Concept

Internet Key Exchange

Summary

In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication ‒ either pre-shared or distributed using DNS (preferably with DNSSEC) ‒ and a Diffie–Hellman key exchange to set up a shared session secret from which cryptographic keys are derived. In addition, a security policy for every peer which will connect must be manually maintained. The Internet Engineering Task Force (IETF) originally defined IKE in November 1998 in a series of publications (Request for Comments) known as RFC 2407, RFC 2408 and RFC 2409: defined the Internet IP Security Domain of Interpretation for ISAKMP. defined the Internet Security Association and Key Management Protocol (ISAKMP). defined the Internet Key Exchange (IKE). updated IKE to version two (IKEv2) in December 2005. clarified some open details in October 2006. combined these two documents plus additional clarifications into the updated IKEv2, published in September 2010. A later update upgraded the document from Proposed Standard to Internet Standard, published as in October 2014. The parent organization of the IETF, the Internet Society (ISOC), has maintained the copyrights of these standards as freely available to the Internet community. Most IPsec implementations consist of an IKE daemon that runs in user space and an IPsec stack in the kernel that processes the actual IP packets. User-space daemons have easy access to mass storage containing configuration information, such as the IPsec endpoint addresses, keys and certificates, as required. Kernel modules, on the other hand, can process packets efficiently and with minimum overhead—which is important for performance reasons. The IKE protocol uses UDP packets, usually on port 500, and generally requires 4–6 packets with 2–3 round trips to create an ISAKMP security association (SA) on both sides.

Official source

https://en.wikipedia.org/wiki/Internet_Key_Exchange

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Internet Key Exchange

On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats

Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy

Oblivious Dynamic Searchable Encryption on Distributed Cloud Systems

Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy

Oblivious Dynamic Searchable Encryption on Distributed Cloud Systems

On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats