Implementing the Diffie -Hellman Key Agreement using Data Encryption Standard. Presented by : Sahil Behl Muhammad Rehan Fayyaz Under the guidance of Dr. Leszek Lilien Dept. Of Computer Science Western Michigan University. Motive.
Implementing the Diffie -Hellman Key Agreement using Data Encryption Standard
Muhammad Rehan Fayyaz
Under the guidance of
Dr. Leszek Lilien
Dept. Of Computer Science
Western Michigan University.
Diffie – Hellman Key Agreement Algorithm:
Let's take a look at how the protocol works. Assume that
to users, Alice and Bob know nothing about each other but
are in contact.
The algorithm outlines a nine step process for the
1. Alice and Bob agree on two large positive integers, n and g, with the stipulation that n is a prime number and g is a generator of n.
2. Alice randomly chooses another large positive integer, XA, which is smaller than n. XA will serve as Alice's private key.
3. Bob similarly chooses his own private key, XB.
4. Alice computes her public key, YA, using the formula YA =
(g^XA) mod n.
5. Bob similarly computes his public key, YB, using the
formula YB = (g^XB) mod n.
6. Alice and Bob exchange public keys over the insecure
7.Alice computes the shared secret key, k, using the formula k
= (YB ^XA) mod n.
8. Bob computes the same shared secret key, k, using the formula k = (YA ^XB) mod n.
9. Alice and Bob communicate with a symmetric algo. of their choice using shared key k.
1. Diffie - Hellman Key Generator:
a) The classes used were
b) Alice generates her DH key pair using
KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
c) Alice initializes her shared key object and sends her public key to Bob.
KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
byte alicePubKeyEnc = aliceKpair.getPublic().getEncoded();
d) Bob receives Alice’s public key and creates his
own DH parameters.
KeyFactory bobKeyFac = KeyFactory.getInstance("DH");
X509EncodedKeySpec x509KeySpec = new
PublicKey alicePubKey = bobKeyFac.generatePublic(x509KeySpec);
e) Bob will send his own public key to Alice now
and Alice generates her shared key.
KeyFactory aliceKeyFac = KeyFactory.getInstance("DH");
x509KeySpec = new X509EncodedKeySpec(bobPubKeyEnc);
PublicKey bobPubKey = aliceKeyFac.generatePublic(x509KeySpec);
f ) Similarly, Bob uses Alice’s public key to
generate his shared key
At this moment both parties have generated the same shared
2. We then used the Data Encryption Standard to encipher the plaintext using the shared key that the DH Key Agreement algorithm generated.
3. Client and server modules:
1.Denial of service Attacks:
-The attacker tries to stop Alice and Bob from
successfully carrying out the protocol.
Example: Deleting the messages that Alice and
Bob send to each other, or by overwhelming the parties with
unnecessary computation or communication.
-The attacker tries to disrupt the protocol (by for
example adding, removing, replaying messages) so that he
gets some interesting knowledge (i.e. information he could not
have gotten by just looking at the public values).
- It is possible that one of the participants in a DH
protocol creates a breakable protocol run on purpose in order
to try to gain knowledge about the secret key of his peer.
- This is an important attack if one of the
participants holds a static secret key that is used in many
key agreement protocol runs. Note that malicious software
could be very successful in mounting this attack.
4.Man in the Middle Attacks:
- An active attacker (Oscar), capable of removing
and adding messages, can easily break the core DH protocol .
- By intercepting the public keys and replacing
them, Oscar (O) can fool Alice and Bob into thinking that
they share a secret key.
1.N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords (2005):[Center for Information Security Technologies (CIST), Korea University, Anam Dong, Sungbuk Gu, Seoul, Korea]
- The paper provides a method to securely and efficiently extend three-party case to N-party case with a formal proof of security.
- Two provably secure N-party EKE protocols are suggested.
- N-party EKE-U in the unicast network and N-party EKE-M in the multicast network.
2. An Authenticated Diffie-Hellman Key Agreement Protocol Secure Against Active Attacks
1.Java Network Programming and Distributed Computing-
Davis Reilly – Michael Really.
2. Core Servlets and JSP- Marty Hall.
3.How to program Java – Deteil and Deteil.
Dr. Leszek Lilien, Dept. of Computer Science, Western