the pak proposal for sacred wg
Download
Skip this Video
Download Presentation
The PAK proposal for sacred WG

Loading in 2 Seconds...

play fullscreen
1 / 8

The PAK proposal for sacred WG - PowerPoint PPT Presentation


  • 113 Views
  • Uploaded on

The PAK proposal for sacred WG. Alec Brusilovsky [email protected] Wish list. Mutual authentication based on just a pre-shared, human-memorizable password. Fulfillment of the need to guard against a man-in-the-middle and against offline dictionary attack. 

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' The PAK proposal for sacred WG' - berny


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
wish list
Wish list
  • Mutual authentication based on just a pre-shared, human-memorizable password.
  • Fulfillment of the need to guard against a man-in-the-middle and against offline dictionary attack. 
  • Simplicity and openness, to promote widespread adoption and to minimize flaws. 
  • PAK (Password Authenticated Key exchange)
    • satisfies all of the above
    • is proposed as a new work item for sacred

Sacred WG

IETF 63, Paris, France

why pak
Why PAK?
  • Provides strong key exchange with weak passwords
  • Foils the man-in-the-middle attack
  • Provides explicit mutual authentication

Sacred WG

IETF 63, Paris, France

diffie hellman key exchange 1976 a refresher

yRa mod x

yRb mod x

Diffie-Hellman Key Exchange (1976) a refresher
  • Global public: x and y – primes
  • y < x
  • Alice’s Key generation:
  • Select private Ra; Ra < x
  • Calculate public yRamod x
  • Bob’s Key generation:
  • Select private Rb; Rb < x
  • Calculate public yRamod x
  • Alice’s Key = Bob’s Key
  • (yRa)Rb mod x = (yRb)Ra mod x

Bob

Alice

K=(yRb)Ra mod x

K=(yRa)Rb mod x

Sacred WG

IETF 63, Paris, France

pak an extension of the diffie hellman key exchange

yRa mod x

HASH(PW) * yRamod x

yRb mod x

HASH’(PW) * yRbmod x

K=HASH’’(PW, yRb*Ra mod x )

K=(yRb)Ra mod x

K=HASH’’(PW, yRb*Ra mod x )

K=(yRa)Rb mod x

PAK – an extension of the Diffie-Hellman Key Exchange

Bob

Alice

Global public:

x and y – primes, y < x

Alice and Bob share

password PW

Sacred WG

IETF 63, Paris, France

pak password authenticated key exchange protocol details omitted

HASH(PW) * (yRa mod x)

HASH(PW) * (yRb mod x), S1

PAK – Password Authenticated Key Exchange Protocol (details omitted)

Bob

Alice

Alice and Bob share

password PW

K=HASH(3,PW,yRaRb mod x)

K=HASH(3,PW,yRbRa mod x)

S2

S1 = HASH(1, PW, yRa mod x, yRb mod x, yRaRb mod x)

S2 = HASH(2, PW, yRb mod x, yRa mod x, yRaRb mod x)

K=HASH(3,PW,yRbRa mod x)

K=HASH(3,PW,yRaRb mod x)

Sacred WG

IETF 63, Paris, France

plan9 implementation of pak
Plan9 – implementation of PAK
  • Plan 9 is distributed in an open source manner:
  • http://plan9.bell-labs.com/plan9dist/license.html
  • The particular algorithm used in Plan 9 is PAK.  PAK is a seemingly obvious tweak to Diffie-Hellman
  • To download plan 9 go to:
  • http://plan9.bell-labs.com/plan9dist/download.html

Sacred WG

IETF 63, Paris, France

ad