The IMS: IP Multimedia Concepts And Services, Second Edition

22.4. Internet Key Exchange (IKE)

Internet Key Exchange (IKE) is a key exchange protocol which, in conjunction with ISAKMP, negotiates authenticated keying material for SAs. IKE can use two modes to establish a phase 1 ISAKMP SA: main mode and aggressive mode. Both modes use the Ephemeral Diffe–Hellman key exchange algorithm^[] to generate keying material for the ISAKMP SA. The difference between these modes is that in main mode, while consuming more message round trips, the identities of the negotiating entities are protected, whereas in aggressive mode they are revealed to the outside world. After establishing the ISAKMP SA in phase 1, protocol SAs can be negotiated, while negotiation is secured using an ISAKMP SA.

^[] In the Ephemeral Diffe-Hellman algorithm the public key (out of the temporary D–H key pair) is tasked with guarding against Man-In-The-Middle (MITM) attacks.

Get The IMS: IP Multimedia Concepts And Services, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The IMS: IP Multimedia Concepts And Services, Second Edition by Miikka Poikselka, Georg Mayer, Hisham Khartabil, Aki Niemi

22.4. Internet Key Exchange (IKE)

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly