2

I use a PSK to connect to an IPsec VPN.

Let's say an attacker can gain access to my PSK.

He can then impersonate me, that much is clear.

But would she also be able to decrypt intercepted traffic? Or at least have an advantage compared to an attacker that does not know the PSK? I have a hard time understanding the standard.

manduca
  • 1,111
  • 7
  • 10
  • The RFC you linked is an extension for TLS, that has nothing to do with IKE/IPsec. You should refer to [RFC 7296](https://tools.ietf.org/html/rfc7296) for IKEv2. And are you only concerned with passive attackers? Or also active ones? – ecdsa Dec 07 '18 at 13:55
  • Sorry, yes, you are right, I removed the link. Right now I just want to understand if knowing the PSK would allow passive eavesdropping. – manduca Dec 07 '18 at 16:56

1 Answers1

3

In my understanding PSK is only used for authentication in IPSec. The key exchange itself is done with Diffie-Hellman and the PSK is not used as part of the key exchange.

An active attacker could impersonate the expected peer due to knowledge of the PSK. This way he could be part of the key exchange and thus have access to the key needed to decrypt the traffic.

But with purely passive sniffing the attacker is not involved in the key exchange. Since the exchanged key is independent of the PSK the passive attacker cannot determine the key and thus not decrypt the traffic.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424