|Email This Page
IPsec IKE: Internet Key Exchange Protocol
Internet Key Exchange (IKE) Protocol, a key protocol in the IPsec architecture, is a hybrid protocol using part of Oakley and part of SKEME in conjunction with ISAKMP to obtain authenticated keying material for use with ISAKMP, and for other security associations such as AH and ESP for the IPsec DOI.
ISAKMP provides a framework for authentication and key exchange but does not define them. ISAKMP is designed to be key exchange independent, which supports many different key exchanges. The Internet Key Exchange (IKE) is one of a series of key exchanges - called "modes".
IKE processes can be used for negotiating virtual private networks (VPNs) and also for providing a remote user from a remote site (whose IP address need not be known beforehand) access to a secure host or network. Client negotiation is supported. Client mode is where the negotiating parties are not the endpoints for which security association negotiation is taking place. When used in client mode, the identities of the end parties remain hidden.
IKE implementations support the following attribute values:
- DES in CBC mode with a weak, and semi-weak, key check
- MD5 and SHA.
- Authentication via pre-shared keys.
- MODP over default group number one.
In addition, IKE implementations support: 3DES for encryption; Tiger for hash; the Digital Signature Standard, RSA signatures and authentication with RSA public key encryption; and MODP group number 2. IKE implementations MAY support any additional encryption algorithms and MAY support ECP and EC2N groups.
The IKE modes must be implemented whenever the IPsec DOI is implemented. Other DOIs MAY use the modes described here.
Protocol Structure - IPsec IKE: Internet Key Exchange Protocol IKE protocol messages are a combination of ISAKMP header and SKEME and Oakley fields. The specific message format depends on the message phases and modes. For more details, see the reference documents.
IPsec , ESP , ISAKMP , DES, AES, AH , DOI, HMAC, HMAC-MD5, HMAC-SHA, PKI, IP , IPv6 , ICMP , IGMP
IKE is defined by IETF (www.ietf.org ) in RFC 2409.
http://www.javvin.com/protocol/rfc2409.pdf : The Internet Key Exchange (IKE).