[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IKE Analysis / New E-IKE draft
Hello,
there are some news on my website:
- A little paper dealing with IKE analysis
Abstract:
This paper takes a closer look on the authentication and key
generation mechanisms of IKE and gives some ideas on how it is
designed from the cryptographic point of view. The first part shows
basic de-sign principles of cryptographic protocols and their use in
IKE. It is intended to provide interested people with the ideas and
rationals behind this sort of protocol. Especially implementors, who
"want to know what they do" could find some interesting information.
The second part is more "scientific" providing a logic analysis by a
derivation of the famous BAN logic. This kind of logic is a way to
really prove the fulfillment of requirements under certain conditions
(whereas it has some gaps the way it is shown here, I suppose).
However, neither this paper is intended to be published at any
confe-rence or so, nor it claims to be complete or even provide a
strong prove in a scientific sense. It is open to improvements,
comments and suggestions.
*********
A new version of my E-IKE draft and an implementation of it.
Table of Contents
1. Abstract ................................................... 2
2. Terms and Definitions ...................................... 3
3. Discussion ................................................. 3
3.1 The Problem ............................................. 3
3.2 Two Appoaches ........................................... 5
3.2.1 Separated Policy Management ........................ 5
3.2.2 Extending IKE ...................................... 5
4. Pre-Requisites ............................................. 6
4.1 Design Objectives ....................................... 6
4.2 Gateway Discovery ....................................... 7
4.3 Initial Message Routing ................................. 7
4.4 IKE+ - A Protocol using complete IKE Exchanges .......... 8
5. E-IKE: A Protocol using an IKE-secured Channel ............. 9
5.1 Message format ......................................... 10
5.1.1 Structure ......................................... 10
5.1.2 Proxy Authentication .............................. 11
5.1.3 Authentication fields / Authentication Methods .... 12
5.1.4 Using ISAKMP Payloads to build the Msg. Structure . 13
5.2 Message flow ........................................... 15
5.2.1 First Message Upflow (I->R) ....................... 16
5.2.2 First Message Downflow (R->I) ..................... 17
5.2.3 Next Message Upflow (I->R) ........................ 19
5.2.4 Next Message Downflow (R->I) ...................... 21
5.3 Message Matrix ......................................... 23
5.4 Key Derivation ......................................... 24
5.5 Restrictions ........................................... 25
5.5.1 Overlapping Tunnels ............................... 25
5.5.2 Rekeying / Fault Management ....................... 26
5.6 Comparison ............................................. 26
6. Local Security Management ................................. 28
6.1 SA bundling ............................................ 29
6.2 Asymmetric SAs ......................................... 29
6.3 Security policy management on gateways and end nodes ... 29
7. Security Considerations ................................... 31
Appendix A Pseudo Code Notation .............................. 32
A.1 - Symbolic functions, Variables and Identifiers ........ 32
A.2 - Pseudo Code of IKE+ .................................. 35
A.3 - Pseudo Code of E-IKE ................................. 35
Appendix B - Payload Explosion Example ....................... 42
Appendix C - Examples ........................................ 44
C.1 Remote Access .......................................... 45
C.2 VPN .................................................... 46
1. Abstract
[MSST98] (ISAKMP) provides a framework for authentication and key
exchange but does not define them. ISAKMP is designed to be key
exchange independent; that is, it is designed to support many
different key exchanges.
[HC98] (IKE) describes a protocol using part of Oakley [Orm96] and
part of SKEME [Kra96] in conjunction with ISAKMP to obtain
authenticated keying material for use with ISAKMP, and for other
security associations such as AH and ESP for the IETF IPsec DOI.
IKE is designed to authenticate endpoints and negotiate security
associations (and necessary key material) between *two* parties.
This document describes an extended protocol (E-IKE) based on IKE
which allows involving more than two parties in the authentication
process and key exchange. It supports extended SA management / ~
establishment by applying security policies of the involved parties
during the protocol. Therefore it is a kind of a combined policy
and key management protocol.
************
The URL is:
http://www.imib.med.tu-dresden.de/imib/Internet/ike/index.html
Feel free to download the stuff and send me comments.
I've setup a mailinglist to discuss things on E-IKE for
interested people. Subscription information on the Webpage, too.
Kai
# Kai Martius #
# Dpt. of Medical CS and Biometrics / Dresden University of Technology #
# PGP Fingerprint: to be compared after download of my key #
# Key and more info (especially IP-security related) see my Homepage #
# http://www.imib.med.tu-dresden.de/imib/personal/kai.html #