Comparative analysis of Internet Key Exchange protocols

Internet Key Exchange (IKE) protocol is a vibrant component of Internet Security protocol (IPSec). It plays a vital role to accomplish the tasks of negotiation and establishment of security parameters, generation and management of cryptographic keys, mutual authentication of participating peers and establishing security associations. Since the IPSec security relies primarily on secure IKE, therefore the review and analysis of IKE versions is essential prior to their deployment in IPSec. This paper not only reviews the versions 1 and 2 of IKE but also presents a comparative analysis of these key management protocols.

[1]  Hilarie K. Orman,et al.  The OAKLEY Key Determination Protocol , 1997, RFC.

[2]  Catherine A. Meadows,et al.  Analysis of the Internet Key Exchange protocol using the NRL Protocol Analyzer , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[3]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[4]  Radia J. Perlman,et al.  Key Exchange in IPSec: Analysis of IKE , 2000, IEEE Internet Comput..

[5]  Paul E. Hoffman,et al.  Algorithms for Internet Key Exchange version 1 (IKEv1) , 2005, RFC.

[6]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[7]  Dan Harkins Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE) , 2012, RFC.

[8]  Radia J. Perlman,et al.  Analysis of the IPSec key exchange standard , 2001, Proceedings Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. WET ICE 2001.

[9]  William E. Burr,et al.  Recommendation for Key Management, Part 1: General (Revision 3) , 2006 .

[10]  Jianying Zhou,et al.  Further analysis of the Internet key exchange protocol , 2000, Comput. Commun..

[11]  Hugo Krawczyk,et al.  SKEME: a versatile secure key exchange mechanism for Internet , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[12]  Hugo Krawczyk,et al.  SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[13]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[14]  Kenneth G. Paterson A cryptographic tour of the IPsec standards , 2006, Inf. Secur. Tech. Rep..

[15]  Tero Kivinen,et al.  Signature Authentication in the Internet Key Exchange Version 2 (IKEv2) , 2015, RFC.

[16]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[17]  Okhee Kim Behavioral and Performance Characteristics of IPsec/IKE in Large-Scale VPNs , 2004 .

[18]  Bruce Schneier,et al.  A Cryptographic Evaluation of IPsec , 1999 .

[19]  D. Richard Kuhn,et al.  SP 800-32. Introduction to Public Key Technology and the Federal PKI Infrastructure , 2001 .

[20]  Elaine B. Barker,et al.  SP 800-56A. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) , 2007 .

[21]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.