the pak proposal for sacred wg alec brusilovsky [email protected]
TRANSCRIPT
Wednesday, August 3, 20052
Sacred WGIETF 63, Paris, France
Wish list
Mutual authentication based on just a pre-shared, human-memorizable password.
Fulfillment of the need to guard against a man-in-the-middle and against offline dictionary attack.
Simplicity and openness, to promote widespread adoption and to minimize flaws.
PAK (Password Authenticated Key exchange)– satisfies all of the above
– is proposed as a new work item for sacred
Wednesday, August 3, 20053
Sacred WGIETF 63, Paris, France
Why PAK?
Provides strong key exchange with weak passwords
Foils the man-in-the-middle attack
Provides explicit mutual authentication
Wednesday, August 3, 20054
Sacred WGIETF 63, Paris, France
Diffie-Hellman Key Exchange (1976) a refresher
Alice Bob
• Global public: x and y – primes y < x • Alice’s Key generation: Select private Ra; Ra < x Calculate public yRamod x
• Bob’s Key generation: Select private Rb; Rb < x Calculate public yRamod x
• Alice’s Key = Bob’s Key
(yRa)Rb mod x = (yRb)Ra mod x
K=(yRb)Ra mod x K=(yRa)Rb mod x
yRa mod x
yRb mod x
Wednesday, August 3, 20055
Sacred WGIETF 63, Paris, France
PAK – an extension of the Diffie-Hellman Key Exchange
Alice Bob
Global public: x and y – primes, y < x
K=(yRb)Ra mod x K=(yRa)Rb mod x
yRa mod x
yRb mod x
K=HASH’’(PW, yRb*Ra mod x )K=HASH’’(PW, yRb*Ra mod x )
HASH(PW) * yRamod x
HASH’(PW) * yRbmod x Alice and Bob share password PW
Wednesday, August 3, 20056
Sacred WGIETF 63, Paris, France
PAK – Password Authenticated Key Exchange Protocol (details omitted)
Alice Bob
K=HASH(3,PW, yRbRa mod x) K=HASH(3,PW, yRaRb mod x)
HASH(PW) * (yRa mod x)
HASH(PW) * (yRb mod x), S1
Alice and Bob share password PW
S2
S2 = HASH(2, PW, yRb mod x, yRa mod x, yRaRb mod x)
S1 = HASH(1, PW, yRa mod x, yRb mod x, yRaRb mod x)
K=HASH(3,PW, yRbRa mod x)
K=HASH(3,PW, yRaRb mod x)
Wednesday, August 3, 20057
Sacred WGIETF 63, Paris, France
Plan9 – implementation of PAK
Plan 9 is distributed in an open source manner:
http://plan9.bell-labs.com/plan9dist/license.html
The particular algorithm used in Plan 9 is PAK. PAK is a seemingly obvious tweak to Diffie-Hellman
To download plan 9 go to:
http://plan9.bell-labs.com/plan9dist/download.html