Why Encryption without Authentication is Not Secure

Organizations are increasingly encrypting network traffic to protect sensitive information. Encryption provides confidentiality for each message as it traverses the network. Authentication allows the receiver to verify that a message was sent by a known source, and that the message was not modified in transit. Intuition would suggest that we can choose encryption without authentication while still providing confidentiality, but this is not the case. Over the last fifteen years, a number of independent security researchers have evaluated solutions that use encryption without authentication. Because IPsec originally offered encryption without authentication as a recommended and supported option, security researchers have studied this configuration extensively, and they have found it to be insecure. Encryption-only solutions allow an attacker to cut and paste parts of different encrypted packets together, to forge encrypted messages, and to even mount attacks that allow the attacker to decrypt and encrypt messages.

Encryption is an essential component of network security, but information privacy is not possible without authentication. Even today some network encryption solutions provide only encryption without the ability to authenticate traffic. After fifteen years of security research it is clear that this is simply not secure.

In this paper we explain authentication and why secure data communications solutions require both encryption and authentication to be used jointly. We summarize the security research that describes the attack vectors against encryption-only solutions. Finally we provide some key questions to ask your network encryption vendor to ensure that your network is secure and your security objectives are met.

Download this executive summary

Download the entire whitepaper