SlideShare a Scribd company logo

Diffie_Hellman-Merkle Key Exchange

Download as ODP, PDF
Kevin OBrien
Kevin OBrien

This is a description of the Diffie-Hellman-Merkle Key Exchange process, with a presentation of the essential calculations and some discussion of vulnerabilities

Technology
1 of 25
Diffie-Hellman-Merkle Key Exchange Kevin O’Brien Washtenaw Linux Users Group
The Cast of Characters Whitfield Diffie Martin Hellman Ralph Merkle
Martin Hellman ● Stanford professor through 1996 ● His doctoral students included Ralph Merkle, Whitfield Diffie, and Taher Elgamal ● Worked with Horst Feistel (DES) while at IBM in late 196os ● Co-winner with Whitfield Diffie of ACM Turing Award in 2015
Whitfield Diffie ● Research programmer at Stanford Artificial Intelligence Laboratory (SAIL) ● Hired by Martin Hellman as a Research Assistant, and a doctoral student ● Never finished his PhD ● Became a Sun Fellow ● Co-winner with Martin Hellman of the ACM Turing Award in 2015
Ralph Merkle ● Doctoral student under Martin Hellman ● Inventor of Cryptographic Hashing ● Research Scientist at PARC ● Led the Georgia Tech Information Security Center ● Winner of ACM Award in 1996 ● Appears as a character in Neal Stephenson’s The Diamond Age.
Why Ralph Merkle? The system…has since become known as Diffie–Hellman key exchange. While that system was first described in a paper by Diffie and me, it is a public key distribution system, a concept developed by Merkle, and hence should be called ‘Diffie– Hellman–Merkle key exchange’ if names are to be associated with it. I hope this small pulpit might help in that endeavor to recognize Merkle’s equal contribution to the invention of public key cryptography. - Martin Hellman
Merkle’s Contribution ● He pioneered the whole field of key exchange when communications were observable ● Came up with idea of Merkle Puzzles ●
Merkle Puzzles ● Bob creates a large number of encrypted messages, each with a different identifier and encryption key ● It is not feasible to brute force all of these messages ● He sends them all to Alice, who picks one to brute force solve ● She sends back the Identifier, and uses the key to encrypt further communications
How this is secure ● The Identifier was in one of the original encrypted messages from Bob ● Bob knows which identifier goes with each key ● But Eve (the eavesdropper) cannot know, and as a already stated it is not feasible to brute force all of the messages Bob sent to Alice ● So this is secure even through Eve can read all of the traffic.
https://ee.stanford.edu/~hellman/publications/24.pdf
Modular Arithmetic ● Key concept of this approach ● One way to think about it is dividing by some number and only keeping the remainder ● Or think of it as counting in a circle. – Example: clocks – If it is now 11, and you need to meet someone in 2 hours, when is the meeting? 1 – Think of that as 11+2, divided by 12, and only keep the remainder
Diffie-Hellman-Merkle ● Again, all communication is assumed open to anyone to watch ● So Eve is reading all of the traffic ● 2 numbers are publicly exchanged – The prime base number g – The prime modulus p ● Modulus is the number you are dividing by to get a remainder, or the size of the circle of numbers ● Again, both numbers are public
Secret numbers ● Now Alice and Bob each choose a secret number which only they know. Bob does not know Alice’s number, and Alice does not know Bob’s number ● These numbers are used in calculations by each of the parties, but never publicly disclosed. This is where the security comes from.
Calculating secret numbers ● Alice computes A=g^a mod p, which is the known base g raised to the power of a (Alice’s secret), which is then divided by p, which is the known modulus, and a remainder is calculated. Alice sends this to Bob, and it is still a secret because only Alice knows a ● Bob then similarly computes B=g^b mod p, and sends B to Alice ● We assume A and B are both seen by Eve, but she cannot brute force them
Shared Secret ● Alice then computes S = B^a mod p ● Bob computes S=A^b mod p ● And they both have the same shared secret number! ● And that is the shared encryption key (keys are merely numbers, after all)
Example 1 ● This is just a simple example of how the math works ● The known base g = 4 ● The known modulus p = 11 ● The base can be small, that does not matter much, but in reality the modulus should be a large prime number. That gets you to computationally infeasible
Example 2 ● Alice’s secret number a = 6 ● Bob’s secret number b = 8 ● Alice computes A = 4^6 mod 11 ● 4^6 = 4096 ● 4096 mod 11 = 4 ● Alice send Bob the number 4, and it is assumed that the message is open and read by Eve.
Example 3 ● Bob computes B = 4^8 mod 11 ● 4^8 = 65,536 ● 65,536 mod 11 = 9 ● Bob sends Alice the number 9, and again we assume Eve is watching this
Example 4 ● Alice computes S = 9^6 mod 11 ● 9^6 = 531,441 ● 531,441 mod 11 = 9 ● Bob computes S = 4^8 mod 11 ● 4^8 = 65,536 ● 65,536 mod 11 = 9 ● They match! This is the secret encryption key!
In the real world... ● As stated, the base g can be small without causing problems, but the modulus p and secret numbers a and b should all be large. Our example used small number just ot make it easier to follow ● This is an example of what is known as a discrete logarithm problem. You are essentially looking for an integer solution to g^(ab) mod p, where g and p are known, but a and b are secret. ● There is no known general solution to this problem that is feasible
Adding people ● You don’t need to restrict the discussion to two people ● Add Carol ● Now it becomes g^(abc) mod p ● In general, this approach is considered safe against eavesdropping
Weaknesses ● Diffie-Hellman-Merkle is safe against eavesdropping for now ● But there is no authentication! ● This approach is vulnerable to man-in-the-middle attacks ● If Mallory can convince Bob that she is Alice, and convince Alice that she is Bob, she could do two key exchanges, sit in the middle, and read all of the traffic unencrypted
Public Key ● Public key, such as RSA, solves the authentication problem ● It let’s you initiate communication with security ● That is why most encrypted connections start with public key before creating a shared secret for further communication ● Also, public key has a larger overhead for computation than a shared secret has
Cracking This ● While there is no general solution as yet, there are specific cases where discrete logarithm problems are now crackable ● As in all cryptography, this is an arms race. As encryption gets better, decryption soon gets better too. ● So you need to kepe improving your methods
Elliptic Curve ● This is the next level of discrete logarithm problem ● It is much more secure as long as you don’t use the tainted numbers supplied by the NSA ● Diffie-Hellman Ephemeral is the basis for a hot topic called Forward Secrecy ● This is way to protect yourself to some degree against someone who stores messages while waiting for a breakthrough in decryption

