SlideShare uma empresa Scribd logo

Internet Key Exchange Protocol

Transferir como PPTX, PDF
Prateek Singh Bapna
Prateek Singh Bapna

The Internet Key Exchange (IKE) protocol, described in RFC 2409, is a key management protocol standard which is used in conjunction with the IPsec standard. IPsec can be configured without IKE, but IKE enhances IPsec by providing additional features, flexibility, and ease of configuration for the IPsec standard.

TecnologiaEducação
1 de 21
INTERNET KEY EXCHANGE PROTOCOL PRESENTED BY PRATEEK SINGH BAPNA
Internet Key Exchange (IKE) Described in RFC 2409 Used for Key Management in IPSec Networks Allows automatic negotiation and creation of IPSec SAs between IPSec Peers
IKE History IKE is a hybrid protocol based on: ISAKMP (RFC 2408), the protocol for negotiated establishment of security associations Oakley (RFC 2412), the key agreement/exchange protocol SKEME, another key exchange protocol
ISAKMP Expands as Internet Security Association and Key Management Protocol Establishes a secure management session between IPSec peers Negotiates SAs between IPSec peers
Oakley Protocol Defines the mechanisms for key exchange over the IKE session Determines AH/ESP keying material for each IPSec SA automatically By default, it uses an authenticated Diffie-Hellman Algorithm for key exchange
Diffie-Hellman Algorithm Algorithm for secure key exchange over unsecured channels Based on the difficulty of finding discreet algorithms Used to establish a shared secret between parties (usually the secret keys for symmetric encryption or HMACs)
Diffie-Hellman Algorithm (Contd.)
Diffie-Hellman in Action A Private Value, X Public Value, Y Private Value, X Public Value, Y B (Shared Secret)
IPSec and IKE Relationship IPSec needs SAs to protect traffic If no SAs are in place, IPSec will ask IKE to provide IPSec SAs IKE opens a management session with relevant peer, and negotiates all SAs and keying material for IPSec IPSec protects traffic
IPSec and IKE Relationship (Contd.) 1. Outbound packet from A to B, no SA 4. Packet is sent from A to B protected by IPSec SA IPSec IPSec A B A’s Laptop B’s Laptop IKE IKE A IKE Session B 2. A’s IKE begins negotiations with B’s 3. Negotiations complete, A and B now have complete SAs in place
IKE Protocol An IKE session runs over UDP (source and destination port 500) IKE session establishment results in the creation of IKE SAs IKE then establishes all requested IPSec SAs on demand
IKE Session Protocol IKE sessions are protected by cryptographic algorithms/protocols The peers need to agree on a bundle of algorithms and protocols, known as IKE protection suites, to protect the IKE session Protection suites can be Encryption Algorithm, Hashing MAC Algorithm, Peer Authentication Procedure, DH group for Initial Key Exchange, SA Lifetime
IKE Phases and Modes IKE has 2 phases: • IKE Phase 1 o Uses main or aggressive mode exchange o Negotiates IKE SA • IKE Phase 2 o Uses quick mode exchange o Negotiates IPSec SAs
Phase 1 Attributes
Phase 2 Attributes Group Description (for PFS) Encryption Algorithm (if any) • Key Length • Key Rounds Group Description (for PFS) Life duration (seconds and/or kilobytes) Encapsulation mode (transport or tunnel)
Why Two-Phase Design? Expensive 1st phase creates main SA Cheaper 2nd phase allows to create multiple child SA (based on main SA) between same hosts
IKE Peer Authentication To establish the IKE SA, peers have to authenticate each other (two way) 3 defined mechanisms: • Pre-shared keys • RSA encrypted nonce • RSA signatures
IKE Session Encryption IKE session is encrypted either by DES or 3DES Keying material is generally derived from the initial DH change In main mode, peer identity is also encrypted
IKE Session Integrity IKE uses HMAC functions to guarantee session integrity Choice between keyed SHA-1 and MD5 Keying material is generally derived from the initial DH exchange
Other Aspects of IKE Interaction with other network protocols Error handling Protocol management Legacy authentication
THANK YOU !!! QUERIES???

