Extended Internet Key Exchange Protocol Version 2 in Trusted Computing Environment

On the basis of the IKEv2, an extended IKEv2 in trusted computing environment based on ISO/IEC 9798-3:1998/Amd 1:2010 is proposed in this paper. It realizes mutual identity authentication and Platform-Authentication between an initiator and a responder, and establishes session keys between them, and is backward compatible with the IKEv2, where a trusted third party (TTP) is responsible for validating the identity and Attestation Identity Key (AIK) certificates of them, and evaluating the platform integrity of them, and the stored integrity measurement logs (SML) of them are encrypted and sent to the TTP. Thus, it is able to solve the problems of the existing extended IKE protocol for trusted computing environment effectively. Moreover, the extended IKEv2 is proved secure based on the strand space model for trusted network connect protocols.