Recommended

Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
Computer_ at_home
 
Diffie Hellman Key Exchange
Diffie Hellman Key ExchangeDiffie Hellman Key Exchange
Diffie Hellman Key Exchange
SAURABHDHAGE6
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
Sunita Kharayat
 
The Diffie-Hellman Algorithm
The Diffie-Hellman AlgorithmThe Diffie-Hellman Algorithm
The Diffie-Hellman Algorithm
Jay Nagar
 
Rsa cryptosystem
Rsa cryptosystemRsa cryptosystem
Rsa cryptosystem
Abhishek Gautam
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Sathish Kumar
 
Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptx
Sou Jana
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 

Recommended

Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
Computer_ at_home
 
Diffie Hellman Key Exchange
Diffie Hellman Key ExchangeDiffie Hellman Key Exchange
Diffie Hellman Key Exchange
SAURABHDHAGE6
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
Sunita Kharayat
 
The Diffie-Hellman Algorithm
The Diffie-Hellman AlgorithmThe Diffie-Hellman Algorithm
The Diffie-Hellman Algorithm
Jay Nagar
 
Rsa cryptosystem
Rsa cryptosystemRsa cryptosystem
Rsa cryptosystem
Abhishek Gautam
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Sathish Kumar
 
Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptx
Sou Jana
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash Functions
Sam Bowne
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSA
Srilal Buddika
 
