7

I've set up an IKEv2 VPN connection as an alternative to an HTTP proxy (since HTTP proxies' credentials fly in plaintext and iOS still can't correctly remember proxy credentials) and I'd like to know how hard it would be to capture the PSK for an MITM.

The person using the client device isn't much tech-savvy and I'd rather not give them extra headaches by requiring certificates for this particular connection (security is taken care of by HTTPS anyway, I'm only worried about some idiot cracking the PSK and them committing illegal activities through the VPN).

Here are the relevant parts of my Strongswan configuration :

connections {
 phone {
  version = 2
  local {
   auth = psk
   id = server
  }
  remote {
   auth = psk
   id = client
  }
  children {
   child {
    # is there a better option ?
    esp_proposals = aes256-sha256-modp4096
   }
  }
 }
}

secrets {
 ike {
  id = server
  id = client
  # the real PSK would have a similar length
  psk = c687a6b44304942b5a19257e50da5b45941f3756
 }
}
André Borie
  • 12,706
  • 3
  • 39
  • 76

1 Answers1

5

With the hypothesis there is already a MITM attack installed between your iPhone and your Linux VPN server, this attack won't be able to get your PSK, because this one is not exchanged during the encryption tunnel building and during its use. Your IPsec tunnel will use your PSK from the beginning with the encryption schemes you configured (aes256).

This is the uniq advantage to use a PSK.

To settle in place a MITM attack once your tunnel is built, an attackant would need this PSK and to configure a fake VPN server configured with your PSK and located on the Internet route used.

The PSK biggest weaknesses are on the 2 ends of the crypted tunnel, and next on the channel through which you exchange this PSK to configure it on the 2 ends of your crypted tunnel (here an iPhone and your Linux VPN server).

These are not at all light risks since most of the real attacks against crypted tunnels are conducted by entering at one or the other end of the tunnel at the OSes or application levels. Most of common OSes (I mean on the mass consummer market) are running infected and compromised. My personnal estimate is that the see level of corrupted OSes is actually pretty high, above 90%.

dan
  • 3,033
  • 14
  • 34
  • Upvoted, but indeed this isn't the answer I'm looking for as I assume both the server and the iPhone are trusted and proper precautions are taken when transporting the PSK (copy/pasted from an SSH client running on the phone itself, and SSH is itself secured by keys). – André Borie Jan 10 '16 at 11:14
  • Then, please clarify what is your question, because in the given context risk of a mediator attack is pretty near 0. To be more honnest, I don't see any way to install any mediator attack :) through a rogue AP, through a rogue router, throuth a DNS attcck, through an attack on a provider or Internet router. – dan Jan 10 '16 at 11:39
  • I'm asking whether an MITM who can intercept and modify the network traffic during the connection has any chance of capturing/cracking the PSK so he can then impersonate either the server or the client. – André Borie Jan 10 '16 at 12:16
  • I think I understood the OQ. Please improve your question, because multiple risks are involved here. Some of them I didn't talk of yet. – dan Jan 10 '16 at 16:39