Presentation is loading. Please wait.

Presentation is loading. Please wait.

Diffie-Hellman Key Exchange

Published byAugustine Kennedy Modified over 8 years ago

Similar presentations

Presentation on theme: "Diffie-Hellman Key Exchange"— Presentation transcript:

1 Diffie-Hellman Key Exchange
CSCI 5857: Encoding and Encryption

2 Outline Key exchange without public/private keys
Public and private components of Diffie-Hellman Secure information exchange in Diffie-Hellman Underlying mathematics Man-in-the-middle attack Station-to-station key exchange

3 Diffie-Hellman Key Exchange
Common goal of public key encryption: Securely agree upon a symmetric key Bob generates symmetric key KS Encrypts with Alice’s public key KAPU and sends to Alice Alice decrypts with her private key KAPR Then use KS to exchange information (using AES, 3DES, etc.) Problem: What if neither Alice or Bob have a public key? Diffie-Hellman key exchange (1976 – precedes RSA) Allows two people to securely generate a symmetric key without a preexisting public key Based on modular logarithms

4 Secure Key Generation Alice, Bob exchange data to securely generate a value Data transmitted doesn’t allow others to find that value That value used as symmetric key to send further information Public info Public info Private info Private info generator generator D P E P Esymmetric (P, kS)

5 Public and Private Information
Public information (known to Alice, Bob, and everyone): p: large prime number (at least 1024 bits) g: Primitive root “generator” (g < p) Private information x: random number created (and only known) by Alice y: random number created (and only known) by Bob x and y used to generate shared key k Knows p, g Generates x Knows p, g Generates y

6 Key Generation Alice computes R1 = gx mod p Bob computes R2 = gy mod p
Alice sends R1 to Bob Bob sends R2 to Alice

7 Security of Key Generation
Darth cannot derive x from R1 or y from R2 Would have to solve modular logarithm problem x = logg (R1 mod p) y = logg (R2 mod p)

8 Key Computation Alice computes k = R2 x mod p
Bob computes k = R1 y mod p Alice, Bob now have shared key k Nobody else can compute without knowing x or y No secret information transmitted!

9 Diffie-Hellman Mathematics
Alice’s POV: k = R2 x mod p = (gy mod p)x mod p = gyx mod p Bob’s POV: k = R1 y mod p = (gx mod p)y mod p = gxy mod p gyx mod p = gxy mod p = k

10 Diffie-Hellman Example
Public key: g = 7, p = 23 Chooses x = 3 R1 = 73 mod 23 = 21 Chooses y = 6 R2 = 76 mod 23 = 4 4 21 K = 43 mod 23 = 18 K = 216 mod 23 = 18

11 Man-in-the-Middle Attack
Most serious weakness in Diffie-Hellman Assumes Darth has ability to: Intercept messages between Alice and Bob Masquerade as Alice or Bob to send messages to the other “I am Bob” “I am Alice”

12 Man-in-the-Middle Attack
Darth generates own random value z Computes own R3 = gz mod p from public values of p, g Goal: Trick Alice and Bob into using keys he has created from z

13 Man-in-the-Middle Attack
Darth intercepts R1 sent by Alice and R2 sent by Bob Computes kAlice = R1 z mod p Computes kBob = R2 z mod p R1 R2 z R3 kAlice kBob x y

14 Man-in-the-Middle Attack
Darth sends R3 to Alice posing as Bob Darth sends R3 to Bob posing as Alice Alice computes kAlice = R3 x mod p Bob computes kBob = R3 y mod p R3 R3 kBob kAlice kAlice kBob

15 Man-in-the-Middle Attack
Darth can read messages sent by Alice and Bob! Example: Message sent from Alice to Bob Alice encrypts with kAlice believing it is secure Darth intercepts and decrypts with kAlice Re-encrypts with kBob and sends to Bob (posing as Alice C = E(P, kAlice) C = E(P, kBob) P = D(C, kAlice)

16 Station-to-Station Key Agreement
Participants in Diffie-Hellman must authenticate their identities Only solution to Man-in-the-Middle attack Authentication usually based on certificates Signed by trusted authorities Contain public keys for participants

17 Station-to-Station Key Agreement

Download ppt "Diffie-Hellman Key Exchange"

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Introduction to Public Key Cryptography

Introduction to Public Key Cryptography
Asymmetric encryption. Asymmetric encryption, often called public key encryption, allows Alice to send Bob an encrypted message without a shared secret.

Asymmetric encryption. Asymmetric encryption, often called "public key" encryption, allows Alice to send Bob an encrypted message without a shared secret.

Similar presentations

Ads by Google