All Questions
Tagged with ike key-exchange
7
questions
0
votes
1
answer
841
views
Why is the Diffie-Hellman exchange not enough to authenticate the communication partners in IKE_SA_INIT?
The IKE_SA_INIT does create a key seed SKEYSEED from the Diffie-Hellman values and nonces. Since the exchange does sharing the secret between the communication partners, I do not understand why it is ...
0
votes
1
answer
351
views
IKE Phase 1 /w PSK resource?
I can't seem to find a sufficiently detailed resource that describes the IKE phase 1 PSK identity authentication process. They seem to focus on differences between aggressive and main mode while ...
0
votes
2
answers
1k
views
Is IKE aggressive mode really less secure than main mode?
This guy argues it is not: https://www.youtube.com/watch?v=DuowFgNKAIg
I really confused about this. According to him, the only purpose of main mode is to make the peers anonymous, but in order to ...
1
vote
0
answers
255
views
What is a KEA certificate and how it is used?
I'm currently studying IKE and IPsec in the context of VPN applications and I know that a X.509 certificate is used to provide server's public key to the client (and vice-versa in case of mutual ...
1
vote
0
answers
327
views
how IKE (Internet Key Exchange) protocol reacts to the replay attack?
I mean how IKE in any mode (quick,aggressive, main) responds to an attacker that tries to replay one or more messages?
0
votes
1
answer
4k
views
In IKE protocol; what is the PRF? [duplicate]
In IKE protocol; what is the PRF ?
What is "the generation of a key based on modeled random oracle hash functions"?
4
votes
1
answer
2k
views
Why should an IKE responder change the cookie secret 'frequently'?
IKEv2 has the concept of a COOKIE mode, to attempt to prevent state exhaustion from floods of initiation requests from non-existent IP addresses:
Two expected attacks against IKE are state and CPU ...