Recomendados

Cryptography ppt
Cryptography pptCryptography ppt
Cryptography pptOECLIB Odisha Electronics Control Library
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1Shobhit Sharma
 
Transposition Cipher
Transposition CipherTransposition Cipher
Transposition Cipherdaniyalqureshi712
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 

Recomendados

Cryptography ppt
Cryptography pptCryptography ppt
Cryptography pptOECLIB Odisha Electronics Control Library
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1Shobhit Sharma
 
Transposition Cipher
Transposition CipherTransposition Cipher
Transposition Cipherdaniyalqureshi712
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
What is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsWhat is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsFaisal Shahzad Khan
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Internet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolInternet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolNetwax Lab
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Topic1 substitution transposition-techniques
Topic1 substitution transposition-techniquesTopic1 substitution transposition-techniques
Topic1 substitution transposition-techniquesMdFazleRabbi18
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptographyCysinfo Cyber Security Community
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)Haris Ahmed
 
Ike
IkeIke
Ikeshashi712
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
Ip security
Ip security Ip security
Ip security Dr.K.Sreenivas Rao
 
Key Exchange
Key ExchangeKey Exchange
Key ExchangeHoang Nguyen
 
Protocole IKE/IPsec
Protocole IKE/IPsecProtocole IKE/IPsec
Protocole IKE/IPsecThomas Moegli
 

Mais conteúdo relacionado

Mais procurados

IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
What is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsWhat is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsFaisal Shahzad Khan
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Internet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolInternet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolNetwax Lab
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Topic1 substitution transposition-techniques
Topic1 substitution transposition-techniquesTopic1 substitution transposition-techniques
Topic1 substitution transposition-techniquesMdFazleRabbi18
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)Haris Ahmed
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 

Mais procurados (20)

IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
Web Security
Web SecurityWeb Security
Web Security
 
Ipsec
IpsecIpsec
Ipsec
 
What is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsWhat is AES? Advanced Encryption Standards
What is AES? Advanced Encryption Standards
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and Distribution
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Internet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolInternet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) Protocol
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Topic1 substitution transposition-techniques
Topic1 substitution transposition-techniquesTopic1 substitution transposition-techniques
Topic1 substitution transposition-techniques
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptography
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key Cryptosystem
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)
 
Ike
IkeIke
Ike
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
 
Ip security
Ip security Ip security
Ip security
 

Destaque

Rfc5996(internet key exchange protocol version 2 (ik ev2))
Rfc5996(internet key exchange protocol version 2 (ik ev2))Rfc5996(internet key exchange protocol version 2 (ik ev2))
Rfc5996(internet key exchange protocol version 2 (ik ev2))Tetsuya Hasegawa
 
Brett Lewis - Secure Transmission of Data on Metro Ethernet Networks
Brett Lewis - Secure Transmission of Data on Metro Ethernet NetworksBrett Lewis - Secure Transmission of Data on Metro Ethernet Networks
Brett Lewis - Secure Transmission of Data on Metro Ethernet Networks1velocity
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLSkeithrozario
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Secure Data Transmission
Secure Data TransmissionSecure Data Transmission
Secure Data Transmissionbjp4642
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Sandeep Gupta
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6koolkampus
 

Destaque (20)

Key Exchange
Key ExchangeKey Exchange
Key Exchange
 
Protocole IKE/IPsec
Protocole IKE/IPsecProtocole IKE/IPsec
Protocole IKE/IPsec
 
Rfc5996(internet key exchange protocol version 2 (ik ev2))
Rfc5996(internet key exchange protocol version 2 (ik ev2))Rfc5996(internet key exchange protocol version 2 (ik ev2))
Rfc5996(internet key exchange protocol version 2 (ik ev2))
 
Isakmp
IsakmpIsakmp
Isakmp
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security Seminar
 
