The Internet Key Exchange (IKE) protocol, described in RFC 2409, is a key management protocol standard which is used in conjunction with the IPsec standard. IPsec can be configured without IKE, but IKE enhances IPsec by providing additional features, flexibility, and ease of configuration for the IPsec standard.
Scaling API-first – The story of a global engineering organization
Internet Key Exchange Protocol
1. INTERNET KEY
EXCHANGE
PROTOCOL
PRESENTED BY
PRATEEK SINGH BAPNA
2. Internet Key Exchange (IKE)
Described in RFC 2409
Used for Key Management in IPSec Networks
Allows automatic negotiation and creation of IPSec
SAs between IPSec Peers
3. IKE History
IKE is a hybrid protocol based on:
ISAKMP (RFC 2408), the protocol for negotiated
establishment of security associations
Oakley (RFC 2412), the key agreement/exchange
protocol
SKEME, another key exchange protocol
4. ISAKMP
Expands as Internet Security Association and Key
Management Protocol
Establishes a secure management session between
IPSec peers
Negotiates SAs between IPSec peers
5. Oakley Protocol
Defines the mechanisms for key exchange over the
IKE session
Determines AH/ESP keying material for each IPSec SA
automatically
By default, it uses an authenticated Diffie-Hellman
Algorithm for key exchange
6. Diffie-Hellman Algorithm
Algorithm for secure key exchange over unsecured
channels
Based on the difficulty of finding discreet algorithms
Used to establish a shared secret between parties
(usually the secret keys for symmetric encryption or
HMACs)
8. Diffie-Hellman in Action
A Private Value, X
Public Value, Y
Private Value, X
Public Value, Y B
(Shared Secret)
9. IPSec and IKE Relationship
IPSec needs SAs to protect traffic
If no SAs are in place, IPSec will ask IKE to provide
IPSec SAs
IKE opens a management session with relevant peer,
and negotiates all SAs and keying material for IPSec
IPSec protects traffic
10. IPSec and IKE Relationship
(Contd.)
1. Outbound packet from A to B, no SA
4. Packet is sent from A to B protected by IPSec SA
IPSec
IPSec
A
B
A’s Laptop B’s Laptop
IKE IKE
A IKE Session B
2. A’s IKE begins negotiations with B’s
3. Negotiations complete, A and B now have complete SAs in place
11. IKE Protocol
An IKE session runs over UDP (source and destination
port 500)
IKE session establishment results in the creation of IKE
SAs
IKE then establishes all requested IPSec SAs on
demand
12. IKE Session Protocol
IKE sessions are protected by cryptographic
algorithms/protocols
The peers need to agree on a bundle of algorithms and
protocols, known as IKE protection suites, to protect
the IKE session
Protection suites can be Encryption Algorithm,
Hashing MAC Algorithm, Peer Authentication
Procedure, DH group for Initial Key Exchange, SA
Lifetime
13. IKE Phases and Modes
IKE has 2 phases:
• IKE Phase 1
o Uses main or aggressive mode exchange
o Negotiates IKE SA
• IKE Phase 2
o Uses quick mode exchange
o Negotiates IPSec SAs
15. Phase 2 Attributes
Group Description (for PFS)
Encryption Algorithm (if any)
• Key Length
• Key Rounds
Group Description (for PFS)
Life duration (seconds and/or kilobytes)
Encapsulation mode (transport or tunnel)
16. Why Two-Phase Design?
Expensive 1st phase creates main SA
Cheaper 2nd phase allows to create multiple child SA
(based on main SA) between same hosts
17. IKE Peer Authentication
To establish the IKE SA, peers have to authenticate
each other (two way)
3 defined mechanisms:
• Pre-shared keys
• RSA encrypted nonce
• RSA signatures
18. IKE Session Encryption
IKE session is encrypted either by DES or 3DES
Keying material is generally derived from the initial DH
change
In main mode, peer identity is also encrypted
19. IKE Session Integrity
IKE uses HMAC functions to guarantee session
integrity
Choice between keyed SHA-1 and MD5
Keying material is generally derived from the initial DH
exchange
20. Other Aspects of IKE
Interaction with other network protocols
Error handling
Protocol management
Legacy authentication