The Internet Key Exchange

Prior to an IP packet being secured by IPSec, a security association (SA) must exist. The Internet Key Exchange (IKE) creates SAs dynamically on behalf of IPSec and populates and manages the Security Association Database (SADB).

IKE, described in RFC2409, is a hybrid protocol. It is based on a framework defined by the Internet Security Association and Key Management Protocol (ISAKMP), defined in RFC2408, and implements parts of two key management protocols—Oakley and SKEME. In addition IKE defines two exchanges of its own.

Oakley is a protocol developed by Hilarie Orman, a cryptographer from the University of Arizona. It is a free-form protocol that allows each party to advance the state of the protocol at its own speed. From Oakley, IKE borrowed the idea of different modes, each producing a similar result—an authenticated key exchange— through the exchange of information. In Oakley, there was no definition of what information to exchange with each message. The modes were examples of how Oakley could be utilized to achieve a secure key exchange. IKE codified the modes into exchanges. By narrowing the flexibility of the Oakley model, IKE limits the wide range of possibilities that Oakley allows yet still provides multiple modes, albeit in a well-defined manner.

SKEME is another key exchange protocol, designed by cryptographer Hugo Krawczyk. SKEME defines a type of authenticated key exchange in which the parties use public key encryption to authenticate each other and "share" components of the exchange. Each side encrypts a random number in the public key of the peer and both random numbers (after decryption) contribute to the ultimate key. One can optionally do a Diffie-Hellman exchange along with the SKEME share technique for Perfect Forward Secrecy (PFS), or merely use another rapid exchange, which does not require public key operations, to refresh an existing key. IKE borrows this technique directly from SKEME for one of its authentication methods (authentication with public key encryption) and also borrows the notion of rapid key refreshment without PFS.

ISAKMP was developed by researchers at the National Security Agency (NSA). The NSA used to be a super-secret organization whose existence was even denied by the United States government. Recently, the NSA has come out of the shadows and its considerable expertise in cryptography and security has been put to visible use. ISAKMP is one such output.

It is upon these three protocols—ISAKMP, Oakley, and SKEME—that IKE is based. It is a hybrid protocol; it uses the foundation of ISAKMP, the modes of Oakley, and the share and rekeying techniques of SKEME to define its own unique way of deriving authenticated keying material and negotiating shared policy. The contributions of Oakley and SKEME can be seen in the discussion of IKE itself, but the contributions of ISAKMP are considerable enough to warrant a separate discussion.

IKE is a generic protocol that can establish security associations for multiple security services. IPSec is one such service. The specification of how to use IKE to establish IPSec Sas is in the Domain of Interpretation (DOI) for IPSec. This specification is described in RFC2407.