diffie hellman key exchange
play

DiffieHellman Key Exchange Algorithm Analysis of DHKE - PDF document

Jun 11, 2023 •556 likes •753 views

Cryptography DiffieHellman Key Exchange DiffieHellman Key Exchange DiffieHellman Key Exchange Algorithm Analysis of DHKE Man-in-the-Middle Attack on DHKE Cryptography Implementations of DHKE DiffieHellman in School of

  1. Cryptography Diffie–Hellman Key Exchange Diffie–Hellman Key Exchange Diffie–Hellman Key Exchange Algorithm Analysis of DHKE Man-in-the-Middle Attack on DHKE Cryptography Implementations of DHKE Diffie–Hellman in School of Engineering and Technology OpenSSL CQUniversity Australia DHKE in Python Prepared by Steven Gordon on 20 Feb 2020, dh.tex, r1798 1

  2. Cryptography Contents Diffie–Hellman Key Exchange Diffie–Hellman Key Exchange Algorithm Diffie–Hellman Key Exchange Algorithm Analysis of DHKE Analysis of DHKE Man-in-the-Middle Attack on DHKE Implementations of Man-in-the-Middle Attack on DHKE DHKE Diffie–Hellman in OpenSSL Implementations of DHKE DHKE in Python Diffie–Hellman in OpenSSL DHKE in Python 2

  3. Cryptography Diffie–Hellman Key Exchange Diffie–Hellman Key Exchange ◮ Diffie and Hellman proposed public key cryptosystem in Diffie–Hellman 1976 Key Exchange ◮ Motivation: solve the problem of how to exchange Algorithm Analysis of DHKE secret keys for symmetric key crypto ◮ Proposed protocol for exchanging secrets using public Man-in-the-Middle Attack on DHKE keys Implementations of ◮ Merkle also contributed to the idea; sometimes called DHKE Diffie–Hellman-Merkle key exchange Diffie–Hellman in OpenSSL ◮ DHKE is algorithm for exchanging secret key (not for DHKE in Python secrecy of data) ◮ E.g. two users want to use symmetric key crypto, but need to first exchange a secret key ◮ Based on discrete logarithms ◮ Easy to calculate exponential modulo a prime ◮ Infeasible to calculate inverse, i.e. discrete logarithm 3 It is important to note that DHKE is a “key exchange” protocol. The purpose is for two users to exchange a secret key. Once a secret key has been exchanged with DHKE, the two users can then use that secret key for other purposes (e.g. for encrypting data using AES). If you do not know what a discrete logarithm is, it is worth refreshing your knowledge in number theory from Chapter ?? .

  4. Cryptography Diffie–Hellman Key Exchange (algorithm) Diffie–Hellman Key Exchange One-time setup. A and B agree upon public values prime p and generator g , where g < p and g is a primitive root of p . Diffie–Hellman Key Exchange Protocol. Algorithm Analysis of DHKE 1. A: select private PR A < p Man-in-the-Middle 2. A: calculate public PU A = g PR A mod p Attack on DHKE Implementations of 3. A → B: send PU A DHKE 4. B: select private PR B < p Diffie–Hellman in OpenSSL B: calculate public PU B = g PR B mod p 5. DHKE in Python B: calculate secret K B = PU PR B 6. mod p A 7. B → A: send PU B 8. A: calculate secret K A = PU PR A mod p B Result. K A = K B is the shared secret value 4 The values p and g are either agreed upon in advance, or selected by one user and sent to the other in the first message. Both values are public; the attacker is assumed to know them. When two users need to exchange a shared secret, one of them initiates the protocol. User A and B actually perform the same steps, but just with different values. First a private value PR is randomly selected. Then a public value PU is calculated. Both users exchange their public PU values (and the attacker may learn them). Finally, both users calculate their private values K based on their own PR and received PU . The values and calculations are designed such that the K calculated by each user will be the same. K is the shared secret key.

