The pak proposal for sacred wg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 8

The PAK proposal for sacred WG PowerPoint PPT Presentation


  • 78 Views
  • Uploaded on
  • Presentation posted in: General

The PAK proposal for sacred WG. Alec Brusilovsky [email protected] Wish list. Mutual authentication based on just a pre-shared, human-memorizable password. Fulfillment of the need to guard against a man-in-the-middle and against offline dictionary attack. 

Download Presentation

The PAK proposal for sacred WG

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The pak proposal for sacred wg

The PAK proposal for sacred WG

Alec Brusilovsky

[email protected]


Wish list

Wish list

  • Mutual authentication based on just a pre-shared, human-memorizable password.

  • Fulfillment of the need to guard against a man-in-the-middle and against offline dictionary attack. 

  • Simplicity and openness, to promote widespread adoption and to minimize flaws. 

  • PAK (Password Authenticated Key exchange)

    • satisfies all of the above

    • is proposed as a new work item for sacred

Sacred WG

IETF 63, Paris, France


Why pak

Why PAK?

  • Provides strong key exchange with weak passwords

  • Foils the man-in-the-middle attack

  • Provides explicit mutual authentication

Sacred WG

IETF 63, Paris, France


Diffie hellman key exchange 1976 a refresher

yRa mod x

yRb mod x

Diffie-Hellman Key Exchange (1976) a refresher

  • Global public: x and y – primes

  • y < x

  • Alice’s Key generation:

  • Select private Ra; Ra < x

  • Calculate public yRamod x

  • Bob’s Key generation:

  • Select private Rb; Rb < x

  • Calculate public yRamod x

  • Alice’s Key = Bob’s Key

  • (yRa)Rb mod x = (yRb)Ra mod x

Bob

Alice

K=(yRb)Ra mod x

K=(yRa)Rb mod x

Sacred WG

IETF 63, Paris, France


Pak an extension of the diffie hellman key exchange

yRa mod x

HASH(PW) * yRamod x

yRb mod x

HASH’(PW) * yRbmod x

K=HASH’’(PW, yRb*Ra mod x )

K=(yRb)Ra mod x

K=HASH’’(PW, yRb*Ra mod x )

K=(yRa)Rb mod x

PAK – an extension of the Diffie-Hellman Key Exchange

Bob

Alice

Global public:

x and y – primes, y < x

Alice and Bob share

password PW

Sacred WG

IETF 63, Paris, France


Pak password authenticated key exchange protocol details omitted

HASH(PW) * (yRa mod x)

HASH(PW) * (yRb mod x), S1

PAK – Password Authenticated Key Exchange Protocol (details omitted)

Bob

Alice

Alice and Bob share

password PW

K=HASH(3,PW,yRaRb mod x)

K=HASH(3,PW,yRbRa mod x)

S2

S1 = HASH(1, PW, yRa mod x, yRb mod x, yRaRb mod x)

S2 = HASH(2, PW, yRb mod x, yRa mod x, yRaRb mod x)

K=HASH(3,PW,yRbRa mod x)

K=HASH(3,PW,yRaRb mod x)

Sacred WG

IETF 63, Paris, France


Plan9 implementation of pak

Plan9 – implementation of PAK

  • Plan 9 is distributed in an open source manner:

  • http://plan9.bell-labs.com/plan9dist/license.html

  • The particular algorithm used in Plan 9 is PAK.  PAK is a seemingly obvious tweak to Diffie-Hellman

  • To download plan 9 go to:

  • http://plan9.bell-labs.com/plan9dist/download.html

Sacred WG

IETF 63, Paris, France


Thank you

Thank you

Alec Brusilovsky

[email protected]


  • Login