3Introduction Discovered by Whitfield Diffie and Martin Hellman “New Directions in Cryptography”Diffie-Hellman key agreement protocolAllows two users to exchange a secret keyRequires no prior secretsReal-time over an untrusted network
4IntroductionSecurity of transmission is critical for many network and Internet applicationsRequires users to share information in a way that others can’t decipher the flow of information“It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.”-Bruce Schneier
5IntroductionBased on the difficulty of computing discrete logarithms of large numbers.No known successful attack strategies*Requires two large numbers, one prime (P), and (G), a primitive root of P
6Implementation P and G are both publicly available numbers P is at least 512 bitsUsers pick private values a and bCompute public valuesx = ga mod py = gb mod pPublic values x and y are exchanged
7ImplementationCopyright, 2001 by NetIP, Inc. and Keith Palmgren, CISSP.
8Implementation Compute shared, private key ka = ya mod p kb = xb mod p Algebraically it can be shown that ka = kbUsers now have a symmetric secret key to encrypt
9ImplementationCopyright, 2001 by NetIP, Inc. and Keith Palmgren, CISSP.
10ExampleTwo Internet users, Alice and Bob wish to have a secure conversation.They decide to use the Diffie-Hellman protocol
11Example Bob and Alice are unable to talk on the untrusted network. Who knows who’s listening?
12Example Alice and Bob get public numbers P = 23, G = 9Alice and Bob compute public valuesX = 94 mod 23 = mod 23 = 6Y = 93 mod 23 = 729 mod = 16Alice and Bob exchange public numbers
13Example Alice and Bob compute symmetric keys ka = ya mod p = 164 mod 23 = 9kb = xb mod p = 63 mod 23 = 9Alice and Bob now can talk securely!
14ApplicationsDiffie-Hellman is currently used in many protocols, namely:Secure Sockets Layer (SSL)/Transport Layer Security (TLS)Secure Shell (SSH)Internet Protocol Security (IPSec)Public Key Infrastructure (PKI)
15Man-in-the-Middle Attack Alice and Bob wants to communicate.Darth is a middle man.Darth prepares for the attack by generating two random private keys Kd1 and Kd2 and then computing the public keys Yd1 and Yd2.Darth intercepts YA and transmits Yd1 to Bob.He also calculates K2 (secret key between Alice and Darth).Bob receives Kd1 and calculates K1.Bob transmits YB to Alice.Darth intercepts YB and transmits Kd2 to Alice and also calculates K1.Alice receives Kd2 and calculates K2.
16Digital Signatures have looked at message authentication but does not address issues of lack of trustdigital signatures provide the ability to:verify author, date & time of signatureauthenticate message contentsbe verified by third parties to resolve disputeshence include authentication function with additional capabilities
17Digital Signature Properties must depend on the message signedmust use information unique to senderto prevent both forgery and denialmust be relatively easy to producemust be relatively easy to recognize & verifybe practical save digital signature in storage
18Direct Digital Signatures involve only sender & receiverassumed receiver has sender’s public-keydigital signature made by sender signing entire message or hash with private-keycan encrypt using receivers public-keyimportant that sign first then encrypt message & signaturesecurity depends on sender’s private-keyDirect Digital Signatures involve the direct application of public-key algs. But are dependent on security of the sender’s private-key. Have problems if lost/stolen and signatures forged. Need time-stamps and timely key revocation.
19Arbitrated Digital Signatures involves use of arbiter Avalidates any signed messagethen dated and sent to recipientrequires suitable level of trust in arbitercan be implemented with either private or public-key algorithmsarbiter may or may not see messageSee Stallings Table 13.1 for various alternatives