IKEv2 based lightweight secure data communication draft-amjads-ipsecme-ikev2-data-channel-01 (D-IKE)
draft-amjads-ipsecme-ikev2-data-channel-01

Abstract

The Internet Key Exchange (IKEv2) protocol provides authentication, confidentiality, integrity, data-origin authentication and anti- replay. Currently, IKEv2 is mainly used as a control channel to negotiate IPsec SA(s). IPsec is not well suited to provide transport layer security for applications as it resides at the network layer and most of the IPsec implementations require integration into operating systems making it difficult to deploy. IPsec uses different sessions for control and data traffic which is not NAT and load balancer friendly. TLS/DTLS, the other popular security mechanism to provide the above security services does not mandate mutual peer authentication and Diffie Hellman exchange. This document describes an IKEv2 based lightweight secure data communication protocol and a way to provide transport layer security for UDP client/server applications. The protocol provides integrity protected encryption and integrity-only protection based on application needs. As most of the IoT applications are UDP based, IKEv2 can be used for key management as well secure data communication in IoT due to its simplicity, scalability, lightweightedness and ease of deployment.

Authors

Amjad S. Inamdar
Rajeshwar Jenwar

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)