notes
- Attack tree (IPsec)
- Cryptographic attacks
- Key management attacks
- IPsec implementation flaw attacks
- Protocol downgrade attacks
- Security Association manipulation attacks
- Identity spoofing attacks
- Memory corruption attacks
- Resource exhaustion attacks
- Configuration bypass attacks