25 Diffie-Hellman Key Exchange

epgp books

 

 

 

Security Objectives

  •  To explain how to create a session key between Alice and bob using KDC
  • To create session key method referred to as symmetric-key agreement
  •  To discuss man-in-middle attack

0.  Diffie-Hellman Key Exchange

 

The first published public-key algorithm appeared in the seminal paper by Diffie and Hellman that defined public-key cryptography and is generally referred to as Diffie-Hellman key exchange. A number of commercial products employ this key exchange technique. The purpose of the algorithm is to enable two users to securely exchange a key that can then be used for subsequent encryption of messages. The algorithm itself is limited to the exchange of secret values.

 

The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms. Briefly, we can define the discrete logarithm in the following way. First, we define a primitive root of a prime number p as one whose powers modulo p generate all the integers from 1 to p 1. That is, if a is a primitive root of the prime number p, then the numbers a mod p, a2 mod p,…, ap1 mod p

are distinct and consist of the integers from 1 through p 1 in some permutation.

For any integer b and a primitive root a of prime number p, we can find a unique exponent i such thatb ≡ai (mod p) where 0≤ i ≤(p 1). The exponent i is referred to as the discrete logarithm of b for the base a, mod p. We express this value as dloga,p (b). See Chapter 8 for an extended discussion of discrete logarithms.

 

  1. Principle behind Diffie-Hellman

Figure 1 summarizes the Diffie-Hellman key exchange algorithm. For this scheme, there are two publicly known numbers: a prime number q and an integer that is a primitive root of q. Suppose the users A and B wish to exchange a key. User A selects a random integer XA < q and computes YA = αXA mod q. Similarly, user B independently selects a random integer XA < q and computes YB = αXB mod q. Each side keeps the X value private and makes the Y value available publicly to the other side. User A computes the key as K = (YB)XA mod q and user B computes the key as

 

 

The result is that the two sides have exchanged a secret value. Furthermore, because XA and XB are private, an adversary only has the following ingredients to work with: q, α, YA, and YB. Thus, the adversary is forced to take a discrete logarithm to determine the key. For example, to determine the private key of user B, an adversary must compute XB = dlogα,q (YB) The adversary can then calculate the key K in the same manner as user B calculates it. The security of the Diffie-Hellman key exchange lies in the fact that, while it is relatively easy to calculate exponentials modulo a prime, it is very difficult to calculate discrete logarithms. For large primes, the latter task is considered infeasible.

Example 1

 

Let us give a trivial example to make the procedure clear. Our example uses small numbers, but note that in a real situation, the numbers are very large. Assume that g=7 and p=23.The steps are as follows:

  1. Alice chooses x=3 and calculate R1 =73mod 23=21
  2. Bob chooses y=6 and calculate R2=76mod 23=4
  3. Alice sends the number 21 to Bob
  4. Bob sends the number 4 to Alice
  5. Alice calculates the symmetric key K=43 mod 23=18
  6. Bob calculates the symmetric key K=216 mod 23=18

The value of K is the same for both Alice and Bob; gxy mod p=718 mod=18

 

Example 2

Let us give a more realistic example. We used a program to create a random integer of 512bits (the ideal is 1024 bits). The integer p is a 159-digit number.

We also choose g,x, and y as shown below:

 

  1. Key Exchange Protocols

Figure 2 shows a simple protocol that makes use of the Diffie-Hellman calculation. Suppose that user A, wishes to set up a connection with user B and use a secret key to encrypt messages on that connection. User A can generate a one-time private key XA, calculate YA, and send that to user B. User B responds by generating a private value XB calculating YB, and sending YB to user A. Both users can now calculate the key. The necessary public values q and α would need to be known ahead of time. Alternatively, user A could pick values for q and α and include those in the first message.

As an example of another use of the Diffie-Hellman algorithm, suppose that a group of users (e.g., all users on a LAN) each generate a long-lasting private value Xi (for user i) and calculate a public value Yi. These public values, together with global public values for q and α, are stored in some central directory. At any time, user j can access user i‘s public value, calculate a secret key, and use that to send an encrypted message to user A. If the central directory is trusted, then this form of communication provides both confidentiality and a degree of authentication. Because only i and j can determine the key,no other user can read the message (confidentiality). Recipient i knows that only user j could have created a message using this key (authentication). However, the technique does not protect against replay attacks.

4. Man-in-the-Middle Attack

 

It is insecure against a man-in-the-middle attack. Suppose Alice and Bob wish to exchange keys, and Darth is the adversary. The attack proceeds as follows:

 

1.   Darth prepares for the attack by generating two random private keys XD1 and XD2

 

and then computing the corresponding public keys YD1 and YD2.

 

2.  Alice transmits YA to Bob.

 

3.  Darth intercepts YA and transmits YD1 to Bob.Darth also calculates K2 = (YA)XD2

 

mod q.

 

4.  Bob receives YD1 and calculates K1 = (YD1)XE mod q.

 

5.  Bob transmits XA to Alice.

 

6.  Darth intercepts XA and transmits YD2 to Alice. Darth calculates K1 = (YB)XD1

 

mod q.

 

7.  Alice receives YD2 and calculates K2 = (YD2)XA mod q.

 

At this point, Bob and Alice think that they share a secret key, but instead Bob and Darth share secret key K1 and Alice and Darth share secret key K2. All future communication between Bob and Alice is compromised in the following way:

 

1.  Alice sends an encrypted message M: E(K2, M).

 

2.  Darth intercepts the encrypted message and decrypts it, to recover M.

 

3.  Darth sends Bob E(K1, M) or E(K1, M‘), where M‘ is any message.

 

In the first case, Darth simply wants to eavesdrop on the communication without altering it. In the second case, Darth wants to modify the message going to Bob. The key exchange protocol is vulnerable to such an attack because it does not authenticate the participants. This vulnerability can be overcome with the use of digital signatures and public-key certificates.

Summary

  • A session key is created between Alice and bob using KDC
  • Symmetric-key agreement method is discussed
  •  Man-in-middle attack method is discussed
you can view video on Diffie-Hellman Key Exchange