  5. Cryptography Diffie–Hellman Key Exchange (exercise) Diffie–Hellman Key Exchange Assume two users, A and B, have agreed to use DHKE with prime p = 19 and generator g = 10. Assuming A randomly Diffie–Hellman Key Exchange chose private PR A = 7 and B randomly chose private Algorithm PR B = 8, find the shared secret key. Analysis of DHKE Man-in-the-Middle Attack on DHKE Implementations of DHKE Diffie–Hellman in OpenSSL DHKE in Python 5

  6. Cryptography Contents Diffie–Hellman Key Exchange Diffie–Hellman Key Exchange Algorithm Diffie–Hellman Key Exchange Algorithm Analysis of DHKE Analysis of DHKE Man-in-the-Middle Attack on DHKE Implementations of Man-in-the-Middle Attack on DHKE DHKE Diffie–Hellman in OpenSSL Implementations of DHKE DHKE in Python Diffie–Hellman in OpenSSL DHKE in Python 6

  7. Cryptography Requirements of DHKE Diffie–Hellman Key Exchange 1. Same shared secret: K A and K B must be identical Diffie–Hellman 2. Computational efficiency: Easy to calculate PU and K Key Exchange Algorithm 3. Secure: Infeasible to determine PR or K from known Analysis of DHKE values Man-in-the-Middle ◮ Attacker knows 3 public values in PU A = g PR A mod p Attack on DHKE Implementations of ◮ Must be practically impossible to find the 4th value PR A DHKE Diffie–Hellman in OpenSSL DHKE in Python 7 While we don’t show it here, it can easily be proved that DHKE will produce the same value of K for both users. Modular exponentiation, while slow with big numbers, is easy to calculate, i.e. can be achieved in less than seconds. The inverse operation of modular exponentiation, referred to as a discrete logarithm, is hard to calculate. With large enough values, it is considered impossible to calculate.

  8. Cryptography Prove Identical Keys in DHKE (question) Diffie–Hellman Key Exchange Prove that user A and user B will always calculate the same shared secret key in DHKE. That is, prove that K A = K B . Diffie–Hellman Key Exchange Algorithm Analysis of DHKE Man-in-the-Middle Attack on DHKE Implementations of DHKE Diffie–Hellman in OpenSSL DHKE in Python 8

  9. Cryptography Brute Force Attack on PR in DHKE (question) Diffie–Hellman Key Exchange Assuming you have intercepted PU A = 15 from the DHKE exercise, how would you perform a brute force attack to find Diffie–Hellman Key Exchange PR A ? How could such a successful brute force attack be Algorithm prevented in practice? Analysis of DHKE Man-in-the-Middle Attack on DHKE Implementations of DHKE Diffie–Hellman in OpenSSL DHKE in Python 9

  10. Cryptography Discrete Logarithm Attack in DHKE (exercise) Diffie–Hellman Key Exchange Assuming a brute force attack is not possible, write an equation that the attacker would have to solve to find PR A . Diffie–Hellman Key Exchange Algorithm Analysis of DHKE Man-in-the-Middle Attack on DHKE Implementations of DHKE Diffie–Hellman in OpenSSL DHKE in Python 10

  11. Cryptography Discrete Logarithm is Computationally Hard Diffie–Hellman Problem Key Exchange Diffie–Hellman ◮ Discrete Logarithm Problem: Key Exchange Algorithm Analysis of DHKE given g , p and g x mod p , find x Man-in-the-Middle Attack on DHKE ◮ For certain values of p , considered computationally hard Implementations of DHKE Diffie–Hellman in ◮ p is a safe prime, i.e. p = 2 q + 1 where q is a large OpenSSL prime DHKE in Python ◮ p is very large, usually at least 1024 bits ◮ 2016: Discrete logarithm with 768 bit prime p was solved within 5300 core years on 2.2GHz Xeon E5-2660 processor ◮ Considered harder to solve than equivalent integer factorisation ◮ 768 bit integer factored in 2000 core years 11

