[A] ------ VPN ----- [B]

Phase 1: step 1: messages 1 and 2, negotiate SA's

Message 1:

[a -> b]
[proposal 1][proposal 2][...][proposal n][cookie A]

EX: Proposal 1 = {3DES, 112, HMAC MDS, 128, 5 min, 24 h}
{encryption algo, key len, auth algo, key len, key lifetime, SA lifetime}
Proposal 2 = {AES, 256, Sha-3, 256, 10 min, 48h}

Cookie A = Hash(Secret of A, IP of A, timestamp)

Message 2:

[ b -> a]
[proposal 3][proposal 4][proposal 7][cookie A][cookie B]
{accepted proposals}

Cookie B = Hash(secret of B, IP addre of B, timestamp)

Phase 1 step 2: Protected diffie-hellman exchange

[A] → message 3 [B]
[A] ← message 4 [B]

Message 3:

[a -> b]
[ (N1)PubB ][p, g, Ta]

N1 is a random number encrypted with B's public key.
P, g, and Ta are the diffie hellman parameters.

Message 4:

[b -> a]
[ (N2)PubA ][Tb]

N2 is a random number encrypted with A's public key.
Tb is the diffie hellman parameter.

After this exchange, A and B derive a secret number S from diffie-helmann.

Master key: SKEYID = HASH(N1, N2, S)

From SKEYID, three keys are derived:

1) SKEYID_d = HASH(SKEYID, CookieA, CookieB)
2) SKEYID_e = HASH(SKEYID_d, SKEYID, CookieA, CookieB)
3) SKEYID_a = HASH(SKEYID_e, SKEYID, CookieA, CookieB)

d: used for deriving keys a and e
e: used for encryption subsequent IKE messages
a: for authenticating subsequent IKE messages

Phase 1: Step 3: mutual authentication:

[A] → message 5 [B]
[A] ← message 6 [B]

Message 5:

[a ->b]
[Digital sig of A][certificate of A]

Message 6:

[b -> a]
[Digital sig of B][Certificate of B]

Both of these messages are encrypted and authenticated by SKEYID_e and SKEYID_a

Phase 2:

Message 1:

[a -> b]
[Hash 1] [ N3 ] [ p, g, Ta]
Hash1 = HASH(SKEYIDa, N3, A, B)
N3 = random number
P g Ta are diffie hellmann parameters.

Whole message is encrypted.

B opens this message, gets P, g, Ta, and verifies Hash1

Message 2:

[b -> a]
[ Hash2] [N4] [Tb]
Hash 2 = HASH(SKEYIDa, N4, A, B)
N4 = random number
Tb = diffie helmann parameter

Whole message is encrypted.

A opens this message, gets Tb, and verifies Hash2.

Messsage 3:

[a -> b]
[ Hash 3]
Hash3 = HASH(SKEYIDa, N3, N4)

B verifes Hash3

FINAL SECRET SESSION KEY FOR DATA TRANSFER:
HASH(SKEYIDd, DHSecret, N3, N4)

Index

Phase 1: step 1: messages 1 and 2, negotiate SA's

Message 1:

Message 2:

Phase 1 step 2: Protected diffie-hellman exchange

Message 3:

Message 4:

Master key: SKEYID = HASH(N1, N2, S)

Phase 1: Step 3: mutual authentication:

Message 5:

Message 6:

Phase 2:

Message 1:

Message 2:

Messsage 3:

FINAL SECRET SESSION KEY FOR DATA TRANSFER: HASH(SKEYIDd, DHSecret, N3, N4)

FINAL SECRET SESSION KEY FOR DATA TRANSFER:
HASH(SKEYIDd, DHSecret, N3, N4)