The Oakley Key Determination Protocol is a key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection using the Diffie-Hellman key exchange algorithm.

• generic key management protocol (no implementation formats are specified)
• based on Diffie-Hellman key exchange algorithm but improved
• enables parameters adjustments
• uses cookies to prevent exhaustion of resources - clogging attacks
• uses authentication to prevent man-in-the-middle attacks

authentication types used with OAKLEY

• digital signatures
  • each party encrypts exchange parameters hash (user IDs and nonces) with their private key
• public key encryption
  
  • exchange parameters encrypted with sender's private kex
• symmetric key encryption
  • key derived by out-of-band means is used for encryption

OAKLEY protocol operation

• initiator A sends an initiative message to B
  
  • it states algorithms for public cryptography, hash functions, authentication algorithms
  • includes ids for A and B, random number, group (abstract mathematical structure Diffie-Hellman (DH) relies upon), its own public DH key and offered algorithms
• recipient B verifies message signature using A's public key and sends response
  
  • acknowledges message with response that includes:
    • A's cookie, ID, random number and group, B's own cookie, B's
      
    • ...
    • @TODO: bogus definition in Trček's book and slides (or at least I dont understand it :). I haven't found normal (brief) description for OAKLEY anywhere on the net
      
• entity A verifies the signature of the received message with B's public key
  • A sends last message to confirm receipt of B's message
  • this message is similar to the first one (instead of offered algorithms it contains the selected ones)

After this steps entities are able to calculate session key. Only three steps are needed for key exchange - thus this is called aggressive. Identities are not protected! ISAKMP protocol is needed to manage security associations for ISPec.

exhaustion of resources - clogging attacks

Clogging attack is a type of denial of service (DoS) attack against a public key cryptography system.

1. attacker sends public key with false IP address to the server
2. server under attack computes private key for session and returned it to IP address provided
3. intensive computation of private keys can lead to resources exhaustion

OAKLEY prevents this with use of cookies

1. initiation message must be send that includes a cookie - random number
2. reply to this message is sent that includes the same cookie
3. if IP address is not valid, attacker will not be able to include proper cookie in a reply message

man-in-the-middle attacks

Man-in-the-middle attack or bucket-brigade attack (often abbreviated MITM) is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker.

more on wikipedia

out-of-band

Out-of-band is a technical term that refers to communications which occur outside of a previously established communications method or channel.