Internet Key Exchange (IKE)

The Internet Key Exchange (IKE) is an IPsec (Internet Protocol Security) standard protocol used to ensure security for virtual private network (VPN) negotiation and remote host or network access. Specified in IETF Request for Comments (RFC) 2409, IKE defines an automatic means of negotiation and authentication for IPsec security associations (SA). Security associations are security policies defined for communication between two or more entities; the relationship between the entities is represented by a key. The IKE protocol ensures security for SA communication without the preconfiguration that would otherwise be required.

A hybrid protocol, IKE implements two earlier security protocols, Oakley and SKEME, within an ISAKMP (Internet Security Association and Key Management Protocol) TCP/IP-based framework. ISAKMP specifies the framework for key exchange and authentication; the Oakley protocol specifies a sequence of key exchanges and describes their services (such as identity protection and authentication); and SKEME specifies the actual method of key exchange. Although IKE is not required for IPsec configuration, it offers a number of benefits, including: automatic negotiation and authentication; anti-replay services (see anti-replay protocol); certification authority (CA) support; and the ability to change encryption keys during an IPsec session.

This was last updated in March 2009

Continue Reading About Internet Key Exchange (IKE)

Dig Deeper on Application and platform security