Key Management
One of the most complex issues facing Internet security professionals is how to manage keys. This includes not only the actual distribution of keys through a key exchange protocol but also the negotiation of key length, lifetime, and cryptographic algorithms between communicating systems.
An open channel (an open communication medium over which transmissions can be overheard) like the global Internet complicates the process of sharing a secret. This process is necessary when two entities need to share a key to be used for encryption. Some of the most important cryptographic algorithms relate to the process of sharing a key over an open channel securely, in a way that keeps the secret from anyone but the intended recipients.
Diffie-Hellman key exchange is an algorithm that allows entities to exchange enough information to derive a session encryption key. Alice (the customary entity name for the first participant in a cryptographic protocol) calculates a value using Bob's public value and her own secret value (Bob is the second participant in cryptographic protocols). Bob calculates his own value and sends it to Alice; they each then use their secret values to calculate their shared key. The mathematics are relatively simple; the bottom line is that Bob and Alice can send each other enough information to calculate their shared key but not enough for an attacker to be able to figure it out.
Diffie-Hellman is often called a public key algorithm, but it is not a public key encryption algorithm. Diffie-Hellman is used to calculate a key, but that key must be used with some other encryption algorithm. Diffie-Hellman can be used for authentication, though, and is also used by PGP.
Key exchange is integral to any Internet security architecture, and candidates for the IPsec security architecture include the Internet Key Exchange ( IKE ) protocol and the Internet Security Association and Key Management Protocol (ISAKMP).
ISAKMP is an application protocol, using UDP as its transport, which defines different types of messages that systems send to each other to negotiate the exchange of keys. The mechanisms and algorithms for doing the actual exchanges, however, are not defined in ISAKMP-it is a framework to be used by the specific mechanisms. The mechanisms, often based on Diffie-Hellman key exchange, have been defined in a number of different proposals over the years. These are some of them.
Photuris Based on Diffie-Hellman, Photuris adds the requirement that the requesting node send a cookie , a random number that is used as a sort of session identifier. The cookie is sent first, and the server acknowledges the request by returning the cookie. This reduces the risk from denial of service attacks made by attackers forging their source addresses. Photuris also requires all parties to sign their negotiated key to reduce the risk of a man-in-the-middle attack (in which an attacker pretends to be Bob to one system's Alice, while pretending to be Alice to the other system's Bob).
SKIP Sun Microsystems ' Simple Key-management for Internet Protocols ( SKIP ) is also based on Diffi e-Hellman key exchange, but rather than requiring parties to use random values to calculate their keys, SKIP calls for the use of a secret table that remains static. The parties look up secret values in this table and then transmit calculated values based on some secret value from the table.
OAKLEY Although this mechanism shares some features with Photuris, it provides different modes of key exchange for situations where denial of service attacks are not a concern.
By defining a separate protocol, ISAKMP, for the generalized formats required to do key and Security Association exchanges, it can be used as a base to build specific key exchange protocols. The foundation protocol can be used for any security protocol, and it does not have to be replaced if an existing key exchange protocol is replaced.
It should be noted that manual key management is an important option and in many cases is the only option. This approach requires individuals to personally deliver keys and configure network devices to use them. Even after open standards have been firmly determined and implemented, particularly as commercial products, manual key management will continue to be an important choice.
As more research is done with IPsec, work on an IKE successor protocol (sometimes called Son-of-IKE ) is ongoing, with IKEv2 one candidate protocol that (as of 2002) is a work in progress.
In this tutorial:
- IP Security
- IP Security Issues
- Security Goals
- Encryption and Authentication Algorithms
- Symmetric Encryption
- Public Key Encryption
- Key Management
- Secure Hashes
- Digital Signature
- IPSEC: The Protocols
- IP and IPSEC
- Security Associations
- Using Security Associations
- Tunnel and Transport Mode
- Encapsulating Security Payload (ESP)
- Authentication Header
- Calculating the Integrity Check Value (ICV)
- IPsec Headers in Action
- Implementing and Deploying IPSEC