Keywords Session key, asymmetric, digital signature, cryptosystem, encryption.

Similar documents
1. Diffie-Hellman Key Exchange

Chapter 9 Public Key Cryptography. WANG YANG

L13. Reviews. Rocky K. C. Chang, April 10, 2015

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Key Management and Distribution

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Overview. Public Key Algorithms I

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Key Exchange. Secure Software Systems

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Lecture 2 Applied Cryptography (Part 2)

Public Key Algorithms

Chapter 9. Public Key Cryptography, RSA And Key Management

Encoding N-party Man-In-Middle Attack for Diffie Hellman Algorithm in a Client-Server Paradigm

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Public Key Cryptography

Public Key Algorithms

Chapter 3 Public Key Cryptography

Cryptography (Overview)

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Lecture 6 - Cryptography

Cryptography and Network Security

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Encryption. INST 346, Section 0201 April 3, 2018

CSC 474/574 Information Systems Security

Key Establishment and Authentication Protocols EECE 412

Spring 2010: CS419 Computer Security

Diffie-Hellman. Part 1 Cryptography 136

Cryptography and Network Security. Sixth Edition by William Stallings

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Information Security CS 526

E-commerce security: SSL/TLS, SET and others. 4.1

Computer Security 3/23/18

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Session key establishment protocols

Key Management and Elliptic Curves

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Public Key Cryptography and RSA

Session key establishment protocols

CS 161 Computer Security

Chapter 10 : Private-Key Management and the Public-Key Revolution

Chapter 7 Public Key Cryptography and Digital Signatures

Public Key Algorithms

Kurose & Ross, Chapters (5 th ed.)

CSC/ECE 774 Advanced Network Security

This is an author produced version of Security Analysis of Integrated Diffie-Hellman Digital Signature Algorithm Protocols.

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

LECTURE NOTES ON PUBLIC- KEY CRYPTOGRAPHY. (One-Way Functions and ElGamal System)

Cryptographic Systems

Security in Distributed Systems. Network Security

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Uzzah and the Ark of the Covenant

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion

Diffie-Hellman Protocol as a Symmetric Cryptosystem

Key Agreement Schemes

CSC 774 Network Security

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

CPSC 467: Cryptography and Computer Security

Fall 2010/Lecture 32 1

An IBE Scheme to Exchange Authenticated Secret Keys

KALASALINGAM UNIVERSITY

ISSN: (Online) Volume 3, Issue 5, May 2015 International Journal of Advance Research in Computer Science and Management Studies

Diffie-Hellman Key Agreement

CPSC 467: Cryptography and Computer Security

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

SSH PK Authentication and Auto login configuration for Chassis Management Controller

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

T Cryptography and Data Security

PROTECTING CONVERSATIONS

Real-time protocol. Chapter 16: Real-Time Communication Security

CIS 4360 Secure Computer Systems Applied Cryptography

Introduction to Cryptography and Security Mechanisms. Abdul Hameed

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

CT30A8800 Secured communications

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CS 494/594 Computer and Network Security

Network Security. Chapter 8. MYcsvtu Notes.

Making and Breaking Ciphers

Cryptographic Protocols 1

Ideal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Number Theory and RSA Public-Key Encryption

1.264 Lecture 28. Cryptography: Asymmetric keys

Network Security Issues and Cryptography

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Network Encryption. Dr. Michael Ritter. September 18 th, 2015

Implementation and Benchmarking of Elliptic Curve Cryptography Algorithms

Security Handshake Pitfalls

CS Computer Networks 1: Authentication

CS669 Network Security

Transcription:

Volume 3, Issue 7, July 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Review of Diffie Hellman key Exchange Sunita Asst. Professor(CSE & IT Dept.) B.P.S Mahila Vishwavidhalaya Khanpur Kalan, Sonepat, India Neeraj Goyat, Annu Malik Network Security B.P.S Mahila Vishwavidhalaya Khanpur Kalan, Sonepat,India Abstract Deffie-hellman key exchange algorithm is an asymmetric key cryptosystem. It is designed for only exchanging the secret keys. The purpose of this algorithm is to enable the two entities, who want to communicate, to jointly establish the shared secret key, also called session key, over an insecure communication channel, example internet, to exchange the data without having to remember or store the session key. Once both the party agrees on the key to be used, they need to use another symmetric key encryption algorithm for actual encryption or decryption of message or data to be send. This key exchange scheme is neither used for encryption or decryption nor for digital signature. Keywords Session key, asymmetric, digital signature, cryptosystem, encryption. I. INTRODUCTION The Diffie-Hellman key exchange protocol is a cryptographic protocol that was developed by Whitfield Diffie and Martin Hellman in 1976, although it was later alleged that it had been separately invented a few years earlier within GCHQ, the British signals intelligence agency, by Malcolm J. Williamson but was kept classified.it was the first published public key algorithm in the ground-breaking paper "New Directions in Cryptography" that define the public key cryptography. It can be called with various names:- Diffie-Hellman key agreement Diffie-Hellman key establishment Diffie-Hellman key negotiation Exponential key exchange Diffie Hellman protocol Diffie Hellman handshake This algorithm is an anonymous i.e. non-authenticated, key-agreement protocol that provides the basis for a variety of authenticated protocols which is used to provide perfect forward secrecy in Transport Layer Security's short-lived modes. It is the example of the key exchange implemented within the field of cryptography.the motive of this protocol is to enable two users that have no prior knowledge of each other to securely exchange a secret value over an insecure channel (i.e. not protected from the interception but is protected from modification) and then agree on the secret key, if both the party computes the same value for the key. And that key will be used for the encryption of the message using a symmetric key cipher. Firstly both the parties agree on a non secret value i.e. public key which may be certified so that the parties can be authenticated and there may be a combination of these attributes. This algorithm is only used and limited to exchange the secret values. This algorithm was followed shortly afterwards by RSA, another implementation of public key cryptography using asymmetric algorithms. This algoritm is based on the difficulty of computing discrete logarithms of large numbers. There are no known successful attack strategies. Diffie Hellman establishes a shared secret that can be used for secret communications by exchanging data over a public network. The following diagram illustrates the general idea of that how the key will be exchanged by using shape instead of a very large number. The key part of the process is that Ayog and Eila exchange their secret shape in a mix only. Firstly they will agree on a common shape which is non secret i.e. a rectangle. And then they have their own private shape i.e. a secret shape, after that they will share the figure which is the mixture of secret and non secret shapes. Finally this generates an identical key that is mathematically difficult (impossible for modern supercomputers to do in a reasonable amount of time) to reverse for another party that might have been listening in on them. Ayog and Eila now use this common secret to encrypt and decrypt their sent and received data. Note that the rectangle shape is already agreed by Ayog and Eila: 2013, IJARCSSE All Rights Reserved Page 285

