I am trying to solve the question whether "IPsec is IND-CCA secure provided the used block cipher is a pseudorandom function" (with IPsec using a variant of Encrypt-then-MAC)
As a resource I am given the paper Mihir Bellare & Chanathip Namprempre (2000). Authenticate andd Encryption: Relations among notions and analysis of the generic composition paradigm
where I should focus on Theorem 3.2, which is the following implication:
INT-CTXT $\wedge$ IND-CPA $\rightarrow$ IND-CCA
Accordingly, I am trying to verify that the antecedent of the implication holds when using a pseudorandom function as a block cipher. I am currently stuck with the part whether the property of IND-CPA security holds. If I understood it correctly, the IND-CPA security depends on the mode of operation in which the pseudorandom function is used. In our lecture it was mentioned that an encryption scheme using a pseudorandom function as block cipher is indeed CPA-secure if the CTR mode (with a randomly chosen initial ctr) or the CBC mode is used. However, as far as I know it does not hold for other modes.
Therefore, I would like to know which mode of operation is used by IPsec and whether my approach makes sense.
