Cryptology ePrint Archive: Report 2002/120

Security Analysis of IKE's Signature-based Key-Exchange Protocol

Ran Canetti and Hugo Krawczyk

Abstract: We present a security analysis of the Diffie-Hellman key-exchange protocols authenticated with digital signatures used by the Internet Key Exchange (IKE) standard, and of the more comprehensive SIGMA family of key exchange protocols. The analysis is based on an adaptation of the key-exchange security model from [Canetti and Krawczyk, Eurocrypt'01] to the setting where peer identities are not necessarily known or disclosed from the start of the protocol. This is a common practical setting, which includes the case of IKE and other protocols that provide confidentiality of identities over the network. The rigorous study of this ``post-specified peer" model is a further contribution of this paper.

Category / Keywords: cryptographic protocols / key exchange, Diffie-Hellman, IKE, IPSec

Publication Info: Presented at Crypto'2002

Date: received 16 Aug 2002, last revised 26 Aug 2002

Contact author: hugo at ee technion ac il

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Version: 20020826:224858 (All versions of this report)

Short URL: ia.cr/2002/120

Discussion forum: Show discussion | Start new discussion