Implementing the Diffie -Hellman Key Agreement using Data Encryption Standard

Download Presentation

Implementing the Diffie -Hellman Key Agreement using Data Encryption Standard

Loading in 2 Seconds...

- 156 Views
- Uploaded on
- Presentation posted in: General

Implementing the Diffie -Hellman Key Agreement using Data Encryption Standard

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Implementing the Diffie -Hellman Key Agreement using Data Encryption Standard

Presented by:

Sahil Behl

Muhammad Rehan Fayyaz

Under the guidance of

Dr. Leszek Lilien

Dept. Of Computer Science

Western Michigan University.

- Many cryptographic algorithms (e.g., DES,AES, HMAC) require the establishment of shared keying material in advance.
- Manual distribution of keying material is inefficient and complex.
- Seek automated key establishment schemes. (Example
(X.509 Standard)

- Requirement of an algorithm that can use public key techniques to allow the exchange of a private encryption key.

Diffie – Hellman Key Agreement Algorithm:

Let's take a look at how the protocol works. Assume that

to users, Alice and Bob know nothing about each other but

are in contact.

The algorithm outlines a nine step process for the

communication:

1. Alice and Bob agree on two large positive integers, n and g, with the stipulation that n is a prime number and g is a generator of n.

2. Alice randomly chooses another large positive integer, XA, which is smaller than n. XA will serve as Alice's private key.

3. Bob similarly chooses his own private key, XB.

4. Alice computes her public key, YA, using the formula YA =

(g^XA) mod n.

5. Bob similarly computes his public key, YB, using the

formula YB = (g^XB) mod n.

6. Alice and Bob exchange public keys over the insecure

circuit.

7.Alice computes the shared secret key, k, using the formula k

= (YB ^XA) mod n.

8. Bob computes the same shared secret key, k, using the formula k = (YA ^XB) mod n.

9. Alice and Bob communicate with a symmetric algo. of their choice using shared key k.

- Architecture:

- Individual modules:
1. Diffie - Hellman Key Generator:

a) The classes used were

java.security.*;

java.security.spec.*;

java.security.interfaces.*;

javax.crypto.*;

javax.crypto.spec.*;

javax.crypto.interfaces.*;

com.sun.crypto.provider.SunJCE;

b) Alice generates her DH key pair using

KeyPairGenerator aliceKpairGen=KeyPairGenerator.getInstance("DH");

aliceKpairGen.initialize(dhSkipParamSpec);

KeyPair aliceKpair = aliceKpairGen.generateKeyPair();

c) Alice initializes her shared key object and sends her public key to Bob.

KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");

aliceKeyAgree.init(aliceKpair.getPrivate());

byte[] alicePubKeyEnc = aliceKpair.getPublic().getEncoded();

d) Bob receives Alice’s public key and creates his

own DH parameters.

KeyFactory bobKeyFac = KeyFactory.getInstance("DH");

X509EncodedKeySpec x509KeySpec = new

X509EncodedKeySpec(alicePubKeyEnc);

PublicKey alicePubKey = bobKeyFac.generatePublic(x509KeySpec);

e) Bob will send his own public key to Alice now

and Alice generates her shared key.

KeyFactory aliceKeyFac = KeyFactory.getInstance("DH");

x509KeySpec = new X509EncodedKeySpec(bobPubKeyEnc);

PublicKey bobPubKey = aliceKeyFac.generatePublic(x509KeySpec);

aliceKeyAgree.doPhase(bobPubKey, true);

f ) Similarly, Bob uses Alice’s public key to

generate his shared key

bobKeyAgree.doPhase(alicePubKey, true);

At this moment both parties have generated the same shared

key.

2. We then used the Data Encryption Standard to encipher the plaintext using the shared key that the DH Key Agreement algorithm generated.

3. Client and server modules:

- They were implemented using servlets.
- Tomcat was the application server
- The database connected to the server was pointbase.
- Ethereal was used as a Network Protocol Analyzer.

1.Denial of service Attacks:

-The attacker tries to stop Alice and Bob from

successfully carrying out the protocol.

Example: Deleting the messages that Alice and

Bob send to each other, or by overwhelming the parties with

unnecessary computation or communication.

2.Outsider Attacks:

-The attacker tries to disrupt the protocol (by for

example adding, removing, replaying messages) so that he

gets some interesting knowledge (i.e. information he could not

have gotten by just looking at the public values).

3.Insider Attacks:

- It is possible that one of the participants in a DH

protocol creates a breakable protocol run on purpose in order

to try to gain knowledge about the secret key of his peer.

- This is an important attack if one of the

participants holds a static secret key that is used in many

key agreement protocol runs. Note that malicious software

could be very successful in mounting this attack.

4.Man in the Middle Attacks:

- An active attacker (Oscar), capable of removing

and adding messages, can easily break the core DH protocol .

- By intercepting the public keys and replacing

them, Oscar (O) can fool Alice and Bob into thinking that

they share a secret key.

1.N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords (2005):[Center for Information Security Technologies (CIST), Korea University, Anam Dong, Sungbuk Gu, Seoul, Korea]

- The paper provides a method to securely and efficiently extend three-party case to N-party case with a formal proof of security.

- Two provably secure N-party EKE protocols are suggested.

- N-party EKE-U in the unicast network and N-party EKE-M in the multicast network.

2. An Authenticated Diffie-Hellman Key Agreement Protocol Secure Against Active Attacks

1. http://www.cc.gatech.edu/classes/cs8113e_96_winter

2. http://www.cryptography.com

3. http://www.cs.purdue.edu/homes/jiangx/02spring/

4. http://www.securitydocs.com

5. http://www.sans.org/rr/whitepapers/vpns/751.php

6. http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci8

76048,00.html

7. http://java.sun.com/docs/books/tutorial/i18n/text/string.html

8.http://forum.java.sun.com/thread.jspa?threadID=234706&me

ssageID=2524244

9.http://forum.java.sun.com/thread.jspa?threadID=283282&me

ssageID=1105080

10.http://forum.java.sun.com/thread.jspa?threadID=492193&m

essageID=2317123

Books:

1.Java Network Programming and Distributed Computing-

Davis Reilly – Michael Really.

2. Core Servlets and JSP- Marty Hall.

3.How to program Java – Deteil and Deteil.

Acknowledgements:

Dr. Leszek Lilien, Dept. of Computer Science, Western

Michigan University.

.