Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rennes, 23/10/2014 Cristina Onete Key-Exchange Protocols. Diffie-Hellman, Active Attacks, and TLS/SSL.

Published byJuniper O’Neal’ Modified over 9 years ago

Similar presentations

Presentation on theme: "Rennes, 23/10/2014 Cristina Onete Key-Exchange Protocols. Diffie-Hellman, Active Attacks, and TLS/SSL."— Presentation transcript:

1 Rennes, 23/10/2014 Cristina Onete maria-cristina.onete@irisa.fr Key-Exchange Protocols. Diffie-Hellman, Active Attacks, and TLS/SSL

2  Assume we share a Key Alice Bob  Symmetric encryption : Confidentiality of exchanged messages Cristina Onete || 17/11/2014 || 2 Shared Long-term security as long as key is “safe”

3  Assume we share a Key Alice Bob  Symmetric authentication – MACs : Authenticity of exchanged messages Cristina Onete || 17/11/2014 || 3 Shared Nobody else can sign while the key is safe But: slightly weaker demand on key-secrecy than for encryption schemes

4  Assume we share a Key Prover Verifier  Authentication and Identification Legitimacy of a prover with respect to a verifier Shared Nobody can impersonate prover while the key is safe challenge response Cristina Onete || 17/11/2014 || 4

5  How do we get the keys? TTP Alice Bob Generate Cristina Onete || 17/11/2014 || 5

6  Key-Exchange: Diffie Hellman Alice Bob Part of Key  Can we send the key part in clear? Cristina Onete || 17/11/2014 || 6

7  Secure Key-Exchange Alice Bob  Security goal: If Alice and Bob share a session, their key is indistingui- shable from a random key  All the messages exchanged in that sessions are private and securely authenticated Cristina Onete || 17/11/2014 || 7

8  Active attacks on DH Alice Bob Cruella  Exercise 1: Show how Cruella can intercept and inject messages between Alice and Bob Cristina Onete || 17/11/2014 || 8

9  Active attacks on DH Alice Bob Cruella  Exercise 2: Show how you prevent this by using a signa- ture scheme Cristina Onete || 17/11/2014 || 9

10  Client-Server scenario Bob = Amazon.fr Client  Say server’s transmissions are authenticated during Key- Exchange, but the client’s are not  Say the key exchange is secure  Exercise 3: What does this say about the security against a MiM adversary Cruella? Cristina Onete || 17/11/2014 || 10

11  TLS-RSA Bob = Amazon.fr Client  Exercise 4: Explain how the Client and server can agree on a key by using RSA-encryption. What are the security guarantees in this case? Cristina Onete || 17/11/2014 || 11

12  TLS-DH Bob = Amazon.fr Client  Exercise 5: How about now? Cristina Onete || 17/11/2014 || 12

13 CIDRE Thanks!

Download ppt "Rennes, 23/10/2014 Cristina Onete Key-Exchange Protocols. Diffie-Hellman, Active Attacks, and TLS/SSL."

Similar presentations

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.

Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.
Pairwise Key Agreement in Broadcasting Networks - 2005.11.11 - Ik Rae Jeong.

Pairwise Key Agreement in Broadcasting Networks Ik Rae Jeong.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.

Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.
Rennes, 27/11/2014 Cristina Onete Subject Review, Questions, and Exam Practice.

Rennes, 27/11/2014 Cristina Onete Subject Review, Questions, and Exam Practice.
Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.

Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Similar presentations

Ads by Google