  12. Cryptography Contents Diffie–Hellman Key Exchange Diffie–Hellman Key Exchange Algorithm Diffie–Hellman Key Exchange Algorithm Analysis of DHKE Analysis of DHKE Man-in-the-Middle Attack on DHKE Implementations of Man-in-the-Middle Attack on DHKE DHKE Diffie–Hellman in OpenSSL Implementations of DHKE DHKE in Python Diffie–Hellman in OpenSSL DHKE in Python 12

  13. Cryptography MITM Attack on DHKE (exercise) Diffie–Hellman Key Exchange Consider the “Diffie–Hellman Key Exchange” exercise where user A chooses PR A = 7 and B chooses PR B = 8. Show Diffie–Hellman Key Exchange how a MITM can be performed such that an attacker Q can Algorithm decrypt any communications between A and B that use the Analysis of DHKE secret shared between A and B. Man-in-the-Middle Attack on DHKE Implementations of DHKE Diffie–Hellman in OpenSSL DHKE in Python 13

  14. Cryptography Contents Diffie–Hellman Key Exchange Diffie–Hellman Key Exchange Algorithm Diffie–Hellman Key Exchange Algorithm Analysis of DHKE Analysis of DHKE Man-in-the-Middle Attack on DHKE Implementations of Man-in-the-Middle Attack on DHKE DHKE Diffie–Hellman in OpenSSL Implementations of DHKE DHKE in Python Diffie–Hellman in OpenSSL DHKE in Python 14

  15. Cryptography Selecting Public Parameters p and g Diffie–Hellman Key Exchange ◮ Some (older) communication protocols defined a fixed Diffie–Hellman value of p and g Key Exchange ◮ All clients and servers use the same values Algorithm Analysis of DHKE ◮ Newer protocols allow for an exchange of values (e.g. a Man-in-the-Middle Group Exchange protocol) Attack on DHKE Implementations of ◮ Example fixed value in older versions of SSH DHKE (diffie-hellman-group1-sha1 using Oakley Group 2) Diffie–Hellman in OpenSSL p = 2 1024 − 2 960 − 1 + 2 64 × (2 894 × π + 129093) DHKE in Python g = 2 p is 1024 bits in length 15 As p and q are public and known to the attacker, using the same values all the time should not be a problem. Exchanging values involves extra communication overhead and also processing overhead. However following the principle of changing keys frequently to give an attacker less chance to compromise them, many protocols now support the ability to change the public parameters.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture Outline Review of Diffie-Hellman key exchange Looking at Authentication from a

Lecture Outline Review of Diffie-Hellman key exchange Looking at Authentication from a

Lecture Outline Review of Diffie-Hellman key exchange Looking at Authentication from a number of perspectives Today: authenticating users, services Agreeing on Secret Keys Without Prior Arrangement Diffie-Hellman Key Exchange

1.07k views • 73 slides
1 Diffie-Hellman exponential key exchange Diffie-Hellman exponential key exchange Alice has

1 Diffie-Hellman exponential key exchange Diffie-Hellman exponential key exchange Alice has

Symmetric cryptography Both parties must agree on a secret key, K message is encrypted, sent, decrypted at other side E K (P) D K (C) Secure Communication Bob Alice Key distribution must be secret otherwise messages can be

553 views • 10 slides
Applications Mark Zhandry Stanford University Diffie-Hellman Key Exchange Exchange keys over

Applications Mark Zhandry Stanford University Diffie-Hellman Key Exchange Exchange keys over

Multilinear Maps and Their Applications Mark Zhandry Stanford University Diffie-Hellman Key Exchange Exchange keys over a public channel: Public group , generator , order (Potential) Hard Problems in Groups Discrete Log (DL):

621 views • 60 slides
Intro to Public Key Cryptography Diffie &amp; Hellman Key Exchange Course Summary

Intro to Public Key Cryptography Diffie &amp; Hellman Key Exchange Course Summary

