Subproject 2 of TeSSA: Implementation of ISAKMP

Introduction

The Internet Security Association and Key Management Protocol (ISAKMP) defines the procedures for authenticating a communicating peer, creation and management of Security Associations, key generation techniques and threat mitigation. All of these are necessary to establish and maintain secure communications in an Internet environment. Security Association (SA) is a security-protocol-specifistic set of parameters that completely defines the services and mechanisms necessary to protect traffic at that security protocol location.

ISAKMP provides a framework for authentication and key exchange but does not define them. ISAKMP is designed to be key exchange independang. Internet Key Exchange (IKE) is a protocol that defines these functions for ISAKMP.

ISAKMP is defined in RFC 2408 and IKE in RFC 2409 by Internet Engineering Task Force (IETF).

Goals and outlines

The goal of this subproject is implement the basic functionality of ISAKMP and IKE with the help of Jacob framework.

Reports and results

• Conduits and UML models of ISAKMP and IKE
• Sanna Liimatainen: An Object-Oriented ISAKMP Implementation, Proceedings of the fourth Nordic Workshop on Secure IT systems (Nordsec'99), November 1-2, 1999, Kista, Sweden.
  (Download in PS)
  Slides in PS
• Master's thesis: An Object-Oriented Implementation of an Authentication Protocol

Links

• IPSEC (IP Security Protocol) Working Group: http://www.ietf.org/html.charters/ipsec-charter.html
• ISAKMP (RFC 2408, November, 1998): ftp://ftp.isi.edu/in-notes/rfc2408.txt

• Drafts and RFCs connected to ISAKMP

  The Internet IP Security Domain of Interpretation for ISAKMP (RFC 2407 10, November, 1998): ftp://ftp.isi.edu/in-notes/rfc2407.txt

  The Internet Key Exchange (RFC 2409, November, 1998): ftp://ftp.isi.edu/in-notes/rfc2407.txt

  Anti-clogging token (Photuris) (draft version 18, February 1998): http://hegel.ittc.ukans.edu/topics/internet/internet-drafts/draft-s/draft-simpson-photuris-18.txt

  Oakley (draft version 8, June 1998): http://www.ietf.org/internet-drafts/draft-ietf-ipsec-isakmp-oakley-08.txt

  RFC 1825 - IPSEC (Secure IP): http://andrew2.andrew.cmu.edu/rfc/rfc1825.html

  Security Architecture for the Internet Protocol (draft, Obsoletes RFC 1825, July 1998): http://www.ietf.org/internet-drafts/draft-ietf-ipsec-arch-sec-06.txt

  RFC 1826 - IP Authenticaion Header: http://andrew2.andrew.cmu.edu/rfc/rfc1826.html

  RFC 1827 - IP Encapsulating Security Payload: http://andrew2.andrew.cmu.edu/rfc/rfc1827.html

  RFC 2119 - Key words for use in RFC to indicate requirement levels: http://andrew2.andrew.cmu.edu/rfc/rfc2119.html

• IPSEC project: http://www.tcm.hut.fi/Tutkimus/IPSEC/
• Jacob framework: http://www.tcm.hut.fi/Research/TeSSA/Jacob/jacob3.html

This page is maintained by Sanna Liimatainen, Email: sanna.liimatainen@hut.fi
Last modified: Mon Nov 8 12:43:07 EET 1999
URL: http://www.tcm.hut.fi/Research/TeSSA/ISAKMP/