581 likes | 1.49k Views
Diffie-Hellman Key Exchange. CSIS 5857: Encoding and Encryption. Diffie-Hellman Key Exchange. Common goal of public key encryption: Securely agree upon a symmetric key Bob generates symmetric key K S Encrypts with Alice’s public key K A PU and sends to Alice
E N D
Diffie-Hellman Key Exchange CSIS 5857: Encoding and Encryption
Diffie-Hellman Key Exchange • Common goal of public key encryption:Securely agree upon a symmetric key • Bob generates symmetric key KS • Encrypts with Alice’s public key KAPU and sends to Alice • Alice decrypts with her private key KAPR • Then use KS to exchange information (using AES, 3DES, etc.) • Problem: What if neither Alice or Bob have a public key? • Diffie-Hellman key exchange (1976 – preceeds RSA) • Allows two people to securely generate a symmetric key without a preexisting public key • Based on modular logarithms
Secure Key Generation • Alice, Bob exchange information to securely generate a value • Information transmitted doesn’t allow anyone else to know that value • That value used as symmetric key to send further information Public info Public info Private info Private info generator generator D P E P Esymmetric (P, kS)
Public and Private Information • Public information (known to Alice, Bob, and everyone): • p: large prime number (at least 1024 bits) • g: Primitive root “generator” (g < p) • Private information • x: random number created (and only known) by Alice • y: random number created (and only known) by Bob • x and y used to generate shared keyk Knows p, g Generates x Knows p, g Generates y
Primitive Roots gis primitive root of pif • For all 0 <a <qthere exists some n < q such that gnmod p= a • That is, powers of g“generate” all integers mod p • Necessary to make sure encryption has unique inverse, as this insures that (gnmod p) ≠ (gmmod p) for n ≠ m
Primitive Roots • Example: p = 19 Only primitive roots: 2 3 10 13 14 15
Key Generation • Alice computes R1= gxmod p • Bob computes R2= gymod p • Alice sends R1 to Bob • Bob sends R2 to Alice
Security of Key Generation • Darth cannot derive xfrom R1 or y from R2 • Would have to solve modular logarithm problem • x = logg(R1 modp) • y = logg(R2 modp)
Key Computation • Alice computes k = R2 xmodp • Bob computes k = R1 ymodp • Alice, Bob now have shared key k • Nobody else can compute without knowing x or y • No secret information transmitted!
Diffie-Hellman Mathematics Why does this work? • Alice’s POV: k = (gymod p)x mod p = gyxmod p • Bob’s POV: k = (gxmod p)y mod p= gxymod p • gyxmod p = gxymod p
Diffie-Hellman Example Public key: g = 7, p = 23 Chooses x = 3 R1 = 73 mod 23 = 21 Chooses y = 6 R2 = 76 mod 23 = 4 21 4 K = 216 mod 23 = 18 K = 43 mod 23 = 18
Man-in-the-Middle Attack • Most serious weakness in Diffie-Hellman • Assumes Darth has ability to: • Intercept messages between Alice and Bob • Masquerade as Alice or Bob to send messages to the other “I am Alice” “I am Bob”
Man-in-the-Middle Attack • Darth generates own random value z • Computes own R3= gzmod p from public values of p, g • Goal: Trick Alice and Bob into using keys he has created from z
Man-in-the-Middle Attack • Darth intercepts R1 sent by Alice and R2 sent by Bob • Computes kAlice= R1 zmodp • Computes kBob= R2 zmodp R2 R1 z R3 kAlicekBob x y
Man-in-the-Middle Attack • Darth sends R3 to Alice posing as Bob • Darth sends R3 to Bob posing as Alice • Alice computes kAlice= R3 xmodp • Bob computes kBob= R3 ymodp R3 R3 kBob kAlicekBob kAlice
Man-in-the-Middle Attack • Darth can read messages sent by Alice and Bob! • Example: Message sent from Alice to Bob • Alice encrypts with kAlicebelieving it is secure • Darth intercepts and decrypts with kAlice • Re-encrypts with kBoband sends to Bob (posing as Alice C = E(P, kAlice) C = E(P, kBob) P = D(C, kAlice)
Station-to-Station Key Agreement • Participants in Diffie-Hellman must authenticate their identities • Only solution to Man-in-the-Middle attack • Authentication usually based on certificates • Signed by trusted authorities • Contain public keys for participants • Information signed with private key • Information verified with corresponding public key contained in certificate