Establishment of PKI

Abstract

Internet Protocol (IP) is used as the network level protocol in the Internet environment. The traffic is not encrypted or authenticated by the IP. The traffic can be encrypted and/or authenticated by using the Internet Protocol Security (IPsec). The IPsec operates in the network level, so the upper levels, like TCP and UDP are protected. IPsec needs session keys to operate. The procedure for obtaining those is not specified by the Wsec. A method for gaining the keys is to use the Internet Key Exchange (IKE). IKE requires some method for user authentication. The methods that could be selected are based on symmetric or asymmetric keys. Public Key Infrastructure (PKI) can be used to provide user authentication using asymmetric keys. PKI is a scalable user authentication method where the user identity is based on private keys and certificates. When a PKI-based user authentication is used in IPsec concept, the PKI functionality can be implemented as a PKI library that implements the protocols and functions that are needed. This thesis defines the requirements for the interface of the PKI library. The basis of the requirements is the standards defined by the IETF and other entities, and practices used in current implementations.