1 / 16

Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange. CSIS 5857: Encoding and Encryption. Diffie-Hellman Key Exchange. Common goal of public key encryption: Securely agree upon a symmetric key Bob generates symmetric key K S Encrypts with Alice’s public key K A PU and sends to Alice

elaine
Download Presentation

Diffie-Hellman Key Exchange

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Diffie-Hellman Key Exchange CSIS 5857: Encoding and Encryption

  2. Diffie-Hellman Key Exchange • Common goal of public key encryption:Securely agree upon a symmetric key • Bob generates symmetric key KS • Encrypts with Alice’s public key KAPU and sends to Alice • Alice decrypts with her private key KAPR • Then use KS to exchange information (using AES, 3DES, etc.) • Problem: What if neither Alice or Bob have a public key? • Diffie-Hellman key exchange (1976 – preceeds RSA) • Allows two people to securely generate a symmetric key without a preexisting public key • Based on modular logarithms

  3. Secure Key Generation • Alice, Bob exchange information to securely generate a value • Information transmitted doesn’t allow anyone else to know that value • That value used as symmetric key to send further information Public info Public info Private info Private info generator generator D P E P Esymmetric (P, kS)

  4. Public and Private Information • Public information (known to Alice, Bob, and everyone): • p: large prime number (at least 1024 bits) • g: “generator” (g < p) • Private information • x: random number created (and only known) by Alice • y: random number created (and only known) by Bob • x and y used to generate shared keyk Knows p, g Generates x Knows p, g Generates y

  5. Key Generation • Alice computes R1= gxmod p • Bob computes R2= gymod p • Alice sends R1 to Bob • Bob sends R2 to Alice

  6. Security of Key Generation • Darth cannot derive xfrom R1 or y from R2 • Would have to solve modular logarithm problem • x = logg(R1 modp) • y = logg(R2 modp)

  7. Key Computation • Alice computes k = R2 xmodp • Bob computes k = R1 ymodp • Alice, Bob now have shared key k • Nobody else can compute without knowing x or y • No secret information transmitted!

  8. Diffie-Hellman Mathematics Why does this work? • Alice’s POV: k = (gymod p)x mod p = gyx mod p • Bob’s POV: k = (gxmod p)y mod p= gxy mod p • gyx mod p = gxy mod p

  9. Diffie-Hellman Example Public key: g = 7, p = 23 Chooses x = 3 R1 = 73 mod 23 = 21 Chooses y = 6 R2 = 76 mod 23 = 4 21 4 K = 216 mod 23 = 18 K = 43 mod 23 = 18

  10. Man-in-the-Middle Attack • Most serious weakness in Diffie-Hellman • Assumes Darth has ability to: • Intercept messages between Alice and Bob • Masquerade as Alice or Bob to send messages to the other “I am Alice” “I am Bob”

  11. Man-in-the-Middle Attack • Darth generates own random value z • Computes own R3= gzmod p from public values of p, g • Goal: Trick Alice and Bob into using keys he has created from z

  12. Man-in-the-Middle Attack • Darth intercepts R1 sent by Alice and R2 sent by Bob • Computes kAlice= R1 zmodp • Computes kBob= R2 zmodp R2 R1 z R3 kAlicekBob x y

  13. Man-in-the-Middle Attack • Darth sends R3 to Alice posing as Bob • Darth sends R3 to Bob posing as Alice • Alice computes kAlice= R3 xmodp • Bob computes kBob= R3 ymodp R3 R3 kBob kAlicekBob kAlice

  14. Man-in-the-Middle Attack • Darth can read messages sent by Alice and Bob! • Example: Message sent from Alice to Bob • Alice encrypts with kAlicebelieving it is secure • Darth intercepts and decrypts with kAlice • Re-encrypts with kBob and sends to Bob (posing as Alice C = E(P, kAlice) C = E(P, kBob) P = D(C, kAlice)

  15. Station-to-Station Key Agreement • Participants in Diffie-Hellman must authenticate their identities • Only solution to Man-in-the-Middle attack • Authentication usually based on certificates • Signed by trusted authorities • Contain public keys for participants • Information signed with private key • Information verified with corresponding public key contained in certificate

  16. Station-to-Station Key Agreement

More Related