Lost in translation: Theory and practice in cryptography

Serious security flaws were detected in an IPsec suite of protocols due to the use of Encapsulating Security Payload (ESP) protocol, which provides mandatory support for unauthenticated encryption in the protocols. Attacks on the ESP protocol in tunnel mode with CBC-mode encryption without any authentication being provided by ESP itself or Authentication Header (AH) protocol, revealed that ESP was unable to provide confidentiality protection to individual packets. All these attacks were highly efficient and independent of encryption key length. Most attack variants could potentially perform near-real-time cryptoanalysis after a short period of initial guesses. These attacks show that developers of security standards should take more responsibility in ensuring that their standards are secure on paper by eliminating any potentially dangerous choices down the line. Unnecessary complexity should be avoided to help translate standards into a secure implementation.