IKE, Internet Key Exchange

Description Glossary RFCs Publications Obsolete RFCs

Description:

Protocol suite: TCP/IP, IPSec.
Protocol type:Application layer key exchange protocol.
Port:500 (UDP).
MIME subtype:
SNMP MIBs:
Working groups: ipsecme, IP Security Maintenance and Extensions.
IANA: IPSec registry.
IKEv2 Parameters.
Links: 

IKE is a hybrid of the ISAKMP, Oakley and SKEME protocols.

ISAKMP provides a framework for authentication and key exchange but does not define them. It is designed to be key exchange independant; that is, it is designed to support many different key exchanges.

Oakley describes a series of key exchanges, known as modes, and details the services provided by each (e.g. perfect forward secrecy for keys, identity protection, and authentication).

SKEME describes a versatile key exchange technique which provides anonymity, repudiability, and quick key refreshment.

Perfect Forward Secrecy is supported.

IKEv2 does not interoperate with IKEv1, but it has enough of the header format in common that both versions can unambiguously run over the same UDP port.

RFC 2409:

Oakley and SKEME each define a method to establish an authenticated key exchange. This includes payloads construction, the information payloads carry, the order in which they are processed and how they are used.

While Oakley defines "modes", ISAKMP defines "phases". The relationship between the two is very straightforward and IKE presents different exchanges as modes which operate in one of two phases.

Phase 1 is where the two ISAKMP peers establish a secure, authenticated channel with which to communicate. This is called the ISAKMP Security Association (SA). "Main Mode" and "Aggressive Mode" each accomplish a phase 1 exchange. "Main Mode" and "Aggressive Mode" MUST ONLY be used in phase 1.

Phase 2 is where Security Associations are negotiated on behalf of services such as IPsec or any other service which needs key material and/or parameter negotiation. "Quick Mode" accomplishes a phase 2 exchange. "Quick Mode" MUST ONLY be used in phase 2.


MAC header IP header UDP header IKE header Data :::

IKEv2 header:

0001020304050607 0809101112131415 1617181920212223 2425262728293031
Initiator SPI
-
Responder SPI
-
Next payload Major ver Minor ver Exchange type Flags
Message ID
Length
Data :::

Initiator SPI. 8 bytes.
A value chosen by the initiator to identify a unique IKE security association. This value MUST NOT be cleared to zero.

Responder SPI. 8 bytes.
A value chosen by the responder to identify a unique IKE security association. This value MUST be cleared to zero in the first message of an IKE Initial Exchange (including repeats of that message including a cookie) and MUST NOT be zero in any other message.

Next payload. 8 bits.
Indicates the type of payload that immediately follows the header.

TypeDescriptionReferences
0No next payload.RFC 4306
1
-
32
reserved.RFC 4306
33SA, Security Association.RFC 4306
34KE, Key Exchange.RFC 4306
35IDi, Identification - Initiator.RFC 4306
36IDr, Identification - Responder.RFC 4306
37CERT, Certificate.RFC 4306
38CERTREQ, Certificate Request.RFC 4306
39AUTH, Authentication.RFC 4306
40Ni and Nr, Nonce.RFC 4306
41N, Notify.RFC 4306
42D, Delete.RFC 4306
43V, Vendor ID.RFC 4306
44TSi, Traffic Selector - Initiator.RFC 4306
45TSr, Traffic Selector - Responder.RFC 4306
46E, Encrypted.RFC 4306
47CP, Configuration.RFC 4306
48EAP, Extensible Authentication.RFC 4306
49
-
127
reservedRFC 4306
128
-
255
private use.RFC 4306

Major ver. 4 bits.
Indicates the major version of the IKE protocol to use.

Minor ver. 4 bits.
Indicates the minor version of the IKE protocol to use.

Exchange type. 8 bits.
Indicates the type of exchange being used. This constrains the payloads sent in each message and orderings of messages in an exchange.

