80 likes | 215 Views
The PAK proposal for sacred WG. Alec Brusilovsky abrusilovsky@lucent.com. Wish list. Mutual authentication based on just a pre-shared, human-memorizable password. Fulfillment of the need to guard against a man-in-the-middle and against offline dictionary attack.
E N D
The PAK proposal for sacred WG Alec Brusilovsky abrusilovsky@lucent.com
Wish list • Mutual authentication based on just a pre-shared, human-memorizable password. • Fulfillment of the need to guard against a man-in-the-middle and against offline dictionary attack. • Simplicity and openness, to promote widespread adoption and to minimize flaws. • PAK (Password Authenticated Key exchange) • satisfies all of the above • is proposed as a new work item for sacred Sacred WG IETF 63, Paris, France
Why PAK? • Provides strong key exchange with weak passwords • Foils the man-in-the-middle attack • Provides explicit mutual authentication Sacred WG IETF 63, Paris, France
yRa mod x yRb mod x Diffie-Hellman Key Exchange (1976) a refresher • Global public: x and y – primes • y < x • Alice’s Key generation: • Select private Ra; Ra < x • Calculate public yRamod x • Bob’s Key generation: • Select private Rb; Rb < x • Calculate public yRamod x • Alice’s Key = Bob’s Key • (yRa)Rb mod x = (yRb)Ra mod x Bob Alice K=(yRb)Ra mod x K=(yRa)Rb mod x Sacred WG IETF 63, Paris, France
yRa mod x HASH(PW) * yRamod x yRb mod x HASH’(PW) * yRbmod x K=HASH’’(PW, yRb*Ra mod x ) K=(yRb)Ra mod x K=HASH’’(PW, yRb*Ra mod x ) K=(yRa)Rb mod x PAK – an extension of the Diffie-Hellman Key Exchange Bob Alice Global public: x and y – primes, y < x Alice and Bob share password PW Sacred WG IETF 63, Paris, France
HASH(PW) * (yRa mod x) HASH(PW) * (yRb mod x), S1 PAK – Password Authenticated Key Exchange Protocol (details omitted) Bob Alice Alice and Bob share password PW K=HASH(3,PW,yRaRb mod x) K=HASH(3,PW,yRbRa mod x) S2 S1 = HASH(1, PW, yRa mod x, yRb mod x, yRaRb mod x) S2 = HASH(2, PW, yRb mod x, yRa mod x, yRaRb mod x) K=HASH(3,PW,yRbRa mod x) K=HASH(3,PW,yRaRb mod x) Sacred WG IETF 63, Paris, France
Plan9 – implementation of PAK • Plan 9 is distributed in an open source manner: • http://plan9.bell-labs.com/plan9dist/license.html • The particular algorithm used in Plan 9 is PAK. PAK is a seemingly obvious tweak to Diffie-Hellman • To download plan 9 go to: • http://plan9.bell-labs.com/plan9dist/download.html Sacred WG IETF 63, Paris, France
Thank you Alec Brusilovsky abrusilovsky@lucent.com