10_ike - 1 IPSEC: IKE Markus Hidell mahidell@kth.se Based...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 1 IPSEC: IKE Markus Hidell mahidell@kth.se Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers 2 Reading • Kaufman, chapter 18 (and some of 16) 3 Secure Key Establishment • Goal: generate and agree on a session key using some public initial information • What properties are needed? – Authentication (know identity of other party) – Secrecy (generated key not known to any others) – Forward secrecy (compromise of one session key does not compromise of keys in other sessions) – Prevent replay of old key material – Prevent denial of service – Protect identities from eavesdroppers 4 IKE • Internet Key Exchange—setting up the SAs for IPsec (ESP and AH SA's) • We assume that the two nodes have some long term key – Pre-shared secret key – Public encr ypti on key – Public signature key • Use IKE protocol to do mutual authentication and to create a session key – Use Diffie-Hellman to derive shared symmetric key • IKE does not define exactly which ciphers to use, but a mechanism in which the nodes will negotiate this 5...
View Full Document

This note was uploaded on 02/16/2011 for the course ICT 2 taught by Professor 2 during the Spring '11 term at Kungliga Tekniska högskolan.

Page1 / 11

10_ike - 1 IPSEC: IKE Markus Hidell mahidell@kth.se Based...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online