IKEv1 and IKEv2: A Quantitative Analyses
نویسندگان
چکیده
Key management is a vital component in any modern security protocol. Due to scalability and practical implementation considerations automatic key management seems a natural choice in significantly large virtual private networks (VPNs). In this context IETF Internet Key Exchange (IKE) is the most promising protocol under permanent review. We have made a humble effort to pinpoint IKEv2 net gain over IKEv1 due to recent modifications in its original structure, along with a brief overview of salient improvements between the two versions. We have used US National Institute of Technology NIIST VPN simulator to get some comparisons of important performance metrics. Keywords—Quantitative Analyses, IKEv1, IKEv2, NIIST.
منابع مشابه
Design of IPsec and IKE version 1 and 2 ∗
IPsec is a collection of protocols that provides network layer data integrity and confidentiality services. IKEv1 is a versatile key agreement protocol that allows perfect forward secrecy and identity protection (among other things). IKEv2 has similar functionalities as IKEv1, but provides a simpler and better approach to key exchange. Additionally, IKEv2 provides new methods for authentication...
متن کاملThe Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
The Internet Key Exchange (IKE) and Public Key Infrastructure for X.509 (PKIX) certificate profile both provide frameworks that must be profiled for use in a given application. This document provides a profile of IKE and PKIX that defines the requirements for using PKI technology in the context of IKE/IPsec. The document complements protocol specifications such as IKEv1 and IKEv2, which assume ...
متن کاملKey Exchange in IPsec Revisited: Formal Analysis of IKEv1 and IKEv2
The IPsec standard aims to provide application-transparent end-to-end security for the Internet Protocol. The security properties of IPsec critically depend on the underlying key exchange protocols, known as IKE (Internet Key Exchange). We provide the most extensive formal analysis so far of the current IKE versions, IKEv1 and IKEv2. We combine recently introduced formal analysis methods for se...
متن کاملKey Derivation and Randomness Extraction
Key derivation refers to the process by which an agreed upon large random number, often named master secret, is used to derive keys to encrypt and authenticate data. Practitioners and standardization bodies have usually used the random oracle model to get key material from a Diffie-Hellman key exchange. However, proofs in the standard model require randomness extractors to formally extract the ...
متن کاملMeasuring small subgroup attacks against Diffie-Hellman
Several recent standards, including NIST SP 80056A and RFC 5114, advocate the use of “DSA” parameters for Diffie-Hellman key exchange. While it is possible to use such parameters securely, additional validation checks are necessary to prevent well-known and potentially devastating attacks. In this paper, we observe that many Diffie-Hellman implementations do not properly validate key exchange i...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012