TypeDescriptionReferences
0
-
33
reserved.RFC 4306
34IKE_SA_INIT.RFC 4306
35IKE_AUTH.RFC 4306
36CREATE_CHILD_SA.RFC 4306
37INFORMATIONAL.RFC 4306
38IKE_SESSION_RESUME.RFC 5723
39
-
239
reserved.RFC 4306
240
-
255
Private use.RFC 4306

Flags. 8 bits.
Indicates specific options that are set for the message. The presence of options is indicated by the appropriate bit in the flags field being set.

0001020304050607
0 I V R 0

I, Initiator. 1 bit.
Indicates the message was sent by the initiator if set.

V, Version. 1 bit.
Indicates that the sender is capable of speaking a higher major version number of the protocol than the one indicated in the major version number field. Implementations of IKEv2 must clear this bit when sending and MUST ignore it in incoming messages.

R, Response. 1 bit.
Indicates that this message is a response to a message containing the same message ID. This bit MUST be cleared in all request messages and MUST be set in all responses. An IKE endpoint MUST NOT generate a response to a message that is marked as being a response.


Attribute classes:

ValueTypeDescription
1basicEncryption algorithm.
2basicHash algorithm.
3basicAuthentication method.
4basicGroup description.
5basicGroup type.
6variableGroup prime/irreducible polynomial.
7variableGroup generator one.
8variableGroup generator two.
9variableGroup curve A.
10variableGroup curve B.
11basicLife type.
12variableLife duration.
13basicPRF.
14basicKey length.
15basicField size.
16variableGroup order.
17
-
16383
 Reserved to IANA.
16384
-
32767
 Private use among mutually consenting parties.

Encryption algorithms:

ValueAlgorithmModeRoundsBlock sizeReferences
1DES.CBC   RFC 2405
2IDEA.CBC   RFC 2409
3Blowfish.CBC   RFC 2409
4 RC5.CBC1664 
5 3DES.CBC   
6 CAST.CBC   
7 AES.CBC   
8 CamelliaCBC   RFC 4312
9
-
65000
     
65001
-
65535
private use.    

Hash algorithms:

ValueAlgorithmReferences
1 MD5. 
2 SHA. 
3 Tiger. 
4 SHA2-256. 
5 SHA2-384. 
6 SHA2-512. 

Notify messages, message types:

ValueMessage typeReferences
0 RFC 4306
1UNSUPPORTED_CRITICAL_PAYLOAD.RFC 4306
2
3
 RFC 4306
4INVALID_IKE_SPI.RFC 4306
5INVALID_MAJOR_VERSION.RFC 4306
6 RFC 4306
7INVALID_SYNTAX.RFC 4306
8 RFC 4306
9INVALID_MESSAGE_ID.RFC 4306
10 RFC 4306
11INVALID_SPI.RFC 4306
12
13
 RFC 4306
14NO_PROPOSAL_CHOSEN.RFC 4306
15
16
 RFC 4306
17INVALID_KE_PAYLOAD.RFC 4306
18
-
23
 RFC 4306
24AUTHENTICATION_FAILED.RFC 4306
25
-
33
 RFC 4306
34SINGLE_PAIR_REQUIRED.RFC 4306
35NO_ADDITIONAL_SAS.RFC 4306
36INTERNAL_ADDRESS_FAILURE.RFC 4306
37FAILED_CP_REQUIRED.RFC 4306
38TS_UNACCEPTABLERFC 4306
39INVALID_SELECTORS.RFC 4306
40UNACCEPTABLE_ADDRESSES.RFC 4555
41UNEXPECTED_NAT_DETECTED.RFC 4555
42USE_ASSIGNED_HoA.RFC 5026
43
-
8191
Error types, reserved to IANA.RFC 4306
8192
-
16383
Error types, private use.RFC 4306

Notify messages, status types:

