[messaging] Messaging Digest, Vol 357, Issue 1
Martin Dehnel-Wild
mpdehnel at gmail.com
Fri Dec 4 12:58:31 PST 2015
Yes. Having a pre-shared public key definitely allows you to prevent MITM
attacks. (Where by 'attack' I assume you mean 'the adversary learns the
agreed key')
See e.g. MQV (https://en.wikipedia.org/wiki/MQV), HMQV, NAXOS for examples
of modern(-ish) protocols that are not vulnerable to MITM attacks.
Even Needham-Schroeder-Lowe protocol (
https://en.wikipedia.org/wiki/Needham%E2%80%93Schroeder_protocol#Fixing_the_man-in-the-middle_attack,
http://www.cs.cornell.edu/~shmat/courses/cs6431/lowe.pdf, 1996, not
DH-based) is not vulnerable to MITM when you have pre-shared public keys.
If you'd like machine-based proofs of the fact that they're not vulnerable
to MITM attacks, run them through the Tamarin-prover (a security protocol
verification tool that supports both falsification and unbounded
verification of security protocols): download
https://github.com/tamarin-prover/tamarin-prover/ and then look in
examples/ake/dh/ and examples/classic/ for each of the above mentioned
protocols.
This is just one way of demonstrating their invulnerability (in this case
in the symbolic world), but you can also find proofs for (I believe) most
of the above in the computational setting as well, which are generally
stronger 'proofs', but mostly human constructed and verified.
Martin
On Fri, Dec 4, 2015 at 8:00 PM, <messaging-request at moderncrypto.org> wrote:
> Send Messaging mailing list submissions to
> messaging at moderncrypto.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://moderncrypto.org/mailman/listinfo/messaging
> or, via email, send a message with subject or body 'help' to
> messaging-request at moderncrypto.org
>
> You can reach the person managing the list at
> messaging-owner at moderncrypto.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Messaging digest..."
>
>
> Today's Topics:
>
> 1. Can a pre-shared public key prevent MITM-attacks? (U.Mutlu)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 4 Dec 2015 03:03:27 +0100
> From: "U.Mutlu" <for-gmane at mutluit.com>
> To: messaging at moderncrypto.org
> Subject: [messaging] Can a pre-shared public key prevent MITM-attacks?
> Message-ID: <n3qs9g$9p4$1 at ger.gmane.org>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> On the following wiki page it's boldly claimed that "A pre-shared public
> key
> also prevents man-in-the-middle attacks"
> https://en.wikipedia.org/wiki/Diffie?Hellman_key_exchange#Public_key :
> "It is also possible to use Diffie?Hellman as part of a public key
> infrastructure, allowing Bob to encrypt a message so that only Alice will
> be
> able to decrypt it, with no prior communication between them other than Bob
> having trusted knowledge of Alice's public key. Alice's public key is
> (g^a mod p, g, p). To send her a message, Bob chooses a random b and then
> sends Alice g^b mod p (un-encrypted) together with the message encrypted
> with symmetric key (g^a)^b mod p. Only Alice can determine the symmetric
> key
> and hence decrypt the message because only she has a (the private key).
> A pre-shared public key also prevents man-in-the-middle attacks."
>
> I have my doubts.
> What do others think of 'MITM prevention by using public key encryption'?
>
>
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
>
> ------------------------------
>
> End of Messaging Digest, Vol 357, Issue 1
> *****************************************
>
--
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20151204/7012d6eb/attachment.html>
More information about the Messaging
mailing list