Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Java Programming

Implementation of the Diffie-Hellman Key Exchange

advertisement 
CS 595/603 – Fall 2005
Project – D-H Key Agreement using DES
Implementation of the Diffie-Hellman Key Exchange
CS 603 – Fall 2005
Final Project Report
Dr. Leszek Lilien
Submitted by:
Sahil Behl
Muhammad Rehan Fayyaz
Motive:
The spectacular growth of the Internet has spawned an increased awareness of and interest in
security issues. Although security has been considered in the design of the basic Internet
protocols, many applications have been and are being designed with minimal attention paid
to issues of confidentiality, authentication, and privacy. As our daily activities become more
and more reliant upon data networks, the importance of an understanding of such security
issues will only increase. Many cryptographic algorithms (e.g., DES,AES, HMAC) require
the establishment of shared keying material in advance. Manual distribution of keying
material is inefficient and complex. This is where the Diffie-Hellman Key Agreement
algorithm is useful.
Project Description:
The motive of the project is to review and implement the Diffie-Hellman key exchange
protocol and study its applications especially for the internet key exchange.
Create a web page for an electronic business. Encipher sensitive data such as customer credit
number, SSN etc before transporting them from client to server.
The idea is simple, the customer access the website powered by our simple http server, our
web server will reply with a java servlet. The client will communicate with server by DiffieHellman key-exchange protocol to generate the common shared key which is used in the later
communication. After key exchange, both server and client will use the shared key to
encipher and decipher the sensitive data such as customer credit number, SSN etc
CS 595/603 – Fall 2005
Project – D-H Key Agreement using DES
Brief Description of Individual modules:
Diffie-Hellman Key Exchange algorithm.
Diffie-Hellman key exchange offers the best of both worlds -- it uses public key techniques
to allow the exchange of a private encryption key. Let's take a look at how the protocol
works, from the perspective of Alice and Bob, two users who wish to establish secure
communications. We can assume that Alice and Bob know nothing about each other but are
in contact.
Here are the nine steps of the process:
1. Communicating in the clear, Alice and Bob agree on two large positive integers, n
and g, with the stipulation that n is a prime number and g is a generator of n.
2. Alice randomly chooses another large positive integer, XA, which is smaller than n. XA
will serve as Alice's private key.
3. Bob similarly chooses his own private key, XB.
4. Alice computes her public key, YA, using the formula YA = (g^XA) mod n.
5. Bob similarly computes his public key, YB, using the formula YB = (g^XB) mod n.
6. Alice and Bob exchange public keys over the insecure circuit.
7. Alice computes the shared secret key, k, using the formula k = (YB ^XA) mod n.
8. Bob computes the same shared secret key, k, using the formula k = (YA ^XB) mod n.
9. Alice and Bob communicate using the symmetric algorithm of their choice and the
shared secret key, k, which was never transmitted over the insecure circuit.
Working of the program:

The algorithm generates a public key and a private key for the client (say Alice)
CS 595/603 – Fall 2005
Project – D-H Key Agreement using DES
KeyPairGenerator aliceKpairGen=KeyPairGenerator.getInstance("DH");
aliceKpairGen.initialize(dhSkipParamSpec);
KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
The KeyPairGenerator class is used to generate pairs of public and private keys.
Key pair generators are constructed using the getInstance factory methods (static
methods that return instances of a given class).
A Key pair generator for a particular algorithm creates a public/private key pair that
can be used with this algorithm. It also associates algorithm-specific parameters with
each of the generated keys.
(Ref. http://java.sun.com/j2se/1.4.2/docs/api/java/security/KeyPairGenerator.html)

Alice then encodes her public key and sends it to Bob, who then retrieves the DH
parameters associated with Alice’s public key and uses it to generate his own key
pair.
DHParameterSpec dhParamSpec =((DHPublicKey)alicePubKey).getParams();

Bob initializes his own DH key pair
KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
bobKpairGen.initialize(dhParamSpec);
KeyPair bobKpair = bobKpairGen.generateKeyPair();

Bob encodes his public key and sends it over to Alice
byte[] bobPubKeyEnc = bobKpair.getPublic().getEncoded();
At this stage, both Bob and Alice have created their public and private keys, and have
exchanged their public keys. The will now generate a shared key.
CS 595/603 – Fall 2005
Project – D-H Key Agreement using DES
Alice shared key:
aliceKeyAgree.doPhase(bobPubKey, true);
int aliceLen = aliceSharedSecret.length;
Bob Shared Key:
byte[] bobSharedSecret = new byte[aliceLen];

Bob and Alice write down their shared keys into a file, which are then read by the
server and client servlets respectively.
(Please find the attached code for the entire DiffieHellman.java program in the appendix)
Client:

The client program was implemented using Java servlets and a HTML page that
invokes the servlet.

