1 / 6

IKE

IKE. The Internet Key Exchange. Artur Hecker, ENST Paris Paris, 01/16/2002. IKE: description. Protocol for obtaining authenticated keying material for security associations (SAs). Definition for the ISAKMP framework Is conform to all ISAKMP definitions, such as: Payload formats Timeouts

betty
Download Presentation

IKE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IKE The Internet Key Exchange Artur Hecker, ENST ParisParis, 01/16/2002

  2. IKE: description Protocol for obtaining authenticated keying material for security associations (SAs). • Definition for the ISAKMP framework • Is conform to all ISAKMP definitions, such as: • Payload formats • Timeouts • Message Encodings • Retransmits • Uses parts of Oakley and SKEME protocols

  3. IKE: phases and modes Phase 1 Main Mode establishes an authenticated secure channel – ISAKMP SA Aggressive Mode New Group Mode Phase 2 Quick Mode negotiates SAs of used services and their parameters Informational Mode

  4. IKE: Phase 1 Negotiated attributes: • Encryption algorithm • Hash algorithm • Authentication method • Information about a DH group Defined attributes: • HMAC version of the negotiated hash algorithm as pseudo-random function

  5. IKE: Phase 1 Requirements Attribute MUST-values to be supported [SHOULD]: • DES in CBC mode [, 3DES] with weak and semi-weak key check • MD5 and SHA [, Tiger] • Authentication via pre-shared keys [, Digital signatures standard, RSA signatures, RSA auth.] • MODP over group N° one [and group N° two]

  6. IKE: Phase 2 Main mode: identity protect exchange • Policy negotiation (2) • DH public values and ancillary date exchange (2) • Authentication of the exchanged DH values (2) Aggressive Mode: aggressive exchange • Policy negotiation, DH public values and ancillary data exchange, authentication of responder included in the 2nd message (2) • Authentication of initiator (1)

More Related