Diffiehellman
DiffiehellmanDiffiehellman
Diffiehellmanchenlahero
 
Elliptical curve cryptography
Elliptical curve cryptographyElliptical curve cryptography
Elliptical curve cryptography
Barani Tharan
 
Cryptography
CryptographyCryptography
Cryptography
Deepak Kumar
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyBharat Kumar Katur
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
Ramki M
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 
ElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptxElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptx
Indian Institute of information technology Una
 
Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa Crptosystem
Amlan Patel
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsa
Mazin Alwaaly
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key Cryptography
Md. Shafiul Alam Sagor
 
RSA
RSARSA
RSA
bansidhar11
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
DES
DESDES
DESNaga Srimanyu Timmaraju
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES)
Hardik Manocha
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
Diffie-Hellman Key Exchange
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
Gürkan YILDIRIM
 
Cryptography
CryptographyCryptography
CryptographyPratiksha Patil
 
Cryptography
CryptographyCryptography
Cryptography
Jens Patel
 
Encryption basics
Encryption basicsEncryption basics
Encryption basics
Kevin OBrien
 
Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptx
samimaqbol
 

More Related Content

What's hot

CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash Functions
Sam Bowne
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSA
Srilal Buddika
 
Elliptical curve cryptography
Elliptical curve cryptographyElliptical curve cryptography
Elliptical curve cryptography
Barani Tharan
 
Cryptography
CryptographyCryptography
Cryptography
Deepak Kumar
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
Ramki M
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 
ElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptxElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptx
Indian Institute of information technology Una
 
Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa Crptosystem
Amlan Patel
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsa
Mazin Alwaaly
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key Cryptography
Md. Shafiul Alam Sagor
 
RSA
RSARSA
RSA
bansidhar11
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES)
Hardik Manocha
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
Diffie-Hellman Key Exchange
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
Gürkan YILDIRIM
 
Cryptography
CryptographyCryptography
Cryptography
Jens Patel
 

What's hot (20)

CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash Functions
 
Presentation about RSA
Presentation about RSAPresentation about RSA
Presentation about RSA
 
Diffiehellman
DiffiehellmanDiffiehellman
Diffiehellman
 
Elliptical curve cryptography
Elliptical curve cryptographyElliptical curve cryptography
Elliptical curve cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
ElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptxElGamal Encryption Algoritham.pptx
ElGamal Encryption Algoritham.pptx
 
Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa Crptosystem
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsa
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key Cryptography
 
RSA
RSARSA
RSA
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
 
DES
DESDES
DES
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES)
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Diffie-Hellman Key Exchange
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 

Similar to Diffie_Hellman-Merkle Key Exchange

Encryption basics
Encryption basicsEncryption basics
Encryption basics
Kevin OBrien
 
Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptx
samimaqbol
 
CS283-PublicKey.ppt
CS283-PublicKey.pptCS283-PublicKey.ppt
CS283-PublicKey.ppt
MIBrand
 
CS283-PublicKey.ppt
CS283-PublicKey.pptCS283-PublicKey.ppt
CS283-PublicKey.ppt
ShounakDas16
 
With Math - Diffie-Hellman Rick.ppt
With Math - Diffie-Hellman Rick.pptWith Math - Diffie-Hellman Rick.ppt
With Math - Diffie-Hellman Rick.ppt
ishaankumar39
 
Management of KEY in Cryptography and cybersecurity.pptx
Management of KEY in Cryptography and cybersecurity.pptxManagement of KEY in Cryptography and cybersecurity.pptx
Management of KEY in Cryptography and cybersecurity.pptx
JAYTANWANI1
 
Diffie-Hellman key exchange
Diffie-Hellman key exchangeDiffie-Hellman key exchange
Diffie-Hellman key exchangehughpearse
 
CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem
Gyanmanjari Institute Of Technology
 
