![]()
![]()
Subproject 2 of TeSSA: Implementation of ISAKMP
Introduction
The Internet Security Association and Key Management Protocol (ISAKMP) defines the procedures for authenticating a communicating peer, creation and management of Security Associations, key generation techniques and threat mitigation. All of these are necessary to establish and maintain secure communications in an Internet environment. Security Association (SA) is a security-protocol-specifistic set of parameters that completely defines the services and mechanisms necessary to protect traffic at that security protocol location.
ISAKMP provides a framework for authentication and key exchange but does not define them. ISAKMP is designed to be key exchange independang. Internet Key Exchange (IKE) is a protocol that defines these functions for ISAKMP.
ISAKMP is defined in RFC 2408 and IKE in RFC 2409 by Internet Engineering Task Force (IETF).
Goals and outlines
The goal of this subproject is implement the basic functionality of ISAKMP and IKE with the help of Jacob framework.Reports and results
- Conduits and UML models of ISAKMP and IKE
- Sanna Liimatainen: An Object-Oriented ISAKMP Implementation, Proceedings of the fourth Nordic Workshop on Secure IT systems (Nordsec'99), November 1-2, 1999, Kista, Sweden.
(Download in PS)
Slides in PS- Master's thesis: An Object-Oriented Implementation of an Authentication Protocol
Links
- IPSEC (IP Security Protocol) Working Group: http://www.ietf.org/html.charters/ipsec-charter.html
- ISAKMP (RFC 2408, November, 1998): ftp://ftp.isi.edu/in-notes/rfc2408.txt
- Drafts and RFCs connected to ISAKMP
- The Internet IP Security Domain of Interpretation for ISAKMP (RFC 2407 10, November, 1998): ftp://ftp.isi.edu/in-notes/rfc2407.txt
- The Internet Key Exchange (RFC 2409, November, 1998): ftp://ftp.isi.edu/in-notes/rfc2407.txt
- Anti-clogging token (Photuris) (draft version 18, February 1998): http://hegel.ittc.ukans.edu/topics/internet/internet-drafts/draft-s/draft-simpson-photuris-18.txt
- Oakley (draft version 8, June 1998): http://www.ietf.org/internet-drafts/draft-ietf-ipsec-isakmp-oakley-08.txt
- RFC 1825 - IPSEC (Secure IP): http://andrew2.andrew.cmu.edu/rfc/rfc1825.html
- Security Architecture for the Internet Protocol (draft, Obsoletes RFC 1825, July 1998): http://www.ietf.org/internet-drafts/draft-ietf-ipsec-arch-sec-06.txt
- RFC 1826 - IP Authenticaion Header: http://andrew2.andrew.cmu.edu/rfc/rfc1826.html
- RFC 1827 - IP Encapsulating Security Payload: http://andrew2.andrew.cmu.edu/rfc/rfc1827.html
- RFC 2119 - Key words for use in RFC to indicate requirement levels: http://andrew2.andrew.cmu.edu/rfc/rfc2119.html
- IPSEC project: http://www.tcm.hut.fi/Tutkimus/IPSEC/
- Jacob framework: http://www.tcm.hut.fi/Research/TeSSA/Jacob/jacob3.html
![]()
This page is maintained by Sanna Liimatainen, Email: sanna.liimatainen@hut.fi
Last modified: Mon Nov 8 12:43:07 EET 1999
URL: http://www.tcm.hut.fi/Research/TeSSA/ISAKMP/