Prateek Singh Bapna, profile picture
Uploaded byPrateek Singh Bapna
PPTX, PDF9,581 views

Internet Key Exchange Protocol

The Internet Key Exchange (IKE) protocol, as defined in RFC 2409, is used for automatic key management and security association establishment in IPsec networks. IKE operates in two phases, negotiating security associations and keying material through a secure session between peers, primarily utilizing the Diffie-Hellman algorithm for key exchange. The protocol also includes defined mechanisms for peer authentication and session protection through various cryptographic algorithms.

TechnologyEducation
In this document
Powered by AI

Introduction to the Internet Key Exchange presented by Prateek Singh Bapna.

IKE is a key management protocol for IPSec, based on ISAKMP, Oakley, and SKEME protocols.

ISAKMP establishes secure sessions and negotiates security associations between IPSec peers.

Oakley defines key exchange mechanisms over IKE sessions using Diffie-Hellman for key agreements.

Diffie-Hellman is used for secure key exchange over unsecured channels, establishing shared secrets.

IPSec relies on IKE for establishing security associations needed for traffic protection.

IKE runs over UDP, establishing IKE sessions and integrating cryptographic protection suites.

IKE has two phases, focusing on negotiation of IKE and IPSec security associations.

The first phase establishes the main SA, while the second phase allows for multiple child SAs.

IKES requires mutual peer authentication using mechanisms like pre-shared keys and RSA.

IKE sessions are encrypted using DES or 3DES, derived from initial Diffie-Hellman exchanges.

IKE uses HMAC functions for session integrity, offering SHA-1 or MD5 for hashing.

Other aspects of IKE include error handling, interaction with protocols, and legacy authentication.

Wrapping up the presentation with an invitation for questions.

Embed presentation

Downloaded 277 times
INTERNET KEY EXCHANGE PROTOCOL PRESENTED BY PRATEEK SINGH BAPNA
Internet Key Exchange (IKE) Described in RFC 2409 Used for Key Management in IPSec Networks Allows automatic negotiation and creation of IPSec SAs between IPSec Peers
IKE History IKE is a hybrid protocol based on: ISAKMP (RFC 2408), the protocol for negotiated establishment of security associations Oakley (RFC 2412), the key agreement/exchange protocol SKEME, another key exchange protocol
ISAKMP Expands as Internet Security Association and Key Management Protocol Establishes a secure management session between IPSec peers Negotiates SAs between IPSec peers
Oakley Protocol Defines the mechanisms for key exchange over the IKE session Determines AH/ESP keying material for each IPSec SA automatically By default, it uses an authenticated Diffie-Hellman Algorithm for key exchange
Diffie-Hellman Algorithm Algorithm for secure key exchange over unsecured channels Based on the difficulty of finding discreet algorithms Used to establish a shared secret between parties (usually the secret keys for symmetric encryption or HMACs)
Diffie-Hellman Algorithm (Contd.)
Diffie-Hellman in Action A Private Value, X Public Value, Y Private Value, X Public Value, Y B (Shared Secret)
IPSec and IKE Relationship IPSec needs SAs to protect traffic If no SAs are in place, IPSec will ask IKE to provide IPSec SAs IKE opens a management session with relevant peer, and negotiates all SAs and keying material for IPSec IPSec protects traffic
IPSec and IKE Relationship (Contd.) 1. Outbound packet from A to B, no SA 4. Packet is sent from A to B protected by IPSec SA IPSec IPSec A B A’s Laptop B’s Laptop IKE IKE A IKE Session B 2. A’s IKE begins negotiations with B’s 3. Negotiations complete, A and B now have complete SAs in place
IKE Protocol An IKE session runs over UDP (source and destination port 500) IKE session establishment results in the creation of IKE SAs IKE then establishes all requested IPSec SAs on demand
IKE Session Protocol IKE sessions are protected by cryptographic algorithms/protocols The peers need to agree on a bundle of algorithms and protocols, known as IKE protection suites, to protect the IKE session Protection suites can be Encryption Algorithm, Hashing MAC Algorithm, Peer Authentication Procedure, DH group for Initial Key Exchange, SA Lifetime
IKE Phases and Modes IKE has 2 phases: • IKE Phase 1 o Uses main or aggressive mode exchange o Negotiates IKE SA • IKE Phase 2 o Uses quick mode exchange o Negotiates IPSec SAs
Phase 1 Attributes
Phase 2 Attributes Group Description (for PFS) Encryption Algorithm (if any) • Key Length • Key Rounds Group Description (for PFS) Life duration (seconds and/or kilobytes) Encapsulation mode (transport or tunnel)
Why Two-Phase Design? Expensive 1st phase creates main SA Cheaper 2nd phase allows to create multiple child SA (based on main SA) between same hosts
IKE Peer Authentication To establish the IKE SA, peers have to authenticate each other (two way) 3 defined mechanisms: • Pre-shared keys • RSA encrypted nonce • RSA signatures
IKE Session Encryption IKE session is encrypted either by DES or 3DES Keying material is generally derived from the initial DH change In main mode, peer identity is also encrypted
IKE Session Integrity IKE uses HMAC functions to guarantee session integrity Choice between keyed SHA-1 and MD5 Keying material is generally derived from the initial DH exchange
Other Aspects of IKE Interaction with other network protocols Error handling Protocol management Legacy authentication
THANK YOU !!! QUERIES???