Intro to Public Key Cryptography Diffie &amp; Hellman Key Exchange Course Summary Introduction Stream &amp; Block Ciphers Block Ciphers Modes (ECB,CBC,OFB) Advanced Encryption Standard (AES) Message

243 views • 20 slides
Question Diffie Hellman Key Exchange protocol that we studied in the last class is used to

Question Diffie Hellman Key Exchange protocol that we studied in the last class is used to

Question Diffie Hellman Key Exchange protocol that we studied in the last class is used to exchange: symmetric key or asymmetric key Question What is the mean/method that we studied to exchange asymmetric keys? Hint: If you

372 views • 15 slides
Diffie-Hellman Key Exchange Source: Wikipedia ElGamal Key Generator Generate primes p and

Diffie-Hellman Key Exchange Source: Wikipedia ElGamal Key Generator Generate primes p and

Diffie-Hellman Key Exchange Source: Wikipedia ElGamal Key Generator Generate primes p and q as well as an element g Z p that generates the subgroup G q . Choose a random x from { 0 , . . . , q 1 } . Compute h = g x .

754 views • 7 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption: with

445 views • 17 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

256 views • 22 slides
Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

810 views • 42 slides
Diffie-Hellman, discrete logs, the NSA, and you J. Alex Halderman University of Michigan Based

Diffie-Hellman, discrete logs, the NSA, and you J. Alex Halderman University of Michigan Based

Diffie-Hellman, discrete logs, the NSA, and you J. Alex Halderman University of Michigan Based on joint work: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry,

879 views • 63 slides
Public Key Infrastructure Chester Rebeiro IIT Madras Recollect Diffie-Hellman Key Exchange

Public Key Infrastructure Chester Rebeiro IIT Madras Recollect Diffie-Hellman Key Exchange

Public Key Infrastructure Chester Rebeiro IIT Madras Recollect Diffie-Hellman Key Exchange Key Establishment : Alice and Bob want to use a block cipher for encryption. How do they agree upon the secret key Alice and Bob agree upon a

972 views • 56 slides
High-speed Diffie-Hellman, part 2 D. J. Bernstein University of Illinois at Chicago Classic

High-speed Diffie-Hellman, part 2 D. J. Bernstein University of Illinois at Chicago Classic

High-speed Diffie-Hellman, part 2 D. J. Bernstein University of Illinois at Chicago Classic question about the Diffie-Hellman system: How quickly can we compute n th powers mod p ? Modular exponentiation. p ; Assume standard prime p =

684 views • 45 slides
Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange Shared/Symmetric-Key PKE scheme Encryption (a.k.a. private-key encryption) a.k.a. asymmetric-key encryption PKE SKE: Syntax Syntax KeyGen outputs KeyGen

366 views • 13 slides
A kilobit hidden SNFS discrete log computation Joshua Fried , Pierrick Gaudry, Nadia Heninger,

A kilobit hidden SNFS discrete log computation Joshua Fried , Pierrick Gaudry, Nadia Heninger,

A kilobit hidden SNFS discrete log computation Joshua Fried , Pierrick Gaudry, Nadia Heninger, Emmanuel Thom e May 1, 2017 Textbook (Finite-Field) Diffie-Hellman Key Exchange [Diffie Hellman 1976] p a prime (so F p is a cyclic group) g

598 views • 30 slides
RSA Public Key CryptoSystem One way Trapdoor Functions Diffie and Hellman (76) New Directions

RSA Public Key CryptoSystem One way Trapdoor Functions Diffie and Hellman (76) New Directions

RSA Public Key CryptoSystem One way Trapdoor Functions Diffie and Hellman (76) New Directions in Cryptography Split the Bobs secret key K to two parts: K E , to be used for encrypting messages to Bob. K D , to be used for

482 views • 32 slides
C.c) DSA and Diffie-Hellman W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 C.73 DSA

C.c) DSA and Diffie-Hellman W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 C.73 DSA

1 C.c) DSA and Diffie-Hellman W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 C.73 DSA (Digital Signature Algorithm) standardized by NIST A) Generation of a key pair Select a prime q with 2 159 &lt; q &lt; 2 160 Select a

348 views • 11 slides
Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from previous slides by Prof. Gene Tsudik] 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and

478 views • 23 slides
Transcript collision Attacks Breaking Authentication in TLS, IKE, and SSH G. Leurent, K.