Elliptic curve Cryptography and Diffie- Hellman Key exchange
Elliptic curve Cryptography and Diffie- Hellman Key exchangeElliptic curve Cryptography and Diffie- Hellman Key exchange
Elliptic curve Cryptography and Diffie- Hellman Key exchange
IOSRJM
 
Chapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutanChapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutan
newbie2019
 
information security(Public key encryption its characteristics and weakness, ...
information security(Public key encryption its characteristics and weakness, ...information security(Public key encryption its characteristics and weakness, ...
information security(Public key encryption its characteristics and weakness, ...
Zara Nawaz
 
ET4045-2-cryptography-2
ET4045-2-cryptography-2ET4045-2-cryptography-2
ET4045-2-cryptography-2
Tutun Juhana
 
public-key cryptography Shamir
public-key cryptography Shamirpublic-key cryptography Shamir
public-key cryptography Shamir
Information Security Awareness Group
 
Diffie hellman
Diffie hellmanDiffie hellman
Diffie hellman
ieshankothari
 
How do computers exchange secrets using Math?
How do computers exchange secrets using Math?How do computers exchange secrets using Math?
How do computers exchange secrets using Math?
Dharmalingam Ganesan
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-Hellman
Sam Bowne
 

Similar to Diffie_Hellman-Merkle Key Exchange (16)

Encryption basics
Encryption basicsEncryption basics
Encryption basics
 
Diffie Hellman.pptx
Diffie Hellman.pptxDiffie Hellman.pptx
Diffie Hellman.pptx
 
CS283-PublicKey.ppt
CS283-PublicKey.pptCS283-PublicKey.ppt
CS283-PublicKey.ppt
 
CS283-PublicKey.ppt
CS283-PublicKey.pptCS283-PublicKey.ppt
CS283-PublicKey.ppt
 
With Math - Diffie-Hellman Rick.ppt
With Math - Diffie-Hellman Rick.pptWith Math - Diffie-Hellman Rick.ppt
With Math - Diffie-Hellman Rick.ppt
 
Management of KEY in Cryptography and cybersecurity.pptx
Management of KEY in Cryptography and cybersecurity.pptxManagement of KEY in Cryptography and cybersecurity.pptx
Management of KEY in Cryptography and cybersecurity.pptx
 
Diffie-Hellman key exchange
Diffie-Hellman key exchangeDiffie-Hellman key exchange
Diffie-Hellman key exchange
 
CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem CNS - Unit - 4 - Public Key Cryptosystem
CNS - Unit - 4 - Public Key Cryptosystem
 
Elliptic curve Cryptography and Diffie- Hellman Key exchange
Elliptic curve Cryptography and Diffie- Hellman Key exchangeElliptic curve Cryptography and Diffie- Hellman Key exchange
Elliptic curve Cryptography and Diffie- Hellman Key exchange
 
Chapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutanChapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutan
 
information security(Public key encryption its characteristics and weakness, ...
information security(Public key encryption its characteristics and weakness, ...information security(Public key encryption its characteristics and weakness, ...
information security(Public key encryption its characteristics and weakness, ...
 
ET4045-2-cryptography-2
ET4045-2-cryptography-2ET4045-2-cryptography-2
ET4045-2-cryptography-2
 
public-key cryptography Shamir
public-key cryptography Shamirpublic-key cryptography Shamir
public-key cryptography Shamir
 
Diffie hellman
Diffie hellmanDiffie hellman
Diffie hellman
 
How do computers exchange secrets using Math?
How do computers exchange secrets using Math?How do computers exchange secrets using Math?
How do computers exchange secrets using Math?
 
CNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-HellmanCNIT 141: 11. Diffie-Hellman
CNIT 141: 11. Diffie-Hellman
 

More from Kevin OBrien

American icon pmi
American icon pmiAmerican icon pmi
American icon pmi
Kevin OBrien
 
Tls 1.3
Tls 1.3Tls 1.3
Tls 1.3
Kevin OBrien
 
Forward Secrecy
Forward SecrecyForward Secrecy
Forward Secrecy
Kevin OBrien
 
Password best practices and the last pass hack
Password best practices and the last pass hackPassword best practices and the last pass hack
Password best practices and the last pass hack
Kevin OBrien
 
SSL certificates
SSL certificatesSSL certificates
SSL certificates
Kevin OBrien
 
Passwords
PasswordsPasswords
Passwords
Kevin OBrien
 
Linux Directory Structure
Linux Directory StructureLinux Directory Structure
Linux Directory Structure
Kevin OBrien
 
Hardware Discovery Commands
Hardware Discovery CommandsHardware Discovery Commands
Hardware Discovery Commands
Kevin OBrien
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linux
Kevin OBrien
 
Help, my computer is sluggish
Help, my computer is sluggishHelp, my computer is sluggish
Help, my computer is sluggish
Kevin OBrien
 
The ps Command
The ps CommandThe ps Command
The ps Command
Kevin OBrien
 
Installing Software, Part 3: Command Line
Installing Software, Part 3: Command LineInstalling Software, Part 3: Command Line
Installing Software, Part 3: Command Line
Kevin OBrien
 
Installing Software, Part 2: Package Managers
Installing Software, Part 2: Package ManagersInstalling Software, Part 2: Package Managers
Installing Software, Part 2: Package Managers
Kevin OBrien
 
Installing Software, Part 1 - Repositories
Installing Software, Part 1 - RepositoriesInstalling Software, Part 1 - Repositories
Installing Software, Part 1 - Repositories
Kevin OBrien
 
Installing Linux: Partitioning and File System Considerations
Installing Linux: Partitioning and File System ConsiderationsInstalling Linux: Partitioning and File System Considerations
Installing Linux: Partitioning and File System Considerations
Kevin OBrien
 
The ifconfig Command
The ifconfig CommandThe ifconfig Command
The ifconfig Command
Kevin OBrien
 
Find and Locate: Two Commands
Find and Locate: Two CommandsFind and Locate: Two Commands
Find and Locate: Two Commands
Kevin OBrien
 
The Shell Game Part 4: Bash Shortcuts
The Shell Game Part 4: Bash ShortcutsThe Shell Game Part 4: Bash Shortcuts
The Shell Game Part 4: Bash Shortcuts
Kevin OBrien
 
The Shell Game Part 3: Introduction to Bash
The Shell Game Part 3: Introduction to BashThe Shell Game Part 3: Introduction to Bash
The Shell Game Part 3: Introduction to Bash
Kevin OBrien
 
The Shell Game Part 2: What are your shell choices?
The Shell Game Part 2: What are your shell choices?The Shell Game Part 2: What are your shell choices?
The Shell Game Part 2: What are your shell choices?
Kevin OBrien
 

More from Kevin OBrien (20)

American icon pmi
American icon pmiAmerican icon pmi
American icon pmi
 
Tls 1.3
Tls 1.3Tls 1.3
Tls 1.3
 
Forward Secrecy
Forward SecrecyForward Secrecy
Forward Secrecy
 
Password best practices and the last pass hack
Password best practices and the last pass hackPassword best practices and the last pass hack
Password best practices and the last pass hack
 
SSL certificates
SSL certificatesSSL certificates
SSL certificates
 
Passwords
PasswordsPasswords
Passwords
 
Linux Directory Structure
Linux Directory StructureLinux Directory Structure
Linux Directory Structure
 
Hardware Discovery Commands
Hardware Discovery CommandsHardware Discovery Commands
Hardware Discovery Commands
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linux
 
Help, my computer is sluggish
Help, my computer is sluggishHelp, my computer is sluggish
Help, my computer is sluggish
 
The ps Command
The ps CommandThe ps Command
The ps Command
 
Installing Software, Part 3: Command Line
Installing Software, Part 3: Command LineInstalling Software, Part 3: Command Line
Installing Software, Part 3: Command Line
 
Installing Software, Part 2: Package Managers
Installing Software, Part 2: Package ManagersInstalling Software, Part 2: Package Managers
Installing Software, Part 2: Package Managers
 
