{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

10_ike - 1 IPSEC IKE Markus Hidell [email protected] Based on...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 1 IPSEC: IKE Markus Hidell [email protected] Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers 2 Reading • Kaufman, chapter 18 (and some of 16) 3 Secure Key Establishment • Goal: generate and agree on a session key using some public initial information • What properties are needed? – Authentication (know identity of other party) – Secrecy (generated key not known to any others) – Forward secrecy (compromise of one session key does not compromise of keys in other sessions) – Prevent replay of old key material – Prevent denial of service – Protect identities from eavesdroppers 4 IKE • Internet Key Exchange—setting up the SAs for IPsec (ESP and AH SA's) • We assume that the two nodes have some long term key – Pre-shared secret key – Public encr ypti on key – Public signature key • Use IKE protocol to do mutual authentication and to create a session key – Use Diffie-Hellman to derive shared symmetric key • IKE does not define exactly which ciphers to use, but a mechanism in which the nodes will negotiate this 5...
View Full Document

{[ snackBarMessage ]}

Page1 / 11

10_ike - 1 IPSEC IKE Markus Hidell [email protected] Based on...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online