More Related Content

PPTX
IPSec and VPN
byAbdullaziz Tagawy
 
PPT
Ipsec
byRupesh Mishra
 
PDF
IPSec (Internet Protocol Security) - PART 1
byShobhit Sharma
 
PPT
Pretty good privacy
byPushkar Dutt
 
PPTX
802.1x
byakruthi k
 
PDF
IP Security
byAmbo University
 
PPT
authentication.ppt
byjayarao21
 
PPTX
IPSec VPN & IPSec Protocols
byNetProtocol Xpert
 
IPSec and VPN
byAbdullaziz Tagawy
 
Ipsec
byRupesh Mishra
 
IPSec (Internet Protocol Security) - PART 1
byShobhit Sharma
 
Pretty good privacy
byPushkar Dutt
 
802.1x
byakruthi k
 
IP Security
byAmbo University
 
authentication.ppt
byjayarao21
 
IPSec VPN & IPSec Protocols
byNetProtocol Xpert
 

What's hot

PPTX
MAC-Message Authentication Codes
byDarshanPatil82
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
PPT
Data encryption standard
byVasuki Ramasamy
 
PPTX
Cryptography.ppt
byUday Meena
 
PPTX
Cryptography
byJens Patel
 
PPTX
Key Management and Distribution
bySyed Bahadur Shah
 
PPT
Pgp
byReham Maher El-Safarini
 
PPTX
Hash Function
bySiddharth Srivastava
 
PPTX
Hash function
bySalman Memon
 
PPTX
Diffie hellman key exchange algorithm
bySunita Kharayat
 
PDF
Classical encryption techniques
byDr.Florence Dayana
 
PPTX
ElGamal Encryption Algoritham.pptx
byIndian Institute of information technology Una
 
PPT
DES (Data Encryption Standard) pressentation
bysarhadisoftengg
 
PPT
RC4&RC5
byMohamed El-Serngawy
 
PPTX
Wpa3
byBhavya Dashora
 
PPT
Cryptography and Network Security William Stallings Lawrie Brown
byInformation Security Awareness Group
 
PPT
DES
byNaga Srimanyu Timmaraju
 
PPT
Message authentication
byCAS
 
PPTX
Cryptography
bysubodh pawar
 
PPTX
Intro to modern cryptography
byzahid-mian
 
MAC-Message Authentication Codes
byDarshanPatil82
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
Data encryption standard
byVasuki Ramasamy
 