The user enters the data to be sent via the HTML page which then invokes the Client
servlet.

The servlet then encrypts this data using the shared key object generated by the
Diffie-Hellman Key Agreement algorithm and the Data Encryption Standard (in
ENCRYPT mode) and send it over to the server.

The client servlet uses URL Redirection to send the encrypted message from the
client to the server.
(Please find the attached code for Client.java in the appendix)
.
Server:

The server itself is a simple servlet that is connected to a database.

It receives the encrypted message from the client and decrypts it using the shared key
object generated by the Diffie-Hellman algorithm and DES (in DECRYPT mode).

Once the message has been decrypted the server will store the message into the
database, which can be retrieved at a later stage.
(Please find the attached code for the server in the appendix)
CS 595/603 – Fall 2005
Project – D-H Key Agreement using DES
Non- Mathematical Representation:
(Ref: http://www.securitydocs.com/library/2978)
CS 595/603 – Fall 2005
Project – D-H Key Agreement using DES
Architecture:
The architecture for the entire implementation process is as follows:
a. High Level Architecture:
Generates shared
key for client
DH Key Generator
Algorithm
Generates shared key
for server
CLIENT
(Servlet)
Encrypt Data using
DES + D.H
SERVER
(Servlet)
Stores Decrypted
Data
Database
Pointbase
Retrieving Data
HTML Page
FIGURE 01
The descriptions of the individual modules are as follows
(Please refer next page)
CS 595/603 – Fall 2005
Project – D-H Key Agreement using DES
b). Individual Modules:
(i) Client :
Shared Key using FileInputStream
(from the file into which the DH
algorithm writes the shared key)
Read Shared Key from
file
Generate DES
Cipher
Encrypt Plaintext message
using cipher
Read plaintext using the
doGet function using get
parameter method
(Using shared
Key)
Send the encrypted message
to the servlet.
(i)
(ii)
HTML
Plain Text
To servlet
using URL
Redirecting
(iii)
FIGURE 02
(ii) Server :
Shared Key using FileInputStream
(from the file into which the DH
algorithm writes the shared key)
Read Shared Key from
file
Encrypted
message
Read encrypted message
using the doGet function
using get parameter
method
Decrypt the message
using the shared
key object and DES
(in DECRYPT
mode).
Log the decrypted data
into the database.
Display the encrypted
and decrypted data as the
output
( from client)
Write message
into database
(i)
(ii)
FIGURE 03
(iii)
OUTPUT
on screen.
CS 595/603 – Fall 2005
Project – D-H Key Agreement using DES
Goals accomplished :
Please refer to the to do list in the checkpoint report.
(Attached to the appendix)
Sr. No.
Tasks
Description
Date
Implement the Diffie1
Integration of the modules.
Hellman algorithm within
Done
the client - server model we
have created.
2
Testing the modules
Test each module individually
and collectively.
Done
We will use Ethereal, to sniff
3
Use a network sniffer
the messages being exchanged
between the client and the
Done
server.
Project manuals created at
4
Project Documentation
each phase of software
Done
development.
Connect a database to the
Implement a database
5 (OPTIONAL)
servlet to store the messages
received from the client. The
Done
servlet itself is stateless
Example :
Encrypted message
Plaintext
Shared Key (in
(received as string)
text format)
(received as string) –
padded
Encrypted
message
(bytes)
Decrypted message
CS 595/603 – Fall 2005
Project – D-H Key Agreement using DES
›«LRû
hello
2NnxBDxYFJY=
[B@6214f5
hello
Technologies used:
NOTE:

Please put the class files of the servlets in the /webapps/ROOT/WEB-INF/classes
directory of tomcat.