Ipsec 2
Ipsec 2Ipsec 2
Ipsec 2
 
Brett Lewis - Secure Transmission of Data on Metro Ethernet Networks
Brett Lewis - Secure Transmission of Data on Metro Ethernet NetworksBrett Lewis - Secure Transmission of Data on Metro Ethernet Networks
Brett Lewis - Secure Transmission of Data on Metro Ethernet Networks
 
SSL-image
SSL-imageSSL-image
SSL-image
 
Ip security
Ip security Ip security
Ip security
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
Ch08
Ch08Ch08
Ch08
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummies
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLS
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Secure Data Transmission
Secure Data TransmissionSecure Data Transmission
Secure Data Transmission
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTION
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Easy vpn
Easy vpnEasy vpn
Easy vpn
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6
 

Semelhante a Internet Key Exchange Protocol

I psec
I psecI psec
I psecnlekh
 
Crypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationCrypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationdborsan
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 
cryptography.pptx
cryptography.pptxcryptography.pptx
cryptography.pptxMvidhya9
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverijmnct
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityPriyadharshiniVS
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to siteIT Tech
 
IP Sec by Amin Pathan
IP Sec by Amin PathanIP Sec by Amin Pathan
IP Sec by Amin Pathanaminpathan11
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talkanoean
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteHostedGraphite
 

Semelhante a Internet Key Exchange Protocol (20)

I psecurity
I psecurityI psecurity
I psecurity
 
I psec
I psecI psec
I psec
 
05 06 ike
05 06 ike05 06 ike
05 06 ike
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to site
 
Ipsec rbe guide
Ipsec rbe guideIpsec rbe guide
Ipsec rbe guide
 
Crypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationCrypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configuration
 
I psec
I psecI psec
I psec
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
The Security layer
The Security layerThe Security layer
The Security layer
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
IPSec
IPSecIPSec
IPSec
 
cryptography.pptx
cryptography.pptxcryptography.pptx
cryptography.pptx
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa server
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
 
IP Sec by Amin Pathan
IP Sec by Amin PathanIP Sec by Amin Pathan
IP Sec by Amin Pathan
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMS
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talk
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
 
IPSec_VPN_Final_
IPSec_VPN_Final_IPSec_VPN_Final_
IPSec_VPN_Final_
 

Mais de Prateek Singh Bapna

A Muti-objective approach to Transportation Network Design
A Muti-objective approach to Transportation Network DesignA Muti-objective approach to Transportation Network Design
A Muti-objective approach to Transportation Network DesignPrateek Singh Bapna
 
Hero MotoCorp Financial Analysis Report
Hero MotoCorp Financial Analysis ReportHero MotoCorp Financial Analysis Report
Hero MotoCorp Financial Analysis ReportPrateek Singh Bapna
 
Improvement of BITS Co-operative store : AKSHAY
Improvement of BITS Co-operative store : AKSHAYImprovement of BITS Co-operative store : AKSHAY
Improvement of BITS Co-operative store : AKSHAYPrateek Singh Bapna
 

Mais de Prateek Singh Bapna (8)

Venture capital 101
Venture capital 101Venture capital 101
Venture capital 101
 
A Muti-objective approach to Transportation Network Design
A Muti-objective approach to Transportation Network DesignA Muti-objective approach to Transportation Network Design
A Muti-objective approach to Transportation Network Design
 
Hero MotoCorp Financial Analysis Report
Hero MotoCorp Financial Analysis ReportHero MotoCorp Financial Analysis Report
Hero MotoCorp Financial Analysis Report
 
Improvement of BITS Co-operative store : AKSHAY
Improvement of BITS Co-operative store : AKSHAYImprovement of BITS Co-operative store : AKSHAY
Improvement of BITS Co-operative store : AKSHAY
 
5S, Kaizen, PokaYoke
5S, Kaizen, PokaYoke5S, Kaizen, PokaYoke
5S, Kaizen, PokaYoke
 
Software as a Service
Software as a ServiceSoftware as a Service
Software as a Service
 
