INTERNET KEY

EXCHANGE PROTOCOL

PRESENTED BYPRATEEK SINGH BAPNA

Described in RFC 2409 Used for Key Management in IPSec Networks Allows automatic negotiation and creation of

IPSec SAs between IPSec Peers

Internet Key Exchange (IKE)

IKE is a hybrid protocol based on: ISAKMP (RFC 2408), the protocol for

negotiated establishment of security associations

Oakley (RFC 2412), the key agreement/exchange protocol

SKEME, another key exchange protocol

IKE History

Expands as Internet Security Association and Key Management Protocol

Establishes a secure management session between IPSec peers

Negotiates SAs between IPSec peers

ISAKMP

Defines the mechanisms for key exchange over the IKE session

Determines AH/ESP keying material for each IPSec SA automatically

By default, it uses an authenticated Diffie-Hellman Algorithm for key exchange

Oakley Protocol

Algorithm for secure key exchange over unsecured channels

Based on the difficulty of finding discreet algorithms

Used to establish a shared secret between parties (usually the secret keys for symmetric encryption or HMACs)

Diffie-Hellman Algorithm

The parties agree on two non-secret numbers, g (generator), and p (modulus), where g is small and p is very large

Each party generates a random secret X Based on g, p, and X, each party generates a

public value Y= mod p

Peers then exchange public values

Diffie-Hellman Algorithm (Contd.)

Diffie-Hellman in Action

APrivate Value, XPublic Value, Y

Private Value, XPublic Value, YB = mod p

= mod p𝒀 𝑨

𝒀 𝑩

𝒀 𝑩=𝒀 𝑨=𝒈𝑿 (𝑩)𝑿 (𝑨)𝒎𝒐𝒅𝒑

(Shared Secret)

IPSec needs SAs to protect traffic If no SAs are in place, IPSec will ask IKE to

provide IPSec SAs IKE opens a management session with

relevant peer, and negotiates all SAs and keying material for IPSec

IPSec protects traffic

IPSec and IKE Relationship

IPSec and IKE Relationship (Contd.)

A’s Laptop B’s Laptop

IPSecA IPSec

B

IKEA

IKEBIKE Session

1. Outbound packet from A to B, no SA

2. A’s IKE begins negotiations with B’s3. Negotiations complete, A and B now have complete SAs in place

4. Packet is sent from A to B protected by IPSec SA

An IKE session runs over UDP (source and destination port 500)

IKE session establishment results in the creation of IKE SAs

IKE then establishes all requested IPSec SAs on demand

IKE Protocol

IKE sessions are protected by cryptographic algorithms/protocols

The peers need to agree on a bundle of algorithms and protocols, known as IKE protection suites, to protect the IKE session

Protection suites can be Encryption Algorithm, Hashing MAC Algorithm, Peer Authentication Procedure, DH group for Initial Key Exchange, SA Lifetime

IKE Session Protocol

IKE has 2 phases:• IKE Phase 1oUses main or aggressive mode exchangeoNegotiates IKE SA

• IKE Phase 2oUses quick mode exchangeoNegotiates IPSec SAs

IKE Phases and Modes

Authentication Method• Pre-shared key• Digital signatures (DSS or RSA)• Public key encryption (RSA or El-Gamal)

Group Description (pre-defined) Group Type (negotiated)• MODP (modular exponentiation group)• ECP (elliptic curve group over GF[P])• EC2N (elliptic curve group over GF[])

Phase 1 Attributes

Group Description (for PFS) Encryption Algorithm (if any)• Key Length• Key Rounds

Group Description (for PFS) Life duration (seconds and/or kilobytes) Encapsulation mode (transport or tunnel)

Phase 2 Attributes

Expensive 1st phase creates main SA Cheaper 2nd phase allows to create multiple

child SA (based on main SA) between same hosts

Why Two-Phase Design?

To establish the IKE SA, peers have to authenticate each other (two way)

3 defined mechanisms:• Pre-shared keys• RSA encrypted nonce• RSA signatures

IKE Peer Authentication

IKE session is encrypted either by DES or 3DES

Keying material is generally derived from the initial DH change

In main mode, peer identity is also encrypted

IKE Session Encryption

IKE uses HMAC functions to guarantee session integrity

Choice between keyed SHA-1 and MD5 Keying material is generally derived from the

initial DH exchange

IKE Session Integrity

Interaction with other network protocols Error handling Protocol management Legacy authentication

Other Aspects of IKE

THANK YOU !!!

QUERIES???