Installing Software, Part 1 - Repositories
Installing Software, Part 1 - RepositoriesInstalling Software, Part 1 - Repositories
Installing Software, Part 1 - Repositories
 
Installing Linux: Partitioning and File System Considerations
Installing Linux: Partitioning and File System ConsiderationsInstalling Linux: Partitioning and File System Considerations
Installing Linux: Partitioning and File System Considerations
 
The ifconfig Command
The ifconfig CommandThe ifconfig Command
The ifconfig Command
 
Find and Locate: Two Commands
Find and Locate: Two CommandsFind and Locate: Two Commands
Find and Locate: Two Commands
 
The Shell Game Part 4: Bash Shortcuts
The Shell Game Part 4: Bash ShortcutsThe Shell Game Part 4: Bash Shortcuts
The Shell Game Part 4: Bash Shortcuts
 
The Shell Game Part 3: Introduction to Bash
The Shell Game Part 3: Introduction to BashThe Shell Game Part 3: Introduction to Bash
The Shell Game Part 3: Introduction to Bash
 
The Shell Game Part 2: What are your shell choices?
The Shell Game Part 2: What are your shell choices?The Shell Game Part 2: What are your shell choices?
The Shell Game Part 2: What are your shell choices?
 

Recently uploaded

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 

Recently uploaded (20)

