Internet Key Exchange IKE - PowerPoint PPT Presentation
1 / 5
Title:
Internet Key Exchange IKE
Description:
Internet Key Exchange IKE RFC 2409 Services Constructs shared authenticated keys Establishes shared security parameters Common SAs between IPSec peers – PowerPoint PPT presentation
Number of Views:125
Avg rating:3.0/5.0
Title: Internet Key Exchange IKE
1
Internet Key Exchange IKE
- RFC 2409
- Services
- Constructs shared authenticated keys
- Establishes shared security parameters
- Common SAs between IPSec peers
- Relies on the following RFCs
- RFC 2408 ISAKMP
- RFC 2407 IPSec DOI
- RFC 2412 OAKLEY Key Determination
2
IKE
- Phase 1
- Creates an ISAKMP SA
- IKE has a policy database weighted in order of
preference - Phase 2
- Creates an IPSec SA
- Done under the protection of the Phase 1 IKE SA
3
IKE Phase 1
- IKE Policy Database
- Policies or protection suites
- IKE SA consists of specific choices for the
following - Encryption algorithm
- Hash Algorithm
- Diffie-Hellman group
- Authentication method
4
IKE Phase 1
- IKE SA
- Used to create the ISAKMP SA
- Always uses a Diffie-Hellman exchange to generate
keys - There Are five parameter groups permitted
- 3 exponential based
- 2 elliptical curve based
5
IKE Phase 2
- Creates IPSec SA
- Uses IKE SA
- IPSec keys are derived from the IKE SA secret
state