Business proposal presentation
Business proposal presentationBusiness proposal presentation
Business proposal presentation
 
Intellectual Property
Intellectual PropertyIntellectual Property
Intellectual Property
 

Último

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Último (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Internet Key Exchange Protocol

  • 1. INTERNET KEY EXCHANGE PROTOCOL PRESENTED BY PRATEEK SINGH BAPNA
  • 2. Internet Key Exchange (IKE) Described in RFC 2409 Used for Key Management in IPSec Networks Allows automatic negotiation and creation of IPSec SAs between IPSec Peers
  • 3. IKE History IKE is a hybrid protocol based on: ISAKMP (RFC 2408), the protocol for negotiated establishment of security associations Oakley (RFC 2412), the key agreement/exchange protocol SKEME, another key exchange protocol
  • 4. ISAKMP Expands as Internet Security Association and Key Management Protocol Establishes a secure management session between IPSec peers Negotiates SAs between IPSec peers
  • 5. Oakley Protocol Defines the mechanisms for key exchange over the IKE session Determines AH/ESP keying material for each IPSec SA automatically By default, it uses an authenticated Diffie-Hellman Algorithm for key exchange
  • 6. Diffie-Hellman Algorithm Algorithm for secure key exchange over unsecured channels Based on the difficulty of finding discreet algorithms Used to establish a shared secret between parties (usually the secret keys for symmetric encryption or HMACs)
  • 8. Diffie-Hellman in Action A Private Value, X Public Value, Y Private Value, X Public Value, Y B (Shared Secret)
  • 9. IPSec and IKE Relationship IPSec needs SAs to protect traffic If no SAs are in place, IPSec will ask IKE to provide IPSec SAs IKE opens a management session with relevant peer, and negotiates all SAs and keying material for IPSec IPSec protects traffic
  • 10. IPSec and IKE Relationship (Contd.) 1. Outbound packet from A to B, no SA 4. Packet is sent from A to B protected by IPSec SA IPSec IPSec A B A’s Laptop B’s Laptop IKE IKE A IKE Session B 2. A’s IKE begins negotiations with B’s 3. Negotiations complete, A and B now have complete SAs in place
  • 11. IKE Protocol An IKE session runs over UDP (source and destination port 500) IKE session establishment results in the creation of IKE SAs IKE then establishes all requested IPSec SAs on demand
  • 12. IKE Session Protocol IKE sessions are protected by cryptographic algorithms/protocols The peers need to agree on a bundle of algorithms and protocols, known as IKE protection suites, to protect the IKE session Protection suites can be Encryption Algorithm, Hashing MAC Algorithm, Peer Authentication Procedure, DH group for Initial Key Exchange, SA Lifetime
  • 13. IKE Phases and Modes IKE has 2 phases: • IKE Phase 1 o Uses main or aggressive mode exchange o Negotiates IKE SA • IKE Phase 2 o Uses quick mode exchange o Negotiates IPSec SAs
  • 15. Phase 2 Attributes Group Description (for PFS) Encryption Algorithm (if any) • Key Length • Key Rounds Group Description (for PFS) Life duration (seconds and/or kilobytes) Encapsulation mode (transport or tunnel)
  • 16. Why Two-Phase Design? Expensive 1st phase creates main SA Cheaper 2nd phase allows to create multiple child SA (based on main SA) between same hosts
  • 17. IKE Peer Authentication To establish the IKE SA, peers have to authenticate each other (two way) 3 defined mechanisms: • Pre-shared keys • RSA encrypted nonce • RSA signatures
  • 18. IKE Session Encryption IKE session is encrypted either by DES or 3DES Keying material is generally derived from the initial DH change In main mode, peer identity is also encrypted
  • 19. IKE Session Integrity IKE uses HMAC functions to guarantee session integrity Choice between keyed SHA-1 and MD5 Keying material is generally derived from the initial DH exchange
  • 20. Other Aspects of IKE Interaction with other network protocols Error handling Protocol management Legacy authentication
  • 21. THANK YOU !!! QUERIES???