Please put the HTML page in the /webapps/ROOT directory of tomcat.
1) Servlets:
a) ShowParameters.java
b) Client.java
(Please find the attached source code in the appendix)
2) Java classes:
a) DiffieHellman.java
b) ServletUtilities.java
(Please find the attached source code in the appendix)
3) Encryption algorithms:
Key Agreement
a) Diffie – Hellman Key Agreement
Algorithm used to encipher plain text
a) Data Encryption Standard (DES)
4) Application server:
a) Tomcat.
CS 595/603 – Fall 2005
Project – D-H Key Agreement using DES
(Downloaded from: http://www.coreservlets.com/Apache-Tomcat-Tutorial/)
5) JDBC (Pointbase):
a) ShowParameters.java
(Comes with J2EE )
6) URL Redirecting:
a) Client.java
7) Network Protocol Analyzer:
a) Ethereal
8) HTML:
Form Data
a) login.html
Tables
a) ShowParameters.java
Security Issues:
1. Denial of service Attacks:
-The attacker tries to stop Alice and Bob from successfully carrying out the protocol.
Example: Deleting the messages that Alice and Bob send to each other, or by overwhelming
the parties with unnecessary computation or communication.
2. Outsider Attacks:
-The attacker tries to disrupt the protocol (by for example adding, removing,
replaying messages) so that hegets some interesting knowledge (i.e. information he could not
CS 595/603 – Fall 2005
Project – D-H Key Agreement using DES
have gotten by just looking at the public values).
3. Insider Attacks:
- It is possible that one of the participants in a DH protocol creates a breakable
protocol run on purpose in order to try to gain knowledge about the secret key of his peer.
- This is an important attack if one of the participants holds a static secret key that
is used in many key agreement protocol runs. Note that malicious software
could be very successful in mounting this attack.
4. Man in the Middle Attacks:
- An active attacker (Oscar), capable of removing and adding messages, can easily
break the core DH protocol .
- By intercepting the public keys and replacing them, Oscar (O) can fool Alice and
Bob into thinking that they share a secret key.
Future Work:
1. Exchange the shared key generated by the Diffie - Hellman algorithm over the
network.
(We had problems transferring a PublicKey object over the network)
2. Implement the Diffie-Hellman algorithm using other encryption algorithms and
compare them.
CS 595/603 – Fall 2005
Project – D-H Key Agreement using DES
References:
Websites:
1. http://www.cc.gatech.edu/classes/cs8113e_96_winter/ - Visited on 09/16/2005 –
college website
2. http://www.cryptography.com/- Visited on 09/18/2005
3. http://www.cs.purdue.edu/homes/jiangx/02spring/- Visited on 09/18/2005
4. http://www.securitydocs.com - Visited on 09/14/2005 – Network Security White papers
5. http://www.sans.org/rr/whitepapers/vpns/751.php - Visited on 09/17/2005 – SANS Institute
2001, a paper on the Diffie – Hellman Algorithm and its use in secure Internet
protocols.
6. http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci876048,00.html –Visited on
09/23/2005, Network Security Webpage.
7. http://java.sun.com/docs/books/tutorial/i18n/text/string.html - Visited on 11/15/2005,
Reason: was getting an exception while encoding the encrypted message, searched on
Google.
8. http://forum.java.sun.com/thread.jspa?threadID=234706&messageID=2524244 :
Visited on 11/18/2005. It is a java forum. Reason: was getting badPaddingException,
searched on Google.
9. http://forum.java.sun.com/thread.jspa?threadID=283282&messageID=1105080:
Visited on 11/23/2005. It is a java forum. Reason: searching for a way to store and
restore a key. Searched on Google.
10. http://forum.java.sun.com/thread.jspa?threadID=492193&messageID=2317123:
Visited on 11/24/2005. It is a java forum. Reason: was getting an exception
IllegalBlockSizeException. Searched on Google.
11. http://www.unix.org.ua/orelly/java-ent/jenut/ch02_06.htm : Visited 11/26/2005.It was
useful for writing the code to store data into the database.
12. http://javaalmanac.com/egs/java.nio/CreateBuf.html?l=rel :Visited 11/25/2005.
Useful for exchanging data between the servlets.
CS 595/603 – Fall 2005
Project – D-H Key Agreement using DES
Books:
1.
Java Network Programming and Distributed Computing- Davis Reilly – Michael
Really.
2.
Core Servlets and JSP- Marty Hall.
3.
How to program Java – Deteil and Deteil.
Acknowledgements:
1. Dr. Leszek Lilien
Department of Computer Science, Western Michigan University.
Appendix:
The appendix consists of:
1. The source code of the programs.
2. The IEEE paper for this implementation
3. The powerpoint presentation slides.
4. The JavaDocs of the classes used in the programs
Related documents
Homework
Homework
Virtual hands-on workshop : “Enjoyable Introduction to Programming
Virtual hands-on workshop : “Enjoyable Introduction to Programming
cs772MidtermFall14
cs772MidtermFall14
Polyglot: An Extensible Compiler Framework for Java
Polyglot: An Extensible Compiler Framework for Java
HW9
HW9
Career-Lesson
Career-Lesson
RSA implementation by Tom Chiari
RSA implementation by Tom Chiari
WORDij_Installation_for_Windows
WORDij_Installation_for_Windows
Download
advertisement
Study collections