Key Management

IKE (Internet Key Exchange) is responsible for the origin authentication, the creation and management of keys for subsequent communications. On the surface, the process of these three basic properties appears straightforward. However, the protocol must be prepared to accommodate several variations of each property. Furthermore, IKE is responsible for session establishment. The weakest point in any communication is the beginning: the point where each side is building a relationship and ensuring one another that they are who they claim. The beginning of the communication represents the creation of new session numbers and sequence identifiers that will be referenced throughout the communication. Any weakness in the process will open the initialization to denial-of-service attacks and could possibly render the service unavailable. IKE provides several layers and variation to protect the sharing of information and perform the necessary step to ensure that the communication is valid prior to committing to the communication.