What is an internet exchange of keys?

Internet exchange of keys (IKE) is a set of support protocol protocols created by the Internet Engineering Task Force (IETF) working group and the IPSEC (IPSEC) standards to ensure safe communication between two devices or peers over the network. IKE can be used as a protocol in a number of software applications. One common examples are setting a secure virtual private network (VPN). While the standard for virtually all modern computer operating systems and network devices, a lot of what Internet exchange of keys is doing is hidden from the view of the average user.

The IKE protocols determine what is called the Security Association (SA) between two or more peers over IPSEC, which is required for any secure communication via IPSEC. SA defines a cryptographic algorithm used in communication, encryption keys and their expiration data; All this then goes to the Association Association databaseEye of each (SAD). While the IPSEC may have SA manually, the SA is negotiating and automatically introduces security associations between peers, including the ability to create your own.

The

Internet exchange of keys is known as a hybrid protocol. IKE uses a protocol known as the Internet Security Association and Key Management Protocol (ISAKMP). ISAKMP provides IKE's ability to set up SA and performs tasks to define the format of data payload and decide on the key exchange protocol to be used. ISAKMP is able to use several methods to exchange keys, but its implementation in IKE uses aspects of two. Most of the key exchange process uses the Oakley Key Determination Protocol (Oakley) method that defines different modes but IKE also uses some methods of exchanging the source keys (SKEME) that allows the public key to encrypt and has capableNost to quickly update the keys.

When the peers want to communicate safely, they send each other what is called "interesting traffic". Interesting operations are reports that adhere to the IPSEC policy, which has been set on peers. One example of this policy found in firewalleys and routers is called the List of Access. The list of approach is provided by cryptography policy, using which certain statements within policy determine whether specific data sent via connection should be encrypted. Once the peers who are interested in secure communication have joined the IPSEC security policy with each other, the process of exchange of Internet keys begins.

The IKE process takes place in phases. Many secure connections begin in an unsecured state, so the first phase negotiates how the two peers will continue in the process of safe communication. IKE first verifies the identity of the peers and then ensures their identity by determination that the safety algorithms use both peers. HelpDiffie-Hellman Pprotolkol about Ublic Key cryptography, which is able to create the corresponding keys through an unprotected network, creates an internet exchange of keys. IKE completes phase 1 by creating a secure connection, tunnel, between peers that will be used in phase 2.

6 The verification header (AH) is introduced to verify that the sent messages are received intact. Packets must also be encrypted, so IPSEC then uses to encrypt packets encapsulating the safety protocol (ESP), thus protecting them safe from curious eyes. Ah is calculated on the basis of the contents of the packet and the packet is encrypted, so packets are secured from anyone who attempts to replace packets for fake or reading the contents of the packet.

IKE also exchanges cryptographic nonces during phase 2 .. Nonce is a number or string that is used only once. The one is then used by a peer if it needs to create a new secret key or prevent an attacker from generating false SAS to prevent whatsays the attack on playback.

The benefits of a multi -phase approach to IKE is that using Phase 1 SA can either start Phase 2 at any time to release a new SA to ensure that communication remains safe. After the internet exchange of keys completes its phases, the IPSEC tunnel is created for information exchange. Packets sent by the tunnel are encrypted and decrypted according to SAS set during phase 2. After the tunnels are completed, it ends either by expiration on the basis of a predetermined time limit or after transferring a certain amount of data. Of course, further negotiations of the IKE phase 2 can maintain the tunnel open or alternatively start new bargaining phase 1 and phase 2 to create a new, safe tunnel.

IN OTHER LANGUAGES

Was this article helpful? Thanks for the feedback Thanks for the feedback

How can we help? How can we help?