Transcript collision Attacks Breaking Authentication in TLS, IKE, and SSH G. Leurent, K.

Introduction Client Authentication Downgrade Attack Channel Binding Conclusion Transcript collision Attacks Breaking Authentication in TLS, IKE, and SSH G. Leurent, K. Bhargavan (Inria) Transcript collision Attacks Dagstuhl 16012 1 / 20

370 views • 33 slides
From the Bluetooth Standard to Standard-Compliant 0-days Daniele Antonioli and Mathias Payer

From the Bluetooth Standard to Standard-Compliant 0-days Daniele Antonioli and Mathias Payer

Hardwear.io Virtual Con 2020 From the Bluetooth Standard to Standard-Compliant 0-days Daniele Antonioli and Mathias Payer Daniele Antonioli ( @francozappa ) Mathias Payer ( @gannimo ) From the Bluetooth Standard to Standard-Compliant 0-days 1

876 views • 35 slides
Breaking and Fixing Public-Key Kerberos Iliano Cervesato - Tulane University (Joint work with

Breaking and Fixing Public-Key Kerberos Iliano Cervesato - Tulane University (Joint work with

Breaking and Fixing Public-Key Kerberos Iliano Cervesato - Tulane University (Joint work with A. D. Jaggard, A. Scedrov, J.-K. Tsay, and C. Walstad) Partially supported by ONR and NSF Information and Software Engineering Department 30

278 views • 26 slides
On the Need for Provably Secure Distance Bounding Serge Vaudenay COLE POLYTECHNIQUE

On the Need for Provably Secure Distance Bounding Serge Vaudenay COLE POLYTECHNIQUE

On the Need for Provably Secure Distance Bounding Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2012 distance bounding CIoT 2012 1 / 39 Introduction to Distance-Bounding 1 Some Insecurity Case

600 views • 39 slides
Operating Channel Validation M. Vanhoef 1 , N. Bhandaru 2 , T. Derham 2 , I. Ouzieli 3 , F.

Operating Channel Validation M. Vanhoef 1 , N. Bhandaru 2 , T. Derham 2 , I. Ouzieli 3 , F.

Operating Channel Validation M. Vanhoef 1 , N. Bhandaru 2 , T. Derham 2 , I. Ouzieli 3 , F. Piessens 1 1 KU Leuven 2 Broadcom 3 Intel WiSec, Stockholm (Sweden), 18 June 2018 Contributions Paper: attacks &amp; high-level defense

703 views • 18 slides
Submission of the Appointments and Fees Reports OFFICE of COURT ADMINISTRATION Report Submission

Submission of the Appointments and Fees Reports OFFICE of COURT ADMINISTRATION Report Submission

4/3/2017 Submission of the Appointments and Fees Reports OFFICE of COURT ADMINISTRATION Report Submission Submit online at card.txcourts.gov Enter manually into database OR Upload a file (xml) Use same log in information you use for Monthly Court

454 views • 9 slides
Home Health Value-Based Purchasing Home Health Agency Registration December 1 7 , 2015

Home Health Value-Based Purchasing Home Health Agency Registration December 1 7 , 2015

Home Health Value-Based Purchasing Home Health Agency Registration December 1 7 , 2015 Presenters Marcie OReilly, CMS Innovation Center, Centers for Medicare &amp; Medicaid Services Jennifer Wiens, The Lewin Group 2 Agenda TBP)

861 views • 30 slides

More recommend