Analysis of Paramiko with Wireshark
Table of Content:
- Introduction
- Comparison between Paramiko and OpenSSH
- Diffie-Hellman Key Exchange Algorithm
- The Elliptic Curve Encryption Algorithm
- Conclusion
Introduction
During this analysis, I am going to use Wireshark and Paramiko. I already have a blog for both of them and how to set them up. To setup Wireshark click here and to setup Paramiko click here.
I am going to comment about the key exchange algorithm and the cryptography used to transfer packets and communication between the server and client.
Comparison between OpenSSH and Paramiko.
I already made a post on OpenSSH and the cryptography it uses. Click here to open the blog. To summaries it, OpenSSH uses a post Quantum cryptography algorithm called NTRU Prime. It uses the Diffie-Hellman key exchange. I will explain in detail what is the Diffie-Hellman key exchange is further down.
Here is a screenshot of the Wireshark capture of the Paramiko script.
As you can see Paramiko does not use the NTRU Prime algorithm when transferring packets. It uses the Elliptic Curve algorithm.
Diffie-Hellman Key Exchange Algorithm.
The Diffie–Hellman (DH) Algorithm is a key-exchange protocol that enables two parties communicating over public channel to establish a mutual secret without it being transmitted over the Internet.
Here is a diagram of how it is transmitted.
Diffie-Hellman Key Exchange Algorithm
This is one example of the DH key exchange algorithm. It deals with prime numbers, p and a base, g (primitive root of the prime). The table illustrate what key/values do each person know.
Explanation
Alice and Bob want to communicate privately without Eve knowing their conversation. So they decide a few things in advance. Everyone including Eve agree that p is 23 and g is 5.
Both Alice and Bob need to think of a number that is less than p. This number is known by one person. Then they use the formula
 |
| Equation used by both Alice and Bob. |
Lets call the value that Alice and Bob computed called partial-key. Then After Sharing the key, Alice and Bob who have each other's partial key, will use this equation on each other's partial-key.
The Value of both Alice and Bob after computing it should be the same. This value is will be their secret key to encrypt their messages.
The general formula for the DH key exchange is:
Looking at the diagram above that illustrate the DH key exchange, we can clearly see that Eve knows the value for p, g, A, B. Should not Eve know how to calculate the value of a and b if they knows the value of A = (g^(a) MOD p)? NOT.
It is easy to calculate MOD if you know the values, but it is extremely difficult to solve mathematically especially with extremely big numbers. It is nearly impossible to backtrack modulo.
Here is the Wikipedia page for Diffie-Hellman Key Exchange Algorithm.
The Elliptic Curve Encryption Algorithm
The Elliptic Curve Cryptography (ECC) is a plane curve over a finite field which consist of points satisfying the equation :
The ECC uses Private key and Public key.
Public key is used for encryption and signature verification and as the name suggest, it is publicly shared.
Private key is kept secret and is used for decryption and signing.
ECC choses a correct value of A and B in the equation above, the size of the finite field over which the curve operates and a specific base point on the curve.
ECC can have point operations like point addition and point multiplications.
ECC have key pair generation using the formula [public key = private key * base point].
In ECC, a coordinate is (public key, private key).
I do not know much about it as it is a bit more complex than this. This is just an overview of it.
Here is a much detail points of ECC.
Comments
Post a Comment