Taking a close look at the IKE protocol, both in its original version, and the updated one as well.
Computers need a method for secure recognition between devices, the purpose of which is to be able to trust each other, before further communications take place. Just like you have a unique key to control access to your car, or the front door of your house, this ‘device handshake’ is based on sharing keys between the devices.
IKE stands for the Internet Key Exchange, which is a network security protocol. This standard protocol is designed to establish secure, and authenticated communication between two devices on the internet. It has gone through a few revisions at this point, which is why it also gets referred to as IKEv1, or IKEv2 which designates the appropriate revision, such as version 2 for the latter example.
IKE accounts for a piece of the Internet Security Protocol (IPSec). This is important to negotiate Security Associations (SA’s), which are the mutually agreeable keys and algorithms designed for establishing a connection via a VPN (opens in new tab).
The IKEv1, often referred to as just IKE, is the first version of the IKE protocol, as defined in RFC 2409. It goes back quite a ways, as it debuted in 1998, as an IPSec-based tunneling protocol. The IKE protocol gets defined in RFC 2409.
IKEv1 has two phases. The first, phase 1, involves the creation of the secure channel, that is authenticated, for the pair of IKE peers, which uses the Diffie-Hellman key agreement protocol. Think about the overall goal of phase 1 is to negotiate via an exchange of proposals on how the security and authentication of the channel will take place.
There are several methods for the key exchange during phase 1. The first is a pre-shared key exchange, which is when each peer enters a key value manually which authenticates the peer. Another is RSA signatures, where, as the name suggests, a digital certificate gets authenticated by an RSA signature.