Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption

The Internet Key Exchange version 2 (IKEv2) protocol has a certain computational and communication overhead with respect to the number of round-trips required and the cryptographic operations involved. In remote access situations, the Extensible Authentication Protocol (EAP) is used for authentication, which adds several more round trips and consequently latency. To re-establish security associations (SA) upon a failure recovery condition is time consuming, especially when an IPsec peer, such as a VPN gateway, needs to re-establish a large number of SAs with various end points. A high number of concurrent sessions might cause additional problems for an IPsec peer during SA re-establishment. In order to avoid the need to re-run the key exchange protocol from scratch it would be useful to provide an efficient way to resume an IKE/IPsec session. This document proposes an extension to IKEv2 that allows a client to re-establish an IKE SA with a gateway in a highly efficient manner, utilizing a previously established IKE SA. A client can reconnect to a gateway from which it was disconnected. The proposed approach uses a IKEv2 state (or a reference into a state store). to store state information that is later made available to the IKEv2 responder for re-authentication. Restoring state information by utilizing a ticket is one possible way. This document does not specify the format of the ticket but recommendations are provided.

[1]  Y. Sheffer,et al.  An Extension for EAP-Only Authentication in IKEv2 , 2010, Request for Comments.

[2]  E. Ertekin,et al.  IKEv2 Extensions to Support Robust Header Compression over IPsec , 2010, RFC.

[3]  Kilian Weniger,et al.  Redirect Mechanism for the Internet Key Exchange Protocol Version 2 (IKEv2) , 2009, RFC.

[4]  Yan Xu,et al.  IKEv2 SA Synchronization for session resumption , 2008 .

[5]  Paul Hoffman,et al.  Internet Key Exchange Protocol: IKEv2 , 2008 .

[6]  Eric Rescorla,et al.  How to Implement Secure (Mostly) Stateless Tokens , 2007 .

[7]  Hannes Tschofenig,et al.  Online Certificate Status Protocol (OCSP) Extensions to IKEv2 , 2007, RFC.

[8]  Pasi Eronen,et al.  Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol , 2006, RFC.

[9]  Paul E. Hoffman,et al.  IKEv2 Clarifications and Implementation Guidelines , 2006, RFC.

[10]  Pasi Eronen,et al.  IKEv2 Mobility and Multihoming Protocol (MOBIKE) , 2006, RFC.

[11]  Yoav Nir,et al.  Repeated Authentication in Internet Key Exchange (IKEv2) Protocol , 2006, RFC.

[12]  Charlie Kaufman,et al.  Internet Key Exchange (IKEv2) Protocol , 2005, RFC.

[13]  Donald E. Eastlake,et al.  Randomness Requirements for Security , 2005, RFC.

[14]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[15]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[16]  Yaron Sheffer,et al.  IKEv2 Session Resumption , 2010 .

[17]  Jerome A. Solinas,et al.  IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA) , 2007, RFC.

[18]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.