Key Exchange in IPsec Revisited: Formal Analysis of IKEv1 and IKEv2
The IPsec standard aims to provide application-transparent end-to-end security for the Internet Protocol. The security properties of IPsec critically depend on the underlying key exchange protocols, known as IKE (Internet Key Exchange). The authors provide the most extensive formal analysis so far of the current IKE versions, IKEv1 and IKEv2. They combine recently introduced formal analysis methods for security protocols with massive parallelization, allowing the scope of their analysis to go far beyond previous formal analysis. While they do not find any significant weaknesses on the secrecy of the session keys established by IKE, they find several previously unreported weaknesses on the authentication properties of IKE.