1 / 8

The PAK proposal for sacred WG

The PAK proposal for sacred WG. Alec Brusilovsky abrusilovsky@lucent.com. Wish list. Mutual authentication based on just a pre-shared, human-memorizable password. Fulfillment of the need to guard against a man-in-the-middle and against offline dictionary attack. 

berny
Download Presentation

The PAK proposal for sacred WG

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The PAK proposal for sacred WG Alec Brusilovsky abrusilovsky@lucent.com

  2. Wish list • Mutual authentication based on just a pre-shared, human-memorizable password. • Fulfillment of the need to guard against a man-in-the-middle and against offline dictionary attack.  • Simplicity and openness, to promote widespread adoption and to minimize flaws.  • PAK (Password Authenticated Key exchange) • satisfies all of the above • is proposed as a new work item for sacred Sacred WG IETF 63, Paris, France

  3. Why PAK? • Provides strong key exchange with weak passwords • Foils the man-in-the-middle attack • Provides explicit mutual authentication Sacred WG IETF 63, Paris, France

  4. yRa mod x yRb mod x Diffie-Hellman Key Exchange (1976) a refresher • Global public: x and y – primes • y < x • Alice’s Key generation: • Select private Ra; Ra < x • Calculate public yRamod x • Bob’s Key generation: • Select private Rb; Rb < x • Calculate public yRamod x • Alice’s Key = Bob’s Key • (yRa)Rb mod x = (yRb)Ra mod x Bob Alice K=(yRb)Ra mod x K=(yRa)Rb mod x Sacred WG IETF 63, Paris, France

  5. yRa mod x HASH(PW) * yRamod x yRb mod x HASH’(PW) * yRbmod x K=HASH’’(PW, yRb*Ra mod x ) K=(yRb)Ra mod x K=HASH’’(PW, yRb*Ra mod x ) K=(yRa)Rb mod x PAK – an extension of the Diffie-Hellman Key Exchange Bob Alice Global public: x and y – primes, y < x Alice and Bob share password PW Sacred WG IETF 63, Paris, France

  6. HASH(PW) * (yRa mod x) HASH(PW) * (yRb mod x), S1 PAK – Password Authenticated Key Exchange Protocol (details omitted) Bob Alice Alice and Bob share password PW K=HASH(3,PW,yRaRb mod x) K=HASH(3,PW,yRbRa mod x) S2 S1 = HASH(1, PW, yRa mod x, yRb mod x, yRaRb mod x) S2 = HASH(2, PW, yRb mod x, yRa mod x, yRaRb mod x) K=HASH(3,PW,yRbRa mod x) K=HASH(3,PW,yRaRb mod x) Sacred WG IETF 63, Paris, France

  7. Plan9 – implementation of PAK • Plan 9 is distributed in an open source manner: • http://plan9.bell-labs.com/plan9dist/license.html • The particular algorithm used in Plan 9 is PAK.  PAK is a seemingly obvious tweak to Diffie-Hellman • To download plan 9 go to: • http://plan9.bell-labs.com/plan9dist/download.html Sacred WG IETF 63, Paris, France

  8. Thank you Alec Brusilovsky abrusilovsky@lucent.com

More Related