Security Encyclopedia

Internet Key Exchange

Internet Key Exchange (IKE) is the standard used for remote host, network access, and virtual private network (VPN) access.

IKE enables two parties on the Internet to communicate securely. Specifically it is a key management protocol used to set up a security association (SA) using Internet Protocol Security (IPsec).

IKE uses X.509 certificates to authenticate, whether pre-shared or distributed, and a Diffie–Hellman key exchange to create a shared session secret through which cryptographic keys are derived.

In Phase 1 IKE establishes an authenticated connection between the host and user before generating the private key (mutual secret) that make Phase 2 or subsequent communications secure.

Example:

“Our VPN uses IKE so when you’re working from home, you can be sure that it’s you and the home office — and only those two parties — working over a secure connection.”