Download presentation
Presentation is loading. Please wait.
1
Tero Kivinen, AuthenTec
May 2012 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: IKEv2 over TG9 Date Submitted: 17 May, 2012 Source: Tero Kivinen, Company: AuthenTec Address: Eerikinkatu 28, FI Helsinki, Finland Voice: , FAX: , Re: KMP documents for TG9 Abstract: IKEv2 KMP over TG9 Purpose: To add IKEv2 as one of the KMPs to the 15.4 and 15.7 Notice: This document has been prepared to assist the IEEE P It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P Tero Kivinen, AuthenTec
2
Tero Kivinen Atlanta, GA May 17, 2012
IKEv2 KMP over TG9 Tero Kivinen Atlanta, GA May 17, 2012 Tero Kivinen, AuthenTec
3
May 2012 The IKEv2 Protocol Specified in the IETF document RFC5996 for KMP for IPsec Key management between peers Exchange of secure identities 4 packet session key establishment SIGMA compliant Multiple authentication methods Shared secrets Public Keys (either certificates or raw keys) EAP Secure password methods Tero Kivinen, AuthenTec
4
The IKEv2 Protocol Flow May 2012 Initiator Responder
HDR, SAi1, KEi, Ni → ← HDR, SAr1, KEr, Nr HDR, SK{IDi, AUTH, SAi2, TSi, TSr} → ← HDR, SK{IDr, AUTH, SAr2, TSi, TSr} HDR = Header SAi1, SAr1, SAi2, SAr2 = Security Association Payloads KEi, KEr = Key Exchange Payloads Ni, Nr = Nonce Payloads IDi, IDr = Identification Payloads AUTH = Authentication Payloads TSi, TSr = Traffic Selector Payloads Tero Kivinen, AuthenTec
5
Profile and Additions to IKEv2
May 2012 Profile and Additions to IKEv2 Need to add group key distribution Need to define what kind of Traffic selectors are used any ↔ any? Specify which features are not needed NAT-T Cookie exchange Tero Kivinen, AuthenTec
6
Use Cases for IKEv2 Use Cases
May 2012 Use Cases for IKEv2 Use Cases Most likely in devices which already need strong cryptographic operations (Diffie- Hellman, Public Key operations) and need to have those on hardware anyways Devices which can share KMP for all layers MAC, IP, and where application layer can use IPsec as IP layer protection (for example core) Tero Kivinen, AuthenTec
Similar presentations
![Submission Title: [Add name of submission]](/83/13598968/big_thumb.jpg "Submission Title: [Add name of submission]>")
![Submission Title: [MC EventsList] Date Submitted: [11Jul00]](/90/14470028/big_thumb.jpg "Submission Title: [MC EventsList] Date Submitted: [11Jul00]>")
![March 2008 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Toumaz response to 802.15 TG6 Call for Applications]](/91/14999517/big_thumb.jpg "March 2008 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Toumaz response to 802.15 TG6 Call for Applications]>")
