internet key exchange protocol
DESCRIPTION
The Internet Key Exchange (IKE) protocol, described in RFC 2409, is a key management protocol standard which is used in conjunction with the IPsec standard. IPsec can be configured without IKE, but IKE enhances IPsec by providing additional features, flexibility, and ease of configuration for the IPsec standard.TRANSCRIPT
INTERNET KEY
EXCHANGE PROTOCOL
PRESENTED BYPRATEEK SINGH BAPNA
Described in RFC 2409 Used for Key Management in IPSec Networks Allows automatic negotiation and creation of
IPSec SAs between IPSec Peers
Internet Key Exchange (IKE)
IKE is a hybrid protocol based on: ISAKMP (RFC 2408), the protocol for
negotiated establishment of security associations
Oakley (RFC 2412), the key agreement/exchange protocol
SKEME, another key exchange protocol
IKE History
Expands as Internet Security Association and Key Management Protocol
Establishes a secure management session between IPSec peers
Negotiates SAs between IPSec peers
ISAKMP
Defines the mechanisms for key exchange over the IKE session
Determines AH/ESP keying material for each IPSec SA automatically
By default, it uses an authenticated Diffie-Hellman Algorithm for key exchange
Oakley Protocol
Algorithm for secure key exchange over unsecured channels
Based on the difficulty of finding discreet algorithms
Used to establish a shared secret between parties (usually the secret keys for symmetric encryption or HMACs)
Diffie-Hellman Algorithm
The parties agree on two non-secret numbers, g (generator), and p (modulus), where g is small and p is very large
Each party generates a random secret X Based on g, p, and X, each party generates a
public value Y= mod p
Peers then exchange public values
Diffie-Hellman Algorithm (Contd.)
Diffie-Hellman in Action
APrivate Value, XPublic Value, Y
Private Value, XPublic Value, YB = mod p
= mod p𝒀 𝑨
𝒀 𝑩
𝒀 𝑩=𝒀 𝑨=𝒈𝑿 (𝑩)𝑿 (𝑨)𝒎𝒐𝒅𝒑
(Shared Secret)
IPSec needs SAs to protect traffic If no SAs are in place, IPSec will ask IKE to
provide IPSec SAs IKE opens a management session with
relevant peer, and negotiates all SAs and keying material for IPSec
IPSec protects traffic
IPSec and IKE Relationship
IPSec and IKE Relationship (Contd.)
A’s Laptop B’s Laptop
IPSecA IPSec
B
IKEA
IKEBIKE Session
1. Outbound packet from A to B, no SA
2. A’s IKE begins negotiations with B’s3. Negotiations complete, A and B now have complete SAs in place
4. Packet is sent from A to B protected by IPSec SA
An IKE session runs over UDP (source and destination port 500)
IKE session establishment results in the creation of IKE SAs
IKE then establishes all requested IPSec SAs on demand
IKE Protocol
IKE sessions are protected by cryptographic algorithms/protocols
The peers need to agree on a bundle of algorithms and protocols, known as IKE protection suites, to protect the IKE session
Protection suites can be Encryption Algorithm, Hashing MAC Algorithm, Peer Authentication Procedure, DH group for Initial Key Exchange, SA Lifetime
IKE Session Protocol
IKE has 2 phases:• IKE Phase 1oUses main or aggressive mode exchangeoNegotiates IKE SA
• IKE Phase 2oUses quick mode exchangeoNegotiates IPSec SAs
IKE Phases and Modes
Authentication Method• Pre-shared key• Digital signatures (DSS or RSA)• Public key encryption (RSA or El-Gamal)
Group Description (pre-defined) Group Type (negotiated)• MODP (modular exponentiation group)• ECP (elliptic curve group over GF[P])• EC2N (elliptic curve group over GF[])
Phase 1 Attributes
Group Description (for PFS) Encryption Algorithm (if any)• Key Length• Key Rounds
Group Description (for PFS) Life duration (seconds and/or kilobytes) Encapsulation mode (transport or tunnel)
Phase 2 Attributes
Expensive 1st phase creates main SA Cheaper 2nd phase allows to create multiple
child SA (based on main SA) between same hosts
Why Two-Phase Design?
To establish the IKE SA, peers have to authenticate each other (two way)
3 defined mechanisms:• Pre-shared keys• RSA encrypted nonce• RSA signatures
IKE Peer Authentication
IKE session is encrypted either by DES or 3DES
Keying material is generally derived from the initial DH change
In main mode, peer identity is also encrypted
IKE Session Encryption
IKE uses HMAC functions to guarantee session integrity
Choice between keyed SHA-1 and MD5 Keying material is generally derived from the
initial DH exchange
IKE Session Integrity
Interaction with other network protocols Error handling Protocol management Legacy authentication
Other Aspects of IKE
THANK YOU !!!
QUERIES???