Yes. Having a pre-shared public key definitely allows you to prevent MITM attacks. (Where by 'attack' I assume you mean 'the adversary learns the agreed key')
See e.g. MQV (https://en.wikipedia.org/wiki/MQV), HMQV, NAXOS for examples of modern(-ish) protocols that are not vulnerable to MITM attacks. Even Needham-Schroeder-Lowe protocol ( https://en.wikipedia.org/wiki/Needham%E2%80%93Schroeder_protocol#Fixing_the_man-in-the-middle_attack, http://www.cs.cornell.edu/~shmat/courses/cs6431/lowe.pdf, 1996, not DH-based) is not vulnerable to MITM when you have pre-shared public keys. If you'd like machine-based proofs of the fact that they're not vulnerable to MITM attacks, run them through the Tamarin-prover (a security protocol verification tool that supports both falsification and unbounded verification of security protocols): download https://github.com/tamarin-prover/tamarin-prover/ and then look in examples/ake/dh/ and examples/classic/ for each of the above mentioned protocols. This is just one way of demonstrating their invulnerability (in this case in the symbolic world), but you can also find proofs for (I believe) most of the above in the computational setting as well, which are generally stronger 'proofs', but mostly human constructed and verified. Martin On Fri, Dec 4, 2015 at 8:00 PM, <[email protected]> wrote: > Send Messaging mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://moderncrypto.org/mailman/listinfo/messaging > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Messaging digest..." > > > Today's Topics: > > 1. Can a pre-shared public key prevent MITM-attacks? (U.Mutlu) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 4 Dec 2015 03:03:27 +0100 > From: "U.Mutlu" <[email protected]> > To: [email protected] > Subject: [messaging] Can a pre-shared public key prevent MITM-attacks? > Message-ID: <[email protected]> > Content-Type: text/plain; charset=UTF-8; format=flowed > > On the following wiki page it's boldly claimed that "A pre-shared public > key > also prevents man-in-the-middle attacks" > https://en.wikipedia.org/wiki/Diffie?Hellman_key_exchange#Public_key : > "It is also possible to use Diffie?Hellman as part of a public key > infrastructure, allowing Bob to encrypt a message so that only Alice will > be > able to decrypt it, with no prior communication between them other than Bob > having trusted knowledge of Alice's public key. Alice's public key is > (g^a mod p, g, p). To send her a message, Bob chooses a random b and then > sends Alice g^b mod p (un-encrypted) together with the message encrypted > with symmetric key (g^a)^b mod p. Only Alice can determine the symmetric > key > and hence decrypt the message because only she has a (the private key). > A pre-shared public key also prevents man-in-the-middle attacks." > > I have my doubts. > What do others think of 'MITM prevention by using public key encryption'? > > > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > > > ------------------------------ > > End of Messaging Digest, Vol 357, Issue 1 > ***************************************** > -- Martin
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
