Cryptography Reference
In-Depth Information
Diagram 8.12 IKE Main Mode
First Pass: SA Negotiation
A
L
I
C
E
H
A
,
S
A
−−−−−−−−−−−−→
←−−−−−−−−−−−−
H
B
,
S
B
B
O
B
Second Pass: Key Negotiation
A
L
I
C
E
H
A
p
A
N
A
−−−−−−−−−−−−−−−−−−→
←−−−−−−−−−−−−−−−−−−
H
B
p
B
N
B
B
O
B
Third Pass: Identity Verification
A
L
I
C
E
(
H
A
,
k
(
I
A
,
d
A
(
N
A
,
N
B
,
k
,
p
A
,
p
B
,
C
A
,
C
B
,
S
A
)))
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−→
←−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
(
H
B
,
k
(
I
B
,
d
B
(
N
A
,
N
B
,
k
,
p
A
,
p
B
,
C
A
,
C
B
,
S
B
)))
B
O
B
Aggressive Mode
: The essential difference between this mode and main
mode is the manner in which messages are configured, which reduces the ex-
changes depicted in Diagram 8.12 to two. This naturally increases the speed of
communication. We make the same background assumptions as for main mode
given on page 298.
IKE Phase I Using Aggressive Mode
1.
SA and Key Negotiation Initialization
: Alice sends to Bob
(
H
A
,
S
A
,
p
A
,
N
A
,
I
A
), where the notation is as above.
2.
SA Agreement and Verification of Bob's Identity
: Bob sends
(
H
B
,
S
B
,
p
B
,
N
B
,
I
B
,k
(
I
B
))
,
so Alice may now compute
k
usingher
s
A
, then use
k
−
1
to verify Bob.
Search WWH ::
Custom Search