CS595/CS603-Fall 2005 1 Implementation of the Diffie-Hallman Key Exchange Sahil Behl and Muhammad Rehan Fayyaz Abstract—The spectacular growth of the Internet has spawned an increased awareness of and interest in security issues. This document will describe the implementation of the Deffie-Hallman key exchange algorithm. How message will be encrypted and decrypted with shared key. It describes about scenario and tools are being used to implement Deffie-Hallman key exchange algorithm Index Terms— Diffie-Hellman, Encryption and Decryption, Data Encryption Standard, Shared Key I. INTRODUCTION S Ecurity is big issue in the internet world now days because every body wants to transfer their private data securely without interception from any unreliable third party. DiffieHellman key exchange offers the best of both worlds -- it uses public key techniques to allow the exchange of a private encryption key. The client and server will exchange their public keys and they will agree to communicate using a shared key object. Encryption and decryption will then be done using an encryption algorithm such as DES that uses this shared key. Let's take a look at how the protocol works, from the perspective of Alice and Bob, two users who wish to establish secure communications. We can assume that Alice and Bob know nothing about each other but are in contact. Here are the nine steps of the process: 1. Communicating in the clear, Alice and Bob agree on two large positive integers, n and g, with the stipulation that n is a prime number and g is a generator of n. 2. Alice randomly chooses another large positive integer, XA, which is smaller than n. XA will serve as Alice's private key. 3. Bob similarly chooses his own private key, XB. 4. Alice computes her public key, YA, using the formula YA = (g^XA) mod n. 5. Bob similarly computes his public key, YB, using the formula YB = (g^XB) mod n. 6. Alice and Bob exchange public keys over the insecure circuit. 7. Alice computes the shared secret key, k, using the formula k = (YB ^XA) mod n. 8. Bob computes the same shared secret key, k, using the formula k = (YA ^XB) mod n. 9. Alice and Bob communicate using the symmetric algorithm of their choice and the shared secret key, k, which was never transmitted over the insecure circuit. CS595/CS603-Fall 2005 2 II. ARCHITECTURE The architecture is very simple. servlets are being used on client and server sides. Client encrypts the data with shared key and send to server. Server decrypts the data with shared key stored it in the database. A. DH Key Generator Algorithm The DH key generator algorithm will generate the shared key for the client and the server using the public and private keys. Key pair generators are constructed using the getInstance factory methods (static methods that return instances of a given class). A Key pair generator for a particular algorithm creates a public/private key pair that can be used with this algorithm. It also associates algorithm-specific parameters with each of the generated keys. Shared Key using FileInputStream (from the file into which the DH algorithm writes the shared key) Read Generate Shared DES Key Cipher from file (Using method shared Key) Plain Text FIGURE 02 DH Key Generator Algorithm Server Encrypt Data Text message Encrypt the plaintext message using cipher Send the encrypted message to the servlet. HTML Generates shared key Client To servlet using URL Redirecting DB Log data HTML C. Server The server itself is a simple servlet that is connected to a database. It receives the encrypted message from the client and decrypts it using the shared key object generated by the Diffie-Hellman algorithm and DES (in DECRYPT mode). Once the message has been decrypted the server will store the message into the database, which can be retrieved at a later stage. FIGURE 01 B. Client The client program was implemented using Java servlets and a HTML page that invokes the servlet. The user enters the data to be sent via the HTML page which then invokes the Client servlet. The servlet then encrypts this data using the shared key object generated by the Diffie-Hellman Key Agreement algorithm and the Data Encryption Standard (in ENCRYPT mode) and send it over to the server. The client servlet uses URL Redirection to send the encrypted message from the client to the server. Shared Key using FileInputStream (from the file into which the DH algorithm writes the shared key) Read Shared Decrypt Key from file the Method message Read using Encrypted shared Message key object Encrypted Message Plain Text (From client) To servlet using URL Redirecting Log the decrypted data into the database Display the encrypted data as the output Write message into database OUTPUT on screen. FIGURE 03 III. SECURITY ISSUES WITH DH ALGORITHM 1. Denial of service Attacks: -The attacker tries to stop Alice and Bob from successfully carrying out the protocol. Example: Deleting the messages that Alice and Bob send to each other, or by CS595/CS603-Fall 2005 overwhelming the parties with unnecessary computation or communication. 2. Outsider Attacks: -The attacker tries to disrupt the protocol (by for example adding, removing, replaying messages) so that he gets some interesting knowledge (i.e. information he could not have gotten by just looking at the public values). 3. Insider Attacks: - It is possible that one of the participants in a DH protocol creates a breakable protocol run on purpose in order to try to gain knowledge about the secret key of his peer. - This is an important attack if one of the participants holds a static secret key that is used in many key agreement protocol runs. Note that malicious software could be very successful in mounting this attack. 4. Man in the Middle Attacks: - An active attacker (Oscar), capable of removing and adding messages, can easily break the core DH protocol . - By intercepting the public keys and replacing them, Oscar (O) can fool Alice and Bob into thinking that they share a secret key. IV. FUTURE WORK 1. Exchange the shared key generated by the Diffie - Hellman algorithm over the network. (We had problems transferring a PublicKey object over the network) 2. Implement the Diffie-Hellman algorithm using other encryption algorithms and compare them. ACKNOWLEDGMENT Dr. Leszek Lilien, Department of Computer Science, Western Michigan University. REFERENCES [1] [2] [3] [4] [5] [6] [7] [8] [9] http://www.cc.gatech.edu/classes/cs8113e_96_winter/ http://www.cs.purdue.edu/homes/jiangx/02spring/http://www.cryptography.com/http://java.sun.com/docs/books/tutorial/i18n/text/string.ht ml - Visited on 11/15/2005, http://forum.java.sun.com/thread.jspa?threadID=234706& messageID=2524244 http://forum.java.sun.com/thread.jspa?threadID=283282& messageID=1105080 http://forum.java.sun.com/thread.jspa?threadID=492193& messageID=2317123: http://www.unix.org.ua/orelly/java-ent/jenut/ch02_06.htm http://javaalmanac.com/egs/java.nio/CreateBuf.html?l=rel 3