Cryptography.ppt
byUday Meena
 
Cryptography
byJens Patel
 
Key Management and Distribution
bySyed Bahadur Shah
 
Pgp
byReham Maher El-Safarini
 
Hash Function
bySiddharth Srivastava
 
Hash function
bySalman Memon
 
Diffie hellman key exchange algorithm
bySunita Kharayat
 
Classical encryption techniques
byDr.Florence Dayana
 
ElGamal Encryption Algoritham.pptx
byIndian Institute of information technology Una
 
DES (Data Encryption Standard) pressentation
bysarhadisoftengg
 
RC4&RC5
byMohamed El-Serngawy
 
Wpa3
byBhavya Dashora
 
Cryptography and Network Security William Stallings Lawrie Brown
byInformation Security Awareness Group
 
DES
byNaga Srimanyu Timmaraju
 
Message authentication
byCAS
 
Cryptography
bysubodh pawar
 
Intro to modern cryptography
byzahid-mian
 

Viewers also liked

PDF
Key Exchange
byHoang Nguyen
 
PDF
Protocole IKE/IPsec
byThomas Moegli
 
PDF
Internet Key Exchange (ikev2) Protocol
byNetwax Lab
 
PPSX
Ike
byshashi712
 
PPTX
Rfc5996(internet key exchange protocol version 2 (ik ev2))
byTetsuya Hasegawa
 
PPT
Isakmp
bymaurprem
 
PPT
Information Security Seminar
byAcend Corporate Learning
 
PPTX
Ipsec 2
bySourabh Badve
 
PDF
Brett Lewis - Secure Transmission of Data on Metro Ethernet Networks
by1velocity
 
DOCX
SSL-image
byRajat Toshniwal
 
PPTX
Ip security
byNaveen Dubey
 
PPT
Lecture 5 ip security
byrajakhurram
 
PPT
Ch08
bynathanurag
 
PPTX
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
byGopal Sakarkar
 
PPTX
Pki for dummies
byAlex de Jong
 
PPTX
Introduction to SSL/TLS
bykeithrozario
 
PPTX
public key infrastructure
byvimal kumar
 
PPT
Ipsec
byBaidyanath Dutta
 
PPTX
Secure Data Transmission
bybjp4642
 
PPT
IPSec Overview
bydavisli
 
Key Exchange
byHoang Nguyen
 
Protocole IKE/IPsec
byThomas Moegli
 
Internet Key Exchange (ikev2) Protocol
byNetwax Lab
 
Ike
byshashi712
 
Rfc5996(internet key exchange protocol version 2 (ik ev2))
byTetsuya Hasegawa
 
Isakmp
bymaurprem
 
Information Security Seminar
byAcend Corporate Learning
 
Ipsec 2
bySourabh Badve
 
Brett Lewis - Secure Transmission of Data on Metro Ethernet Networks
by1velocity
 
SSL-image
byRajat Toshniwal
 
Ip security
byNaveen Dubey
 
Lecture 5 ip security
byrajakhurram
 
Ch08
bynathanurag
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
byGopal Sakarkar
 
Pki for dummies
byAlex de Jong
 
Introduction to SSL/TLS
bykeithrozario
 
public key infrastructure
byvimal kumar
 
Ipsec
byBaidyanath Dutta
 
Secure Data Transmission
bybjp4642
 
IPSec Overview
bydavisli
 

Similar to Internet Key Exchange Protocol

PDF
CRYPTO_REPORT on SECURITY POLICY.pdf
bySpammer7
 
PPTX
cryptography.pptx
byMvidhya9
 
PDF
APNIC_TRAINING_20130508IPSec_Basics-Handouts.pdf
bybiasnasional
 
PDF
Secure instant messanger service
byAditya Gupta
 
PDF
Design methodology for ip secured tunel based embedded platform for aaa server
byijmnct
 
