IKE

Internet Key Exchange

Security
Introduced in Rel-6
Internet Key Exchange (IKE) is a protocol used to establish a secure, authenticated communication channel and to negotiate Security Associations (SAs) for IPsec. In 3GPP, it is used for securing interfaces between network functions, such as in Network Domain Security (NDS/IP) and for securing user plane data in certain scenarios.

Description

Internet Key Exchange (IKE), specifically IKEv1 and IKEv2 defined by the IETF (RFC 2409, RFC 7296), is a protocol used within 3GPP systems to automate the establishment of IPsec Security Associations (SAs). An SA defines the parameters for a secure IPsec tunnel, including the cryptographic algorithms (e.g., AES for encryption, SHA-256 for integrity), keys, and protocol mode (Transport or Tunnel). IKE performs mutual authentication between two peers, negotiates cryptographic suites, and securely establishes shared secret keys to be used by IPsec. It operates in two phases: Phase 1 establishes a secure, authenticated channel (the IKE SA) itself, and Phase 2 uses that channel to negotiate the IPsec SAs (often called Child SAs) that will protect the actual user or signaling data.

Within 3GPP architectures, IKE is a key component of Network Domain Security (NDS/IP), which secures communication between network nodes over IP-based interfaces. For example, it can be used to secure the N2 interface (between (R)AN and AMF) or the N3 interface (between (R)AN and UPF) in 5G systems when deployed over untrusted IP networks. The protocol supports various authentication methods referenced in 3GPP, including pre-shared keys (PSK) and digital certificates (often using X.509 certificates). IKE's Diffie-Hellman key exchange provides perfect forward secrecy (PFS), meaning compromise of a long-term key does not compromise past session keys.

The operation involves the exchange of IKE messages (usually over UDP port 500 or 4500 for NAT traversal). During Phase 1, peers agree on encryption and integrity algorithms for the IKE SA, perform a Diffie-Hellman exchange to generate a shared secret, and authenticate each other. This results in a set of keys used to protect subsequent IKE messages. In Phase 2, within the protection of the IKE SA, the peers negotiate the parameters for the IPsec SAs, including the traffic selectors that define which IP traffic flows the SA will protect. IKEv2 simplifies the process compared to IKEv1 by combining some steps. 3GPP specifications profile the use of IKE and IPsec, specifying mandatory-to-support algorithms and recommended authentication methods for different interfaces.

Purpose & Motivation

IKE was adopted in 3GPP to solve the problem of manually configuring and managing IPsec security associations, which is impractical and error-prone in large, dynamic mobile networks. As 3GPP networks evolved to all-IP architectures (from Release 5 onwards), signaling and user data traversed IP networks that could not be assumed to be physically secure (e.g., between different operator sites or across public internet segments). A standardized, automated mechanism was needed to provide hop-by-hop confidentiality, integrity, and authentication for this IP traffic.

The motivation stemmed from the limitations of relying on physical security or proprietary security solutions. IKE, as a mature IETF standard, provided a vendor-interoperable solution for dynamic key management. It addresses the specific requirements of mobile networks, such as the need to support frequent updates of security associations (e.g., during handovers or session modifications) and to integrate with network-based authentication (like using certificates issued by the operator). Its use in NDS/IP allows operators to build secure IP backbone networks interconnecting core network functions from different vendors and located in different physical locations, mitigating threats like eavesdropping, spoofing, and message modification on these critical internal interfaces.

Key Features

  • Automates the negotiation and establishment of IPsec Security Associations (SAs)
  • Provides mutual authentication using methods like pre-shared keys or certificates
  • Supports Perfect Forward Secrecy (PFS) via Diffie-Hellman key exchange
  • Defines a two-phase exchange (IKE SA setup followed by Child SA negotiation)
  • Standardized by IETF (IKEv1/IKEv2) and profiled by 3GPP for NDS/IP
  • Used to secure inter-node interfaces in the core network (e.g., N2, N3, N4)

Evolution Across Releases

Rel-6 Initial

IKE was introduced in 3GPP Release 6 as a core component of the Network Domain Security for IP-based protocols (NDS/IP) framework. It was specified as the key management protocol for dynamically setting up IPsec security associations to protect signaling and user plane traffic between network elements within and between security domains.

TS 22.980TS 24.234TS 29.368TS 33.102TS 33.117TS 33.203TS 33.210TS 33.234TS 33.320TS 33.401TS 33.501TS 33.545TS 33.820TS 33.938TS 36.463TS 43.318TS 43.902

Defining Specifications

SpecificationTitle
TS 22.980 3GPP TS 22.980
TS 24.234 3GPP TS 24.234
TS 29.368 3GPP TS 29.368
TS 33.102 3GPP TR 33.102
TS 33.117 3GPP TR 33.117
TS 33.203 3GPP TR 33.203
TS 33.210 3GPP TR 33.210
TS 33.234 3GPP TR 33.234
TS 33.320 3GPP TR 33.320
TS 33.401 3GPP TR 33.401
TS 33.501 3GPP TR 33.501
TS 33.545 3GPP TR 33.545
TS 33.820 3GPP TR 33.820
TS 33.938 3GPP TR 33.938
TS 36.463 3GPP TR 36.463
TS 43.318 3GPP TR 43.318
TS 43.902 3GPP TR 43.902