views:

1529

answers:

7

Consider and client server scenario and you got two options:

  1. You can include Server's Public Key in Client and perform the exchange.
  2. You can use Diffie Hellman KeyExchange Algorithm to handshake and then exchange the key.

Which one is more secure way? also if public key will come from store say from Client CA store? would it be more secure instead of binding it in Client app?

The deployment will be done via an installer, verifying the version on each run.

+2  A: 

With (only) DH key exchange, the client has no way to know that it is really the server he is talking to.

So the conversation would be secure from eavesdroppers, but someone could pretend to be the server and compromise the client.

Thilo
DH key exchange is very vulnerable to man in the middle attacks, just as Thilo implicitly writes.
AnnaR
so you guys are voting for Option-1?but hasn't Diffie Hellman is considered secure on unsecure networks?
Usman Masood
@Usman: Diffie-Hellman is secure against eavesdropping, but has no protection against man in the middle attacks. PKI provides that, assuming that the client can securely obtain the CA certificate. There's so such thing as "secure" - a given system prevents particular things happening. If those things are the only things you don't want to happen, then the system is "secure for your use" of it.
Steve Jessop
@onebyone yep! in that case what would you say about public key being embded in client app?
Usman Masood
If you embed the key in the app, then the client can trust the key as much as they trust the code, which should be good enough for them. Sometimes however you want to change a certificate, and it's easier to do that (without pushing a new version of the app) by having the server provide a cert to the client as part of the connection protocol, and that cert be signed by a signing cert either in the app, or in the client's OS keystore. That's the model used by SSL, and it seems to work OK...
Steve Jessop
yep! thats a really good idea thanks
Usman Masood
+1  A: 

An embedded key can be replaced. Generally speaking, if the client's machine is not secured by non-software means, you cannot prevent hacking of your client by a sufficiently motivated attacker. Even a TPM is no panacea. The question becomes one of trade-off: attackers' man-hours vs. utility (profit, fame &c) gained. The only really secure way to license a program which does computations is to perform all licensable computations on a server you physically control; https or SSL can be made sufficiently secure by choosing appropriate key lengths, hashing schemes, ciphers &c (a subject of which I know little).

The principle here is actually rather simple: you need to engineer a situation in which it will be in your clients' best interests to protect their passwords/license keys/data/whatever. E.g. if you have a computation server and charge your clients for server time, client keys are proxies to owners' bank accounts.

Anton Tykhyy
well! if he hacks the servers public key... then server will no longer be able to decrypt the client data which means no communication.. i guess thats how it should be.
Usman Masood
the attacker only needs to hack the client private key, or extract the server public key and use it in a separate attacking program
Anton Tykhyy
then what could be the best approach?
Usman Masood
I don't know your particulars, so can't really tell what will be best for you; added some general advice in answer.
Anton Tykhyy
ok Anton one more question what would you suggest if public key will come from store say from Client CA store? would it be more secure?
Usman Masood
Not much more secure I think. An attacker could change the name of the key your client requests from the store just as well as an embedded key.
Anton Tykhyy
+3  A: 

Don't.

If you need to solve this kind of problem in production code, have an expert do it. There are so many subtle pitfalls in cryptography that chances are you will come a cropper.

Tobias
A: 

As Tobias mentioned above it is better if you don't roll your own protocol. I would suggest to use an implementation of TLS, or at least model your protocol on TLS. TLS provides options for both Diffie-Hellman and Certificate based key exchange.

Take a look at: http://en.wikipedia.org/wiki/Secure_Sockets_Layer

Mark
A: 

With the public key scenario the client must be generating the key, there is no way you can have any confidence this key is securely generated (someone could get access to the system and change the key generator to always use the same value, increment the previous value by one, whatever, said attacker can then eves drop on your communications for ever more). Public key crypto was not designed for this purpose.

Diffie-Hellman would be better but as Tobias said if you roll your own you'll probably leave an attack.

Patrick
What do you mean by client? Because the whole point of public key cryptography is that it is the server who generate both public and private keys. Maybe I misunderstood you though.
Gab Royer
My understanding is that the OP is trying to exchange a session key between the client and the server using either a public key to encrypt a session key at the client end and then send it to the server or by generating a session key using the Diffie-Hellman protocol.
Patrick
+1  A: 

Well private key algorithms usually offers better performances (by an order of magnitude or more as far as I can remember) then their public key counterpart. In that sense Diffie-Hellman would be more efficient then say RSA for a client-server architecture.

If you have far far more clients then servers, you could implement a public-key algorithm to reduce the exchanges between them.

Still, like many people said, you should consider asking/hiring an expert on the matter as there is many different types of attacks (most of them targeting only the implementation and not the algorithm per se). If you still want to proceed, I can only wish you best of luck and point you to this resources you should very carefully read.

Diffie-Hellman Key agreement method

Gab Royer
A: 

Can diffie hellman be executed between 3 parties.... Bob alice and eve????

Pravin