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 

Diffie_Hellman-Merkle Key Exchange

  • 1. Diffie-Hellman-Merkle Key Exchange Kevin O’Brien Washtenaw Linux Users Group
  • 2. The Cast of Characters Whitfield Diffie Martin Hellman Ralph Merkle
  • 3. Martin Hellman ● Stanford professor through 1996 ● His doctoral students included Ralph Merkle, Whitfield Diffie, and Taher Elgamal ● Worked with Horst Feistel (DES) while at IBM in late 196os ● Co-winner with Whitfield Diffie of ACM Turing Award in 2015
  • 4. Whitfield Diffie ● Research programmer at Stanford Artificial Intelligence Laboratory (SAIL) ● Hired by Martin Hellman as a Research Assistant, and a doctoral student ● Never finished his PhD ● Became a Sun Fellow ● Co-winner with Martin Hellman of the ACM Turing Award in 2015
  • 5. Ralph Merkle ● Doctoral student under Martin Hellman ● Inventor of Cryptographic Hashing ● Research Scientist at PARC ● Led the Georgia Tech Information Security Center ● Winner of ACM Award in 1996 ● Appears as a character in Neal Stephenson’s The Diamond Age.
  • 6. Why Ralph Merkle? The system…has since become known as Diffie–Hellman key exchange. While that system was first described in a paper by Diffie and me, it is a public key distribution system, a concept developed by Merkle, and hence should be called ‘Diffie– Hellman–Merkle key exchange’ if names are to be associated with it. I hope this small pulpit might help in that endeavor to recognize Merkle’s equal contribution to the invention of public key cryptography. - Martin Hellman
  • 7. Merkle’s Contribution ● He pioneered the whole field of key exchange when communications were observable ● Came up with idea of Merkle Puzzles ●
  • 8. Merkle Puzzles ● Bob creates a large number of encrypted messages, each with a different identifier and encryption key ● It is not feasible to brute force all of these messages ● He sends them all to Alice, who picks one to brute force solve ● She sends back the Identifier, and uses the key to encrypt further communications
  • 9. How this is secure ● The Identifier was in one of the original encrypted messages from Bob ● Bob knows which identifier goes with each key ● But Eve (the eavesdropper) cannot know, and as a already stated it is not feasible to brute force all of the messages Bob sent to Alice ● So this is secure even through Eve can read all of the traffic.
  • 11. Modular Arithmetic ● Key concept of this approach ● One way to think about it is dividing by some number and only keeping the remainder ● Or think of it as counting in a circle. – Example: clocks – If it is now 11, and you need to meet someone in 2 hours, when is the meeting? 1 – Think of that as 11+2, divided by 12, and only keep the remainder
  • 12. Diffie-Hellman-Merkle ● Again, all communication is assumed open to anyone to watch ● So Eve is reading all of the traffic ● 2 numbers are publicly exchanged – The prime base number g – The prime modulus p ● Modulus is the number you are dividing by to get a remainder, or the size of the circle of numbers ● Again, both numbers are public
  • 13. Secret numbers ● Now Alice and Bob each choose a secret number which only they know. Bob does not know Alice’s number, and Alice does not know Bob’s number ● These numbers are used in calculations by each of the parties, but never publicly disclosed. This is where the security comes from.
  • 14. Calculating secret numbers ● Alice computes A=g^a mod p, which is the known base g raised to the power of a (Alice’s secret), which is then divided by p, which is the known modulus, and a remainder is calculated. Alice sends this to Bob, and it is still a secret because only Alice knows a ● Bob then similarly computes B=g^b mod p, and sends B to Alice ● We assume A and B are both seen by Eve, but she cannot brute force them
  • 15. Shared Secret ● Alice then computes S = B^a mod p ● Bob computes S=A^b mod p ● And they both have the same shared secret number! ● And that is the shared encryption key (keys are merely numbers, after all)
  • 16. Example 1 ● This is just a simple example of how the math works ● The known base g = 4 ● The known modulus p = 11 ● The base can be small, that does not matter much, but in reality the modulus should be a large prime number. That gets you to computationally infeasible
  • 17. Example 2 ● Alice’s secret number a = 6 ● Bob’s secret number b = 8 ● Alice computes A = 4^6 mod 11 ● 4^6 = 4096 ● 4096 mod 11 = 4 ● Alice send Bob the number 4, and it is assumed that the message is open and read by Eve.
  • 18. Example 3 ● Bob computes B = 4^8 mod 11 ● 4^8 = 65,536 ● 65,536 mod 11 = 9 ● Bob sends Alice the number 9, and again we assume Eve is watching this
  • 19. Example 4 ● Alice computes S = 9^6 mod 11 ● 9^6 = 531,441 ● 531,441 mod 11 = 9 ● Bob computes S = 4^8 mod 11 ● 4^8 = 65,536 ● 65,536 mod 11 = 9 ● They match! This is the secret encryption key!
  • 20. In the real world... ● As stated, the base g can be small without causing problems, but the modulus p and secret numbers a and b should all be large. Our example used small number just ot make it easier to follow ● This is an example of what is known as a discrete logarithm problem. You are essentially looking for an integer solution to g^(ab) mod p, where g and p are known, but a and b are secret. ● There is no known general solution to this problem that is feasible
  • 21. Adding people ● You don’t need to restrict the discussion to two people ● Add Carol ● Now it becomes g^(abc) mod p ● In general, this approach is considered safe against eavesdropping
  • 22. Weaknesses ● Diffie-Hellman-Merkle is safe against eavesdropping for now ● But there is no authentication! ● This approach is vulnerable to man-in-the-middle attacks ● If Mallory can convince Bob that she is Alice, and convince Alice that she is Bob, she could do two key exchanges, sit in the middle, and read all of the traffic unencrypted
  • 23. Public Key ● Public key, such as RSA, solves the authentication problem ● It let’s you initiate communication with security ● That is why most encrypted connections start with public key before creating a shared secret for further communication ● Also, public key has a larger overhead for computation than a shared secret has
  • 24. Cracking This ● While there is no general solution as yet, there are specific cases where discrete logarithm problems are now crackable ● As in all cryptography, this is an arms race. As encryption gets better, decryption soon gets better too. ● So you need to kepe improving your methods
  • 25. Elliptic Curve ● This is the next level of discrete logarithm problem ● It is much more secure as long as you don’t use the tainted numbers supplied by the NSA ● Diffie-Hellman Ephemeral is the basis for a hot topic called Forward Secrecy ● This is way to protect yourself to some degree against someone who stores messages while waiting for a breakthrough in decryption