Key management internet key exchange ikev2 allows

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: even in locations where the export, import or use of encryption to provide confidentiality is regulated. • Encapsulation Security Payload (ESP) — Provides integrity, authentication, and confidentiality to IP datagrams. Key Management • Internet Key Exchange IKEv2 — Allows users to agree on authentication methods, encryption methods, keys to use, and key duration. — Key exchange could be manual or automated. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 14 • The basic key management mechanism is the Diffie-Hellman key exchange algorithm. IKEv2 supports perfect forward secrecy for keys, identity protection, authentication, user-defined abstract group structures for use with the Diffie-Hellman algorithm, key updates, and incorporation of keys distributed via out-of-band mechanisms. • There are currently two ways to handle key exchange and management within IPsec’s architecture: manual and automated keying. Both of these methods are mandatory requirements of IPsec. 14 VPN, IPSec and TLS IP Security Architecture • — — — • • Encapsulation Security Payload Protocol AH is used to authenticate. ESP is used to encrypt and to authenticate. Algorithms for encryption and authentication — — Symmetric encryption algorithms. Keyed hash algorithms. Encryption Algorithm Key Management Protocols — IPsec Databases (SPD, SAD, PAD) ESP/AH Engine Information shared between two Gateways on how to secure communications. Security Protocols — — • Security Policy Database (SPD) Security Association Database (SAD) Peer Authorization Database (PAD) Security Associations — • IP Packets IPsec Databases Authentication & Integrity Algorithms Key Management Manual and Automated VPN Authentication Header Protocol IPsec IKE v2 TLS M. Mogollon – 01/08 - 15 • IPsec Databases o Security Policy Database (SPD) o Security Association Database (SAD) o Peer Authorization Database (PAD) • Security Associations o Information shared between 2 Gateways on how to secure a communication. • SAs has three parameters: o Security Parameter In...
View Full Document

This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.

Ask a homework question - tutors are online