Professional Documents
Culture Documents
Chap9_Network Security_2023
Chap9_Network Security_2023
E3
N
C
U
AC
08
E3
N
C
U
AC
Diffie-Hellman Key Exchange 194
08
• a public-key distribution scheme
• cannot be used to exchange an arbitrary message
E3
• rather it can establish a common key
• known only to the two participants
N
• value of key depends on the participants (and
C
their private and public key information)
U
• based on exponentiation in a finite (Galois)
AC
08
• all users agree on global parameters:
E3
• large prime integer or polynomial q
• a being a primitive root mod q
N
• each user (eg. A) generates their key
C
• chooses a secret key (number): xA < q
U
x
• compute their public key: yA = a A mod q
AC
08
• shared session key for users A & B is KAB:
x x
E3
KAB = a A. B mod q
xB
= yA mod q (which B can compute)
x
N
= yB A mod q (which A can compute)
C
• KAB is used as session key in private-key
encryption scheme between Alice and Bob
U
• if Alice and Bob subsequently communicate,
AC
08
• users Alice & Bob who wish to swap keys:
• agree on prime q=353 and a=3
E3
• select random secret keys:
N
• A chooses xA=97, B chooses xB=233
• compute respective public keys:
C
97
U
• yA=3233 mod 353 = 40 (Alice)
• yB=3
AC
mod 353 = 248(Bob)
• compute shared
x
session key97as:
• KAB= yB A
mod 353 = 248 = 160 (Alice)
xB 233
• KAB= yA mod 353 = 40 = 160 (Bob)
Dr. Abdellatif Elkouny
Key Exchange Protocols 198
08
• users could create random private/public D-H keys each
time they communicate
E3
• users could create a known private/public D-H key and
N
publish in a directory, then consulted and used to
C
securely communicate with them
U
• both of these are vulnerable to a meet-in-the-Middle
AC
Attack
• authentication of the keys is needed
08
2. Alice transmits her public key to Bob
E3
3. Darth intercepts this and transmits his first public key to
Bob. Darth also calculates a shared key with Alice
N
4. Bob receives the public key and calculates the shared
C
key (with Darth instead of Alice)
U
5. Bob transmits his public key to Alice
AC
08
asymmetric encryption algorithm produce apparently
E3
random output
hence can be used to build a pseudorandom number
N
generator (PRNG)
C
U
much slower than symmetric algorithms
AC
08
• have considered:
E3
• Diffie-Hellman key exchange
• Pseudorandom Number Generation (PRNG) based on
N
Asymmetric Ciphers (RSA)
C
U
AC