The PAK proposal for sacred WG Alec Brusilovsky

Slides:



Advertisements
Similar presentations
The Diffie-Hellman Algorithm
Advertisements

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.
Password-based Credentials Download Protocols Radia Perlman
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Source: 2007 International Conference on Intelligent Pervasive.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Inter-Domain Identity-Based Authenticated Key Agreement Protocols from Weil Pairing Authors: Hong-bin Tasi, Yun-Peng Chiu and Chin-Laung Lei From:ISC2006.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
The Diffie-Hellman Algorithm Riley Lochridge April 11, 2003.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
Authentication System
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
1 Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing From : ePrint (August 2005) Author : Junghyun Nam, Seungjoo.
Dan Boneh Basic key exchange The Diffie-Hellman protocol Online Cryptography Course Dan Boneh.
Diffie-Hellman Key Exchange
Computer Science Public Key Management Lecture 5.
Strong Password Protocols
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Lecture 7b: The Diffie-Hellman Secret Sharing Scheme Wayne Patterson SYCS 653 Fall 2009.
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
COEN 351 E-Commerce Security Essentials of Cryptography.
Lecture 11: Strong Passwords
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Key Agreement Guilin Wang School of Computer Science 12 Nov
BASIC CRYPTOGRAPHIC CONCEPTS. Public Key Cryptography  Uses two keys for every simplex logical communication link.  Public key  Private key  The use.
Chapter 21 Public-Key Cryptography and Message Authentication.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Maryland Information Systems Security Lab D EPARTMENT OF C OMPUTER S CIENCE EAP Password Authenticated eXchange (PAX) T. Charles Clancy William A. Arbaugh.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Lecture 6.2: Protocols - Authentication and Key Exchange II CS 436/636/736 Spring 2012 Nitesh Saxena.
6 June Lecture 2 1 TU Dresden - Ws on Proof Theory and Computation Formal Methods for Security Protocols Catuscia Palamidessi Penn State University,
Cryptographic Hash Functions and Protocol Analysis
EAP-PSK v8 IETF 63 – Paris, France August EAP-PSK: an independent submission to IESG Requested EAP method type number allocation Reviewed June 2005.
Doc.: IEEE /200 Submission September 2000 Ron Brockmann, Intersil Plug-n-Play Security in the Home & Small Business Ron Brockmann Intersil.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Password-only Authenticated Key Agreement Protocols Based on Self-certified Approach Tzong-Chen Wu and Yen-Ching Lin Department of Information Management.
COEN 351 E-Commerce Security
NTRU Key Exchange based on a posting of Lars Luthman on the Cryptography mailinglist on 05/17/2014 The search for a Post-Quantum Diffie-Hellman replacement.
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Key Management Network Systems Security Mort Anvari.
1 (Re)Introducing Strong Password Protocols Radia Perlman
Integrating A Key Distribution Procedure Into The Digital Signature Standard B. Arazi Electronics Letters Vol. 29, No. 11, Pg May 1993 Adviser:
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Homework #2 J. H. Wang Oct. 31, 2012.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
Information Security and Management 10. Other Public-key Cryptosystems Chih-Hung Wang Fall
Key distribution Ján Kotrady. Content: What is key distribution? Key agreement and distribution Basic algorithm – Diffie-Hellman Basic attacks – Man in.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
SIP Authentication using EC- SRP5 Protocol Fuwen Liu, Minpeng Qi, Min Zuo, 1.
Strong Password Protocols
Secure Diffie-Hellman Algorithm
Presentation transcript:

The PAK proposal for sacred WG Alec Brusilovsky

Wednesday, August 3, Sacred WG IETF 63, Paris, France Wish list  Mutual authentication based on just a pre-shared, human-memorizable password.  Fulfillment of the need to guard against a man-in-the- middle and against offline dictionary attack.  Simplicity and openness, to promote widespread adoption and to minimize flaws.  PAK (Password Authenticated Key exchange) –satisfies all of the above –is proposed as a new work item for sacred

Wednesday, August 3, Sacred WG IETF 63, Paris, France Why PAK?  Provides strong key exchange with weak passwords  Foils the man-in-the-middle attack  Provides explicit mutual authentication

Wednesday, August 3, Sacred WG IETF 63, Paris, France Diffie-Hellman Key Exchange (1976) a refresher Alice Bob Global public: x and y – primes y < x Alice’s Key generation: Select private Ra; Ra < x Calculate public y Ra mod x Bob’s Key generation: Select private Rb; Rb < x Calculate public y Ra mod x Alice’s Key = Bob’s Key (y Ra ) Rb mod x = (y Rb ) Ra mod x K=(y Rb ) Ra mod xK=(y Ra ) Rb mod x y Ra mod x y Rb mod x

Wednesday, August 3, Sacred WG IETF 63, Paris, France PAK – an extension of the Diffie-Hellman Key Exchange Alice Bob Global public: x and y – primes, y < x K=(y Rb ) Ra mod xK=(y Ra ) Rb mod x y Ra mod x y Rb mod x K=HASH’’(PW, y Rb*Ra mod x ) HASH(PW) * y Ra mod x HASH’(PW) * y Rb mod x Alice and Bob share password PW

Wednesday, August 3, Sacred WG IETF 63, Paris, France PAK – Password Authenticated Key Exchange Protocol (details omitted) Alice Bob K=HASH(3,PW, y RbRa mod x)K=HASH(3,PW, y RaRb mod x) HASH(PW) * (y Ra mod x) HASH(PW) * (y Rb mod x), S 1 Alice and Bob share password PW S2S2 S 2 = HASH(2, PW, y Rb mod x, y Ra mod x, y RaRb mod x) S 1 = HASH(1, PW, y Ra mod x, y Rb mod x, y RaRb mod x) K=HASH(3,PW, y RbRa mod x) K=HASH(3,PW, y RaRb mod x)

Wednesday, August 3, Sacred WG IETF 63, Paris, France Plan9 – implementation of PAK  Plan 9 is distributed in an open source manner:  The particular algorithm used in Plan 9 is PAK. PAK is a seemingly obvious tweak to Diffie-Hellman  To download plan 9 go to:

Thank you Alec Brusilovsky

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.