Cryptography Reference
In-Depth Information
Upon completion of this phase, authentication and key exchange are com-
pleted, and the IKE SA is established.
In what follows, we give a description of the six steps involved in the three-
pass IKE main mode, followed by an illustration. What we describe is a sim-
plified version of the scheme, assumed to take place between Alice and Bob. In
fact, IKE itself, is a slim-down version of ISAKMP/Oakley.
Background Assumptions
: For the DiJe-Hellman part of the exchange,
we need the followingnotation. We use (
p
A
,s
A
), and (
p
B
,s
B
), respectively for
Alice's, and Bob's, respectively public/secret DiJe-Hellman keys. Recall from
page 166 that (
p
A
,s
A
)=(
α
x
,x
) and (
p
B
,s
B
)=(
α
y
,y
), so
p
s
A
=
p
s
B
=
k.
This notational assumption will be made below. Moreover,
I
A
and
I
B
are
identifyingdata strings for Alice and Bob, respectively, and we assume that Alice
and Bob have RSA public/private key pairs (
e
A
,d
A
) and (
e
B
,d
B
), respectively,
where they have exchanged
e
A
and
e
B
in advance of the following.
IKE Phase I Using Main Mode
1.
SA Negotiation Initialization
: Alice sends Bob her list of proposed
parameters,
S
A
, such as proposed encryption algorithms, hash functions,
pseudo-random generators for hashing messages to be signed, and so on.
These will be used to establish an IKE SA. Also, contained in the message
is a
header
,
H
A
, containinga cookie,
C
A
(see pages 323-325) for Alice
(in order to keep the session state information for her).
2.
SA Agreement
: Bob selects one of each of the parameters from Alice's
lists in
S
A
, such as a single choice of hash function, sole choice of SKC,
and so forth. He sends back his list of choices,
S
B
, together with a header,
H
B
, containinga cookie,
C
B
, for his session state data.
3.
Key Negotiation Initialization
: Alice sends Bob her DiJe-Hellman
public key
p
A
, a nonce
N
A
, and
H
A
.
4.
Key Generation Completion
: Bob sends his DiJe-Hellman public key,
p
B
, his nonce
N
B
, and his header
H
B
.
Alice and Bob independently compute
p
s
A
=
k
and
p
s
B
=
k
, respectively.
5.
Alice's Identity Verified
: Alice sends
(
H
A
,k
(
I
A
,d
A
(
N
A
,
N
B
,k,
p
A
,
p
B
,
C
A
,
C
B
,
S
A
)))
,
to Bob who now is able to use
k
−
1
and
e
A
, to verify Alice's identity.
6.
Bob's Identity Verified/SA Established
: Bob sends to Alice
(
H
B
,k
(
I
B
,d
B
(
N
A
,
N
B
,k,
p
A
,
p
B
,
C
A
,
C
B
,
S
B
)))
,
and Alice may similarly verify Bob's identity.
Search WWH ::
Custom Search