PDF
IPSec_VPN_Final_
byPratik Bhide
 
PPT
I psec
bynlekh
 
PPT
I psec
byahmad1986jor
 
PPT
taub-IPsec network security in network.ppt
byubaidullah75790
 
DOC
Ipsec rbe guide
byWahyu Nasution
 
PDF
18CS2005 Cryptography and Network Security
byKathirvel Ayyaswamy
 
PDF
IPsec for IMS
byHossein Yavari
 
PPTX
Cryptography and network security
byPriyadharshiniVS
 
PPT
Ipsec vpn v0.1
bySankaranarayanan Subramanian
 
PPT
Ip sec and ssl
byMohd Arif
 
PPT
2800967 for internet and networkings.ppt
byallfather027
 
PPTX
Cryptography and Network security # Lecture 8
byKabul Education University
 
PDF
I psec
byMohamed Gamel
 
PDF
I psec
bySwapnil Kapate
 
PPT
IPsecurity.ppt information security in
bygallanandhini
 
CRYPTO_REPORT on SECURITY POLICY.pdf
bySpammer7
 
cryptography.pptx
byMvidhya9
 
APNIC_TRAINING_20130508IPSec_Basics-Handouts.pdf
bybiasnasional
 
Secure instant messanger service
byAditya Gupta
 
Design methodology for ip secured tunel based embedded platform for aaa server
byijmnct
 
IPSec_VPN_Final_
byPratik Bhide
 
I psec
bynlekh
 
I psec
byahmad1986jor
 
taub-IPsec network security in network.ppt
byubaidullah75790
 
Ipsec rbe guide
byWahyu Nasution
 
18CS2005 Cryptography and Network Security
byKathirvel Ayyaswamy
 
IPsec for IMS
byHossein Yavari
 
Cryptography and network security
byPriyadharshiniVS
 
Ipsec vpn v0.1
bySankaranarayanan Subramanian
 
Ip sec and ssl
byMohd Arif
 
2800967 for internet and networkings.ppt
byallfather027
 
Cryptography and Network security # Lecture 8
byKabul Education University
 
I psec
byMohamed Gamel
 
I psec
bySwapnil Kapate
 
IPsecurity.ppt information security in
bygallanandhini
 

More from Prateek Singh Bapna

PDF
Venture capital 101
byPrateek Singh Bapna
 
PPT
A Muti-objective approach to Transportation Network Design
byPrateek Singh Bapna
 
PPTX
Hero MotoCorp Financial Analysis Report
byPrateek Singh Bapna
 
PPTX
Improvement of BITS Co-operative store : AKSHAY
byPrateek Singh Bapna
 
PPTX
5S, Kaizen, PokaYoke
byPrateek Singh Bapna
 
PPTX
Software as a Service
byPrateek Singh Bapna
 
PPTX
Business proposal presentation
byPrateek Singh Bapna
 
PPTX
Intellectual Property
byPrateek Singh Bapna
 
Venture capital 101
byPrateek Singh Bapna
 
A Muti-objective approach to Transportation Network Design
byPrateek Singh Bapna
 
Hero MotoCorp Financial Analysis Report
byPrateek Singh Bapna
 
Improvement of BITS Co-operative store : AKSHAY
byPrateek Singh Bapna
 
5S, Kaizen, PokaYoke
byPrateek Singh Bapna
 
Software as a Service
byPrateek Singh Bapna
 
Business proposal presentation
byPrateek Singh Bapna
 
Intellectual Property
byPrateek Singh Bapna
 

Recently uploaded

PPTX
MuleSoft AI Series : Introduction to MCP
byMulesoftMunichMeetup
 
PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PDF
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
PPTX
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
PDF
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
PDF
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
PPTX
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
PDF
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
PDF
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
PDF
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
PDF
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
PDF
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
PDF
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
PDF
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
PDF
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
PDF
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
PDF
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
PDF
MuleSoft Meetup: Dreamforce'25 Tour- Vibing With AI & Agents.pdf
byTintu Jacob Shaji
 
PDF
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
PDF
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
MuleSoft AI Series : Introduction to MCP
byMulesoftMunichMeetup
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
Mastering Agentic Orchestration with UiPath Maestro | Hands on Workshop
byUiPathCommunity
 
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
MuleSoft Meetup: Dreamforce'25 Tour- Vibing With AI & Agents.pdf
byTintu Jacob Shaji
 
