PKI and the IPSec Protocol SuiteWhere PKI Fits into the IPSec model

You may remember from our discussions of cryptographic components that asymmetric key encryption, while stronger than symmetric key encryption, is more computationally intensive than symmetric key encryption. Exactly how much more resources does asymmetric key encryption consume than symmetric key encryption? If the algorithms are executed in software, asymmetric key encryption is believed to be 1000 times slower than symmetric key encryption. If the algorithm is executed in hardware, this number decreases to a multiple of 100. Regardless, these numbers highlight the need for a cryptographic scheme that is more suited to bulk data transfer, a critical component of IPSec implementations.

For these reasons, IPSec specifies the RSA-signature method for PKI compatibility for ISAKMP authentication onlysymmetric key encryption is much better suited for bulk transfer of encrypted data. As such, IPSec specifies a symmetric key method for encrypted data transfer over the IPSec SA (i.e., DES, 3DES, AES). Diffie-Hellman session keys are derived for symmetric encryption of the IKE channel and for use with symmetric key ciphers in the IPSec SA itself. Using RSA signatures provides a strong and highly scalable method for authentication during the establishment of ISAKMP SAs. This limits the impact on CPU burden to ISAKMP SA negotiation only, which allows data encryption at the IPSec layer to be encrypted effectively and efficiently.