Implementing the Diffie -Hellman Key Agreement using Data Encryption Standard Presented by: Sahil Behl Muhammad Rehan Fayyaz Under the guidance of Dr. Leszek Lilien Dept. Of Computer Science Western Michigan University.
Motive • Many cryptographic algorithms (e.g., DES,AES, HMAC) require the establishment of shared keying material in advance. • Manual distribution of keying material is inefficient and complex. • Seek automated key establishment schemes. (Example (X.509 Standard) • Requirement of an algorithm that can use public key techniques to allow the exchange of a private encryption key.
Solution… Diffie – Hellman Key Agreement Algorithm: Let's take a look at how the protocol works. Assume that to users, Alice and Bob know nothing about each other but are in contact. The algorithm outlines a nine step process for the communication: 1. Alice and Bob agree on two large positive integers, n and g, with the stipulation that n is a prime number and g is a generator of n. 2. Alice randomly chooses another large positive integer, XA, which is smaller than n. XA will serve as Alice's private key.
DH Key Agreement algorithm 3. Bob similarly chooses his own private key, XB. 4. Alice computes her public key, YA, using the formula YA = (g^XA) mod n. 5. Bob similarly computes his public key, YB, using the formula YB = (g^XB) mod n. 6. Alice and Bob exchange public keys over the insecure circuit. 7.Alice computes the shared secret key, k, using the formula k = (YB ^XA) mod n. 8. Bob computes the same shared secret key, k, using the formula k = (YA ^XB) mod n. 9. Alice and Bob communicate with a symmetric algo. of their choice using shared key k.
Implementation • Architecture:
Implementation • Individual modules: 1. Diffie - Hellman Key Generator: a) The classes used were java.security.*; java.security.spec.*; java.security.interfaces.*; javax.crypto.*; javax.crypto.spec.*; javax.crypto.interfaces.*; com.sun.crypto.provider.SunJCE; b) Alice generates her DH key pair using KeyPairGenerator aliceKpairGen=KeyPairGenerator.getInstance("DH"); aliceKpairGen.initialize(dhSkipParamSpec); KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
Implementation c) Alice initializes her shared key object and sends her public key to Bob. KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH"); aliceKeyAgree.init(aliceKpair.getPrivate()); byte alicePubKeyEnc = aliceKpair.getPublic().getEncoded(); d) Bob receives Alice’s public key and creates his own DH parameters. KeyFactory bobKeyFac = KeyFactory.getInstance("DH"); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(alicePubKeyEnc); PublicKey alicePubKey = bobKeyFac.generatePublic(x509KeySpec); e) Bob will send his own public key to Alice now and Alice generates her shared key.
Implementation KeyFactory aliceKeyFac = KeyFactory.getInstance("DH"); x509KeySpec = new X509EncodedKeySpec(bobPubKeyEnc); PublicKey bobPubKey = aliceKeyFac.generatePublic(x509KeySpec); aliceKeyAgree.doPhase(bobPubKey, true); f ) Similarly, Bob uses Alice’s public key to generate his shared key bobKeyAgree.doPhase(alicePubKey, true); At this moment both parties have generated the same shared key. 2. We then used the Data Encryption Standard to encipher the plaintext using the shared key that the DH Key Agreement algorithm generated.
Implementation 3. Client and server modules: • They were implemented using servlets. • Tomcat was the application server • The database connected to the server was pointbase. • Ethereal was used as a Network Protocol Analyzer.
Security Issues with DH 1.Denial of service Attacks: -The attacker tries to stop Alice and Bob from successfully carrying out the protocol. Example: Deleting the messages that Alice and Bob send to each other, or by overwhelming the parties with unnecessary computation or communication. 2.Outsider Attacks: -The attacker tries to disrupt the protocol (by for example adding, removing, replaying messages) so that he gets some interesting knowledge (i.e. information he could not have gotten by just looking at the public values).
Security Issues with DH 3.Insider Attacks: - It is possible that one of the participants in a DH protocol creates a breakable protocol run on purpose in order to try to gain knowledge about the secret key of his peer. - This is an important attack if one of the participants holds a static secret key that is used in many key agreement protocol runs. Note that malicious software could be very successful in mounting this attack. 4.Man in the Middle Attacks: - An active attacker (Oscar), capable of removing and adding messages, can easily break the core DH protocol . - By intercepting the public keys and replacing them, Oscar (O) can fool Alice and Bob into thinking that they share a secret key.
Current and future research 1.N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords (2005):[Center for Information Security Technologies (CIST), Korea University, Anam Dong, Sungbuk Gu, Seoul, Korea] - The paper provides a method to securely and efficiently extend three-party case to N-party case with a formal proof of security. - Two provably secure N-party EKE protocols are suggested. - N-party EKE-U in the unicast network and N-party EKE-M in the multicast network. 2. An Authenticated Diffie-Hellman Key Agreement Protocol Secure Against Active Attacks
References and Acknowledgements 1. http://www.cc.gatech.edu/classes/cs8113e_96_winter 2. http://www.cryptography.com 3. http://www.cs.purdue.edu/homes/jiangx/02spring/ 4. http://www.securitydocs.com 5. http://www.sans.org/rr/whitepapers/vpns/751.php 6. http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci8 76048,00.html 7. http://java.sun.com/docs/books/tutorial/i18n/text/string.html 8.http://forum.java.sun.com/thread.jspa?threadID=234706&me ssageID=2524244 9.http://forum.java.sun.com/thread.jspa?threadID=283282&me ssageID=1105080 10.http://forum.java.sun.com/thread.jspa?threadID=492193&m essageID=2317123
References and Acknowledgements Books: 1.Java Network Programming and Distributed Computing- Davis Reilly – Michael Really. 2. Core Servlets and JSP- Marty Hall. 3.How to program Java – Deteil and Deteil. Acknowledgements: Dr. Leszek Lilien, Dept. of Computer Science, Western Michigan University. .