Open In App

Internet Key Exchange (IKE) in Network Security

Last Updated : 07 May, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

Network Security refers to the measures taken by any enterprise or organization to secure its computer network and data using both hardware and software systems. Internet Key Exchange(IKE) is a key management protocol used to secure communication and key exchange between two devices over any network. Key exchange is done in two ways:

Manual Key Exchange

In Manual Key Exchange, the system administrator manually configures each system with their keys. This method is suitable for small and static systems.

Automated Key Exchange

The keys will be created or generated based on the demand or requirement. This method is suitable for large and distributed systems. Automated Key Exchange has two main methods:

  • Oakley Key Determination Protocol: Oakley key determination protocol is based on the Diffie-Hellman key exchange protocol with some added security. It is a generic protocol.
  • ISAKMP(Internet Security Association and Key Management Protocol): It provides a framework for key exchange and specific support i.e the protocol can be either Authentication Header or Encapsulation Security Protocol.
  • SKEME Protocol: It is a key exchange technique that provides anonymity, non-repudiation, and refreshment.

Phases of Internet Key Exchange(IKE)

IKE can be done in two phases:

IKE Phase-1

There will be two devices i.e. sender and receiver. Initially, the sender will exchange the proposals for security services like encryption algorithms. authentication algorithm, hash function, etc. The sender and receiver will form a security association which is a collection of parameters that the two devices use. Here, the ISAKMP session is established and called the ISAKMP tunnel or Internet Key Exchange(IKE) Phase-1 tunnel which is bi-directional. When both ends of the tunnel agree to accept a set of security parameters, Phase-1 is done.

Modes in Phase-1: In Phase-1, we have two modes:

  • Main mode: The main mode of phase-1 uses six messages to secure the key exchange and the Main mode is the more secure. It allows hiding the end-point identifiers and the ability to select the crypto algorithms. In the six messages: The first two messages negotiate the policy and the next two messages depict the Diffie-hellman public values necessary for key exchange and the next two messages are used to authenticate the Diffie-hellman exchange.
  • Aggressive mode: The Aggressive mode of phase-1 uses three messages and it is less secure than the Main mode. It doesn’t allow hiding the endpoints.
Phase-1

Phase-1 

IKE Phase-2

There will be two devices i.e. sender and receiver. Once the sender and receiver established the ISAKMP tunnel in phase-1 they move to phase-2. phase-2 always operates in Quick mode. Here the security associations and services between the two devices are negotiated. The devices will choose which protocol(Authentication Header or Encapsulation Security Protocol) and which algorithm to use.

Phase-2

Phase-2


Like Article
Suggest improvement
Next
Key Security Concepts
Share your thoughts in the comments

Similar Reads

8085 program to exchange content of HL register pair with DE register pair
Communication Models in IoT (Internet of Things )
Characteristics of Internet of Things
Sensors in Internet of Things(IoT)
Internet of Things (IoT) Enabling Technologies
Challenges in Internet of things (IoT)
Program to remotely Power On a PC over the internet using the Wake-on-LAN protocol.
Internet of Things (IoT) | Set 3
Introduction to Internet of Things (IoT) - Set 1
Challenges of database security in DBMS

P
puzitha23
Article Tags :
Practice Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox