iii. security issues with dh algorithm - Computer Science

advertisement
CS595/CS603-Fall 2005
1
Implementation of the Diffie-Hallman Key
Exchange
Sahil Behl and Muhammad Rehan Fayyaz

Abstract—The spectacular growth of the Internet has spawned
an increased awareness of and interest in security issues. This
document will describe the implementation of the Deffie-Hallman
key exchange algorithm. How message will be encrypted and
decrypted with shared key. It describes about scenario and tools
are being used to implement Deffie-Hallman key exchange
algorithm
Index Terms— Diffie-Hellman, Encryption and Decryption,
Data Encryption Standard, Shared Key
I. INTRODUCTION
S
Ecurity is big issue in the internet world now days because
every body wants to transfer their private data securely
without interception from any unreliable third party. DiffieHellman key exchange offers the best of both worlds -- it uses
public key techniques to allow the exchange of a private
encryption key. The client and server will exchange their
public keys and they will agree to communicate using a shared
key object. Encryption and decryption will then be done using
an encryption algorithm such as DES that uses this shared key.
Let's take a look at how the protocol works, from the
perspective of Alice and Bob, two users who wish to establish
secure communications. We can assume that Alice and Bob
know nothing about each other but are in contact.
Here are the nine steps of the process:
1. Communicating in the clear, Alice and Bob agree on
two large positive integers, n and g, with the
stipulation that n is a prime number and g is a
generator of n.
2. Alice randomly chooses another large positive
integer, XA, which is smaller than n. XA will serve as
Alice's private key.
3. Bob similarly chooses his own private key, XB.
4. Alice computes her public key, YA, using the formula
YA = (g^XA) mod n.
5. Bob similarly computes his public key, YB, using the
formula YB = (g^XB) mod n.
6. Alice and Bob exchange public keys over the
insecure circuit.
7. Alice computes the shared secret key, k, using the
formula k = (YB ^XA) mod n.
8. Bob computes the same shared secret key, k, using
the formula k = (YA ^XB) mod n.
9. Alice and Bob communicate using the symmetric
algorithm of their choice and the shared secret key, k,
which was never transmitted over the insecure circuit.
CS595/CS603-Fall 2005
2
II. ARCHITECTURE
The architecture is very simple. servlets are being used on
client and server sides. Client encrypts the data with shared
key and send to server. Server decrypts the data with shared
key stored it in the database.
A. DH Key Generator Algorithm
The DH key generator algorithm will generate the shared key
for the client and the server using the public and private keys.
Key pair generators are constructed using the getInstance
factory methods (static methods that return instances of a given
class). A Key pair generator for a particular algorithm creates
a public/private key pair that can be used with this algorithm.
It also associates algorithm-specific parameters with each of
the generated keys.
Shared Key using
FileInputStream
(from the file into which
the DH algorithm writes
the shared key)
Read
Generate
Shared
DES
Key
Cipher
from file
(Using
method
shared
Key)
Plain Text
FIGURE 02
DH Key Generator
Algorithm
Server
Encrypt
Data
Text
message
Encrypt the
plaintext
message using
cipher Send the
encrypted
message to the
servlet.
HTML
Generates
shared key
Client
To servlet using
URL Redirecting
DB
Log
data
HTML
C. Server
The server itself is a simple servlet that is connected to a
database. It receives the encrypted message from the
client and decrypts it using the shared key object
generated by the Diffie-Hellman algorithm and DES (in
DECRYPT mode). Once the message has been decrypted
the server will store the message into the database, which
can be retrieved at a later stage.
FIGURE 01
B. Client
The client program was implemented using Java servlets
and a HTML page that invokes the servlet. The user enters
the data to be sent via the HTML page which then invokes
the Client servlet. The servlet then encrypts this data using
the shared key object generated by the Diffie-Hellman
Key Agreement algorithm and the Data Encryption
Standard (in ENCRYPT mode) and send it over to the
server. The client servlet uses URL Redirection to send
the encrypted message from the client to the server.
Shared Key using
FileInputStream
(from the file into which
the DH algorithm writes
the shared key)
Read Shared
Decrypt
Key from file
the
Method
message
Read
using
Encrypted
shared
Message
key
object
Encrypted
Message
Plain Text
(From client)
To servlet using
URL Redirecting
Log the
decrypted data
into the
database
Display the
encrypted data as
the output
Write message
into database
OUTPUT
on screen.
FIGURE 03
III. SECURITY ISSUES WITH DH ALGORITHM
1. Denial of service Attacks:
-The attacker tries to stop Alice and Bob from
successfully carrying out the protocol. Example: Deleting the
messages that Alice and Bob send to each other, or by
CS595/CS603-Fall 2005
overwhelming the parties with unnecessary computation or
communication.
2. Outsider Attacks:
-The attacker tries to disrupt the protocol (by for
example adding, removing, replaying messages) so that he
gets some interesting knowledge (i.e. information he could not
have gotten by just looking at the public values).
3. Insider Attacks:
- It is possible that one of the participants in a DH
protocol creates a breakable protocol run on purpose in order
to try to gain knowledge about the secret key of his peer.
- This is an important attack if one of the
participants holds a static secret key that is used in many
key agreement protocol runs. Note that malicious software
could be very successful in mounting this attack.
4. Man in the Middle Attacks:
- An active attacker (Oscar), capable of removing
and adding messages, can easily break the core DH protocol .
- By intercepting the public keys and replacing
them, Oscar (O) can fool Alice and Bob into thinking that
they share a secret key.
IV. FUTURE WORK
1. Exchange the shared key generated by the Diffie - Hellman
algorithm over the network.
(We had problems transferring a PublicKey object over the
network)
2. Implement the Diffie-Hellman algorithm using other
encryption algorithms and compare them.
ACKNOWLEDGMENT
Dr. Leszek Lilien, Department of Computer Science, Western
Michigan University.
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
http://www.cc.gatech.edu/classes/cs8113e_96_winter/
http://www.cs.purdue.edu/homes/jiangx/02spring/http://www.cryptography.com/http://java.sun.com/docs/books/tutorial/i18n/text/string.ht
ml - Visited on 11/15/2005,
http://forum.java.sun.com/thread.jspa?threadID=234706&
messageID=2524244
http://forum.java.sun.com/thread.jspa?threadID=283282&
messageID=1105080
http://forum.java.sun.com/thread.jspa?threadID=492193&
messageID=2317123:
http://www.unix.org.ua/orelly/java-ent/jenut/ch02_06.htm
http://javaalmanac.com/egs/java.nio/CreateBuf.html?l=rel
3
Download