21-10-2016, 04:14 PM
1460394078-nplreport.doc (Size: 199 KB / Downloads: 5)
Introduction
In cryptography, secure communication between two entities can be achieved by confidentiality, authentication, data integrity, access control and non-repudiation. Confidentiality ensures protection of data from unauthorized disclosure. Authentication assures that the data is coming from original sender. Access control prevents unauthorized use of resource. Integrity assures that data received are exactly as sent by an authorized entity. Nonrepudiation protects from denial of service. Cryptographic systems can be divided into Symmetric key systems and Asymmetric key systems. Symmetric key systems are used for encryption and decryption of a message that should be kept secret. The encryption and decryption is done using a shared secret key. Asymmetric key cryptography is used to transport the shared secret key in a safe manner. Asymmetric key cryptography must provide a way to solve key transport over an unsecure channel. This problem is partly solved by the Diffie–Hellman key exchange algorithm, which makes it possible to obtain privacy in the key exchange. The Advantage of the Diffie–Hellman Algorithm is that, it is a lightweight two-pass protocol with only a public key transport from participant A to participant B and again from B to A. In the Diffie–Hellman Algorithm the public key is used on both sides to calculate the shared secret. The problem is that the Diffie–Hellman Algorithm is vulnerable to Man-in-the-middle attacks and Replay Attacks. However Algorithms as like ECMQV (Elliptic Curve Menezes Qo Vanstone), SPDH (Secure Plain Diffie-Hellman) can overcome these problems. but these Algorithms are complex and three-pass making both software and hardware implementation harder. In the following process of key exchange we will try to introduce a new Algorithm which overcomes Man-in-the-middle Attack and all sort of Replay Attacks .The proposed Algorithm can send keys safely and the probability of being hacked the key can be reduced.
Scope of the Project
The first published public-key algorithm by Diffie and Hellman that defined public-key cryptography and is generally referred to as Diffie-Hellman Key Exchange. The purpose of this algorithm is to enable two users to securely exchange a key that can be used for subsequent encryption of messages. The algorithm itself is limited to exchange of secret keys. The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms. The scope of the project is to find an efficient method or algorithm which eliminates the man-in-the-middle attack completely and thus makes a communication more secure.
Description
Diffie-Hellman Algorithm
Cryptographic systems can be divided into Symmetric key systems and Asymmetric key systems. Symmetric key systems are used for encryption and decryption of a message that should be kept secret. The encryption and decryption is done using a shared secret key. Asymmetric key cryptography is used to transport the shared secret key in a safe manner. Asymmetric key cryptography must provide a way to solve key transport over an unsecure channel. This problem is partly solved by the Diffie–Hellman key exchange algorithm, which makes it possible to obtain privacy in the key exchange. The Advantage of the Diffie–Hellman Algorithm is that, it is a lightweight two-pass protocol with only a public key transport from participant A to participant B and again from B to A. In the Diffie–Hellman Algorithm the public key is used on both sides to calculate the shared secret. The problem is that the Diffie–Hellman Algorithm is vulnerable to Man-in-the-middle attacks and Replay Attacks.
Algorithm Description
Suppose we have two people wishing to communicate: Alice and Bob
Step 1: Alice and Bob shares global public elements A prime number ‗q‘ An integer ‗g‘ where g<q and primitive root of q.
Step2: Alice: Selects private ‗a‘ where a<q then calculates public A = ga mod q and sends it to Bob.
Step 3: At Bob: Selects private ‗b‘ where b<q then calculates public B = gb mod q and sends it to Alice.
Step 4: Calculation of secret key by Alice : S= B a mod q
Step 5: Calculation of secret key by Bob : S= A b mod q
Step 6: Alice and Bob now share the secret key ‗S‘ and encrypt the messages using ‗S‘. The security of Diffie-Hellman key exchange lies in the fact that, while it is relatively easy to calculate exponentials modulo a prime, it is very difficult to calculate discrete logarithms. For larger primes, the later task is considered infeasible.
Man-in-the-middle Attack
Diffie-Hellman key Exchange is vulnerable to Man-in-the-middle Attack. Suppose Alice and Bob wish to exchange keys, and Darth is the adversary. The attack proceeds as follows:
1. Darth prepares for the attack by generating two random private keys x1 and x2, and then computing the corresponding private keys y1 and y2.
2. Alice transmits ‘A’ to Bob.
3. Darth intercepts ‘A’ and transmits ‘y1’ to Bob. Darth also calculates k2= A x2mod q.
4. Bob receives ‘y1’ and calculates k1=y1 bmod q.
5. Bob transmits ‘B’ to Alice.
6. Darth intercepts ‘B’ and transmits ‘y2’ to Bob. Darth also calculates k1= B x1mod q.
7. Alice receives ‘y2’ and calculates k2=y2 amod q.
At this point, Bob and Alice think that they share a secret key, but instead Bob and Darth share secret key ‗k1‘ and Alice and Darth share secret key ‗k2‘in which all future communications are intercepted by Darth, which leads to Man-in-the-middle Attack.
Improvement
In this process we try to eliminate the Man-in-the-middle Attack and Replay Attacks with simple Mathematics based algorithm rather than using highly complex methods which increases design complexity, so our approach would be such that the middle man could not change the key. For his porpoise we introduce some techniques and timestamps to prevent Replay attacks. The proposed technique is as follows: .
Algorithm Description
Suppose Krishna (K) wants to exchange key with Hari (H). Both K and H use ‗e‘ as a secret number as the base of log.
Step 1: K chooses a large prime number M and calculate K1=log e(M).
Step 2: H chooses a large prime number N and calculate K2=log e (N).
Step 3: K sends K1 and a Timestamp T1 to H,
Step 4: H sends K2 and a Timestamp T2 to K,
Step 5: K Verifies Timestamp ‗T2‘ and calculates Key S=K1+K2=log e (M) + log e (N) = log e (MN).
Step 6: H verifies Timestamp ‗T1‘ and calculates Key S=K1+K2=log e (N) + log e (M) = log e (NM)
Step 7: By the properties of logarithms log e (NM) =log e (MN). Both K and H can check whether the key is being attacked or not by calculating as follows: e^log e (MN)=MN. K calculates R1=MN/M If R1 is a prime number then key is not attacked. Similarly H calculate R2=MN/N. If R2 is a prime number then key is not attacked.
Elimination of Man-in-the-middle Attack
Note that both B and K use a secret number ‗e‘ as the base of the log. If in the middle the key is attacked and the key is changed not necessarily the base will be ‗e‘. As we can calculate R1=MN/M and R2=MN/N so we can easily catch the error.
Elimination of Replay Attacks
Replay Attacks are not all possible due to the use of timestamps. An opponent can replay a message but both ‗K‘ and ‗H‘ may check timestamps before calculating key in order to detect Replay Attacks.
Conclusion
Designing a Key exchange algorithm with 100% accuracy is not at all possible . We considered Man-in-the-middle Attack and Replay Attacks while proposing the Algorithm. However we can‘t say that Man-in-the-middle Attack cannot possible completely .because the base selected by the middle man can be same as ‗e‘ unfortunately. Our Algorithm uses simple mathematical concepts making implementation easier as well as avoidance from common Attacks. In this process we try to eliminate the Man-in-the-middle Attack and Replay Attacks with simple Mathematics based algorithm rather than using highly complex methods which increases design complexity, so our approach would be such that the middle man could not change the