Fig (a) General illustration of deffie-hellman key exchange II. METHODOLOGY Description of the algorithm:- Now we will assume that Ayog and Eila want to agree upon a key to be used for encryption/decryption messages that would be exchanged between them. Following are the steps:- Finally, Ayog and Eila agree on two publicly known numbers: a prime number m and an integer n that is a prime root of m. Ayog selects a random integer <m and calculates = n^ mod m. Ayog sends the number to Eila. Eila selects a random integer <m and calculates = n^ mod m Eila sends the number to Ayog. Ayog computes the key as = ^ mod m. Eila computes the key as = ^ mod m. These two calculations produce the identical values. And the result is that the two sides have exchanged a secret value. This is shown diagrammatically in fig(b). 2013, IJARCSSE All Rights Reserved Page 286

Fig (b) Deffie-hellman key exchange Algorithm III. EXAMPLE Let us now take a simple example to prove that Diffie Hellman works in practical situation. Here we will take very small values for ease of understanding. But in real life,these values are very large.the process of key agreement is as shown below:- Fig (c) Diffie-hellman key exchange example In this example, k1 is actually equal to k2.this means that k1= k2 =9 is the symmetric key, which Ayog and Eila must keep secret and henceforth use for encrypting/decrypting their messages with. 2013, IJARCSSE All Rights Reserved Page 287

IV. MAN IN MIDDLE ATTACK The Diffie-Hellman key exchange is vulnerable to a man-in-the-middle attack. In this attack, an opponent Yan intercepts Ayog's public value and sends her own public value to Eila. When Eila transmits his public value, Yan substitutes it with her own and sends it to Ayog. Yan and Ayog thus agree on one shared key and Yan and Eila agree on another shared key. After this exchange, Yan simply decrypts any messages sent out by Ayog or Eila, and then reads and possibly modifies them before re-encrypting with the appropriate key and transmitting them to the other party. This vulnerability is present because Diffie-Hellman key exchange does not authenticate the participants. This problem is also called BUCKET BRIGADE ATTACK. The attack proceeds as follows:- Yan prepares for the attack by generating two random private keys 1and 2,and then computing the corresponding public keys and. Ayog will transmit to Eila. Yan intercepts and transmits 1 to Eila. Yan also calculates k2=( )^ 1 mod ᶆ. Eila receives 1 and calculates k1=( 1)^ mod ᶆ. Eila transmits to Ayog. Yan intercepts and transmits 2 to Ayog. Yan also calculates k1=( )^ 1 mod ᶆ. Ayog receives 1 and calculates k2=( 2)^ mod ᶆ. Now at this point, Ayog and Eila think that they share a private key, but unfortunately Ayog and Yan will share secret key k1 and Eila and Yan will share secret key k2. Whenever there will be communication between Ayog and Eila that is compromised in the following ways:- Ayog sends an encrypted message msg:e(k2,msg). Yan intercepts the encrypted message and decrypt it, to recover msg. Yan sends Eila E(k1,msg) or E(k1,msg ), where is any message. Here Yan can simply read the message and send the same message to Eila as it was send by the Ayog or Yan can change or modify the message and send the modified message to Eila. This key exchange protocol is not suitable to such an attack because it does not authenticate the participants. Fig(d) V. SOLUTION Possible solutions include the use of digital signatures and other protocol variants. And it follows with the authenticated version. The basic idea is as follows:- Prior to execution of the protocol, the two parties Ayog and Eila each obtain a public/private key pair and a certificate for the public key. During the protocol, Ayog computes a signature on certain messages, covering the public value n^ 2013, IJARCSSE All Rights Reserved Page 288

mod m. Eila proceeds in a similar way. Even though Yan is still able to intercept messages between Ayog and Eila, she cannot forge signatures without Ayog's private key and Bob's private key. Hence, the enhanced protocol defeats the manin-the-middle attack. So, the basic version is susceptible to a man-in-middle attack, the authenticated version that usespublic key certificates is not. VI. APPLICATION Diffie-Hellman is currently used in many protocols, namely: Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Secure Shell (SSH) Internet Protocol Security (IPSec) Public Key Infrastructure (PKI) REFRENCES [1]. William Stallings, Cryptography and Network Security [2]. http://en.wikipedia.org/wiki/diffie%e2%80%93hellman_key_exchange [3]. http://www.rsa.com/rsalabs/node.asp?id=2248 [4]. http://searchsecurity.techtarget.com/definition/diffie-hellman-key-exchange 2013, IJARCSSE All Rights Reserved Page 289

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback