Phase 1

Before IKE can negotiate the security parameters and generate the keys that are used to protect data between the two hosts, it must have a way of protecting the negotiation itself. The IKE phase 1 negotiation provides this protection by performing two tasks:

• Authenticating the IKE peer

  Peer authentication is performed either by the pre-shared key method or a digital signature method. For details of peer authentication, see Peer authentication.

• Generating cryptographic keys

  A Diffie-Hellman exchange is performed to create a shared secret between the two IKE peers. This shared secret is then used in the generation of keying material. Keys to encrypt and authenticate messages sent during phase 2 are produced from this keying material. Cryptographic keys used by phase 2 Security Associations are generated from this keying material. The creation of the Diffie-Hellman shared secret is secure, but computationally expensive.

The phase 1 Security Association contains the following information:

• The key that is used to encrypt IKE messages
• The key that is used to authenticate IKE messages
• Keying material used to generate keys produced during phase 2
• The security endpoints (single IP addresses)
• The type of protection that is required (authentication and encryption)
• How often the keys should be renewed
• A Security Parameter Index (SPI) value, which is used together with the remote security endpoint IP address to uniquely identify the Security Association
• The Diffie-Hellman group, which is an attribute of the public key cryptography algorithm

Because the tasks of authentication and master key generation are so resource intensive, a phase 1 Security Association is usually refreshed less often than a phase 2 Security Association.