ValueStatus typeReferences
16384INITIAL_CONTACT.RFC 4306
16385SET_WINDOW_SIZE.RFC 4306
16386ADDITIONAL_TS_POSSIBLE.RFC 4306
16387IPCOMP_SUPPORTED.RFC 4306
16388NAT_DETECTION_SOURCE_IP.RFC 4306
16389NAT_DETECTION_DESTINATION_IP.RFC 4306
16390COOKIE.RFC 4306
16391USE_TRANSPORT_MODE.RFC 4306
16392HTTP_CERT_LOOKUP_SUPPORTED.RFC 4306
16393REKEY_SA.RFC 4306
16394ESP_TFC_PADDING_NOT_SUPPORTED.RFC 4306
16395NON_FIRST_FRAGMENTS_ALSO.RFC 4306
16396MOBIKE_SUPPORTED.RFC 4555
16397ADDITIONAL_IP4_ADDRESS.RFC 4555
16398ADDITIONAL_IP6_ADDRESS.RFC 4555
16399NO_ADDITIONAL_ADDRESSES.RFC 4555
16400UPDATE_SA_ADDRESSES.RFC 4555
16401COOKIE2.RFC 4555
16402NO_NATS_ALLOWED.RFC 4555
16403AUTH_LIFETIME. RFC 4478
16404MULTIPLE_AUTH_SUPPORTED.RFC 4739
16405ANOTHER_AUTH_FOLLOWS.RFC 4739
16406REDIRECT_SUPPORTED.RFC 5685
16407REDIRECT.RFC 5685
16408REDIRECTED_FROM.RFC 5685
16409TICKET_LT_OPAQUE.RFC 5723
16410TICKET_REQUEST.RFC 5723
16411TICKET_ACK.RFC 5723
16412TICKET_NACK.RFC 5723
16413TICKET_OPAQUE.RFC 5723
16414LINK_ID.RFC 5739
16415USE_WESP_MODE.RFC 5840
16416ROHC_SUPPORTED.RFC 5857
16417EAP_ONLY_AUTHENTICATION.RFC 5998
16418CHILDLESS_IKEV2_SUPPORTED.RFC 6023
16419QUICK_CRASH_DETECTION. 
16420
-
40959
  
40960
-
65535
PRIVATE USE.RFC 4306

IKEv2 Secure Password Methods

ValueDescriptionReferences
0  
1PACERFC 6631
2AugPACE, Augmented Password-Only Authentication and Key Exchange RFC 6628
3Secure PSK Authentication RFC 6617
4
-
1023
  
1024
-
65535
private use.RFC 6467

Glossary:

Quick mode.


RFCs:

[RFC 3104] RSIP Support for End-to-end IPsec.

[RFC 3193] Securing L2TP using IPsec.

[RFC 3526] More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).

[RFC 3706] A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers.

[RFC 3723] Securing Block Storage Protocols over IP.

[RFC 3947] Negotiation of NAT-Traversal in the IKE.

[RFC 4106] The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP).

[RFC 4109] Algorithms for Internet Key Exchange version 1 (IKEv1).

[RFC 4301] Security Architecture for the Internet Protocol.

[RFC 4307] Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2).

[RFC 4308] Cryptographic Suites for IPsec.

[RFC 4309] Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP).

[RFC 4312] The Camellia Cipher Algorithm and Its Use With IPsec.

[RFC 4322] Opportunistic Encryption using the Internet Key Exchange (IKE).

[RFC 4434] The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE).

[RFC 4478] Repeated Authentication in Internet Key Exchange (IKEv2) Protocol.

[RFC 4543] The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH.

[RFC 5282] Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol.

[RFC 5386] Better-Than-Nothing Security: An Unauthenticated Mode of IPsec.

[RFC 5857] IKEv2 Extensions to Support Robust Header Compression over IPsec.

[RFC 5996] Internet Key Exchange Protocol Version 2 (IKEv2).

[RFC 6027] IPsec Cluster Problem Statement.

[RFC 6617] Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE).

[RFC 6628] Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2.


Publications:


Obsolete RFCs:

[RFC 2409] The Internet Key Exchange (IKE).

[RFC 3664] The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE).

[RFC 4306] Internet Key Exchange (IKEv2) Protocol.


Description Glossary RFCs Publications Obsolete RFCs