By Topic

An architecture for the Internet Key Exchange Protocol

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $33
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
P. -C. Cheng ; IBM Research Division, Thomas J. Watson Research Center, P.O. Box 704, Yorktown Heights, New York 10598, USA

In this paper we present the design, rationale, and implementation of the Internet Key Exchange (IKE) Protocol. This protocol is used to create and maintain Internet Protocol Security (IPSec) associations and secure tunnels in the IP layer. Secure tunnels are used to construct virtual private networks (VPNs) over the Internet. The implementation is done in the application layer. The design includes four components: (1) an IKE protocol engine to execute the IKE protocol, (2) a tunnel manager to create and manage secure tunnels—it generates requests to the IKE protocol engine to establish security associations, (3) VPN policy administration tools to manage VPN policies that guide the actions of the IKE protocol engine and the tunnel manager, and (4) a certificate proxy server to acquire and verify public key certificates that are used for authentication of messages and identities in the IKE protocol. The implementation was done on the Advanced Interactive Executive® (AIX®) operating system at IBM Research and has been transferred to IBM's AIX, Application System/400®, and System/390® products.

Note: The Institute of Electrical and Electronics Engineers, Incorporated is distributing this Article with permission of the International Business Machines Corporation (IBM) who is the exclusive owner. The recipient of this Article may not assign, sublicense, lease, rent or otherwise transfer, reproduce, prepare derivative works, publicly display or perform, or distribute the Article.  

Published in:

IBM Systems Journal  (Volume:40 ,  Issue: 3 )