This preview shows page 1. Sign up to view the full content.
Unformatted text preview: rithms provides a forward migration path to better mechanisms and algorithms. When
improved security mechanisms are developed to counter new attacks against current encryption
algorithms, authentication mechanisms and key exchanges would be created; in those situations,
IKE v2 would allow the updating of the algorithms and mechanisms without having to develop a
completely new IKE or to patch the current one. 22 VPN, IPSec and TLS Negotiating a Security Association using IKE
IKE Security Association (IKE SA) proposes the following: • Type of protection to use, either ESP or AH.
• Authentication algorithms and keys for signing data.
• Encryption algorithms and keys to protect data.
• Hash algorithms to reduce data for signing.
• Information about a group over which to do a DiffieHellman exchange. • A pseudo-random function (prf) to hash certain values
during the key exchange. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 23 • A security association normally includes the parameters listed below, but might include
additional parameters as well:
o Type of protection used, either ESP or AH.
o Authentication algorithm used with AH.
o Key(s) used with the authentication algorithm in AH.
o Encryption algorithm and mode used with ESP.
o Key(s) used with the encryption algorithm in ESP.
o Initialization vector for the encryption algorithm used in ESP.
o Authentication algorithm and mode used with the ESP transform.
o Authentication key(s) used with the authentication algorithm in ESP
o Lifetime of the key used or time when key change should occur.
o Hash algorithms to reduce data for signing used.
o Information provided about a group over which to do a Diffie-Hellman exchange.
o Lifetime of the security association established.
o Source address(es) of the security association provided. 23 VPN, IPSec and TLS Security Association
I would like to establish a secure IP communication,
and since we haven’t talked before, let’s agree on all
the security parameters we need by creating an SA. Source Once we finish, let’s assign an index to the SA,
(Security Parameter Index) and store the
View Full Document
This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.
- Spring '10