Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1356
Views
0
Helpful
0
Replies

DH-Algorithm & Man in the middle attack

cliffnotes
Level 1
Level 1

‎10-21-2011 03:05 AM

Please clarify this........

Authentication (Identification of Peer):

1. Using Symmetric Keys: Single key is used, the authentication of remote peer is not accurate when pre-shared key is stolen. So symmetric key alone is not efficient.

2. Asymmetric Key: Suppose if communication is happening between alice & bob, an intruder (man-in-the-middle) first starts conversation with alice stating that he is bob, he (intruder) exchanges his public key with alice and alice will send her public key to intruder thinking him as bob.......thus authentication is not acheived. In asymmetric despite of 2 keys being used, authentication is not achieved.

Solution for the above two is - PKI.

When studying IPSec, i read that IPSec uses DH algorithm to exchange preshared key, symmetric key is distributed using asymmetric keys. DH is used only for key distribution.  But what will happen if there is man in the middle attack while distributing preshared key using DH algorithm (

an intruder (man-in-the-middle) first starts conversation with alice  stating that he is bob, he (intruder) exchanges his public key with  alice and alice will send her public key to intruder thinking him as  bob......)?

  • To solve this does IPSec uses PKI or not. If IPsec doesnt uses PKI then how it will solve the man in the middle attack?

(DH algoritm has drawback that it couldnt solve man in the middle attack problem, then how accurate authentication is acheived by using DH in IPSec?)

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents