Unimax MA-2025-4G, Руководство пользователя

Страница: 20 / 72

22
4.9 IKE
Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association
(SA) in the IPSec protocol suite. IKE uses a Diffie-Hellman key exchange to set up a
shared session secret, from which cryptographic keys are derived. Public key
techniques or, alternatively, a pre-shared key, are used to mutually authenticate the
communicating parties.
4.9.1 3DES
The earliest standard that defines the algorithm (ANS X9.52, published in 1998)
describes it as the "Triple Data Encryption Algorithm (TDEA)" — i.e. three operations
of the Data Encryption Algorithm specified in ANSI X3.92 — and does not use the
terms "Triple DES" or "DES".
4.9.2 AES
The Advanced Encryption Standard (AES) is an encryption standard adopted by
the U.S. government. The standard comprises three block ciphers, AES-128, AES-192
and AES-256, adopted from a larger collection originally published as Rijndael. Each
AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits,
respectively. The AES ciphers have been analyzed extensively and are now used
worldwide.
4.9.3 MD5
MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function
with a 128-bit hash value. As an Internet standard (RFC 1321), MD5 has been
employed in a wide variety of security applications, and is also commonly used to
check the integrity of files.
4.9.4 SHA
SHA stands for Secure Hash Algorithm. The three SHA algorithms are structured
differently and are distinguished as SHA-0, SHA-1, and SHA-2. The SHA-2 family uses
an identical algorithm with a variable digest size which is distinguished as SHA-224,
SHA-256, SHA-384, and SHA-512.
4.10 ISAKMP
ISAKMP defines the procedures for authenticating a communicating peer, creation and
management of Security Associations, key generation techniques, and threat
mitigation (e.g. denial of service and replay attacks). ISAKMP typically utilizes IKE for key
exchange, although other methods can be implemented.