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 

Internet Key Exchange Protocol

  • 1.
    INTERNET KEY EXCHANGE PROTOCOL PRESENTED BY PRATEEK SINGH BAPNA
  • 2.
    Internet Key Exchange(IKE) Described in RFC 2409 Used for Key Management in IPSec Networks Allows automatic negotiation and creation of IPSec SAs between IPSec Peers
  • 3.
    IKE History IKE isa hybrid protocol based on: ISAKMP (RFC 2408), the protocol for negotiated establishment of security associations Oakley (RFC 2412), the key agreement/exchange protocol SKEME, another key exchange protocol
  • 4.
    ISAKMP Expands as InternetSecurity Association and Key Management Protocol Establishes a secure management session between IPSec peers Negotiates SAs between IPSec peers
  • 5.
    Oakley Protocol Defines themechanisms for key exchange over the IKE session Determines AH/ESP keying material for each IPSec SA automatically By default, it uses an authenticated Diffie-Hellman Algorithm for key exchange
  • 6.
    Diffie-Hellman Algorithm Algorithm forsecure key exchange over unsecured channels Based on the difficulty of finding discreet algorithms Used to establish a shared secret between parties (usually the secret keys for symmetric encryption or HMACs)
  • 7.
  • 8.
    Diffie-Hellman in Action A Private Value, X Public Value, Y Private Value, X Public Value, Y B (Shared Secret)
  • 9.
    IPSec and IKERelationship IPSec needs SAs to protect traffic If no SAs are in place, IPSec will ask IKE to provide IPSec SAs IKE opens a management session with relevant peer, and negotiates all SAs and keying material for IPSec IPSec protects traffic
  • 10.
    IPSec and IKERelationship (Contd.) 1. Outbound packet from A to B, no SA 4. Packet is sent from A to B protected by IPSec SA IPSec IPSec A B A’s Laptop B’s Laptop IKE IKE A IKE Session B 2. A’s IKE begins negotiations with B’s 3. Negotiations complete, A and B now have complete SAs in place
  • 11.
    IKE Protocol An IKEsession runs over UDP (source and destination port 500) IKE session establishment results in the creation of IKE SAs IKE then establishes all requested IPSec SAs on demand
  • 12.
    IKE Session Protocol IKEsessions are protected by cryptographic algorithms/protocols The peers need to agree on a bundle of algorithms and protocols, known as IKE protection suites, to protect the IKE session Protection suites can be Encryption Algorithm, Hashing MAC Algorithm, Peer Authentication Procedure, DH group for Initial Key Exchange, SA Lifetime
  • 13.
    IKE Phases andModes IKE has 2 phases: • IKE Phase 1 o Uses main or aggressive mode exchange o Negotiates IKE SA • IKE Phase 2 o Uses quick mode exchange o Negotiates IPSec SAs
  • 14.
  • 15.
    Phase 2 Attributes GroupDescription (for PFS) Encryption Algorithm (if any) • Key Length • Key Rounds Group Description (for PFS) Life duration (seconds and/or kilobytes) Encapsulation mode (transport or tunnel)
  • 16.
    Why Two-Phase Design? Expensive1st phase creates main SA Cheaper 2nd phase allows to create multiple child SA (based on main SA) between same hosts
  • 17.
    IKE Peer Authentication Toestablish the IKE SA, peers have to authenticate each other (two way) 3 defined mechanisms: • Pre-shared keys • RSA encrypted nonce • RSA signatures
  • 18.
    IKE Session Encryption IKEsession is encrypted either by DES or 3DES Keying material is generally derived from the initial DH change In main mode, peer identity is also encrypted
  • 19.
    IKE Session Integrity IKEuses HMAC functions to guarantee session integrity Choice between keyed SHA-1 and MD5 Keying material is generally derived from the initial DH exchange
  • 20.
    Other Aspects ofIKE Interaction with other network protocols Error handling Protocol management Legacy authentication
  • 21.
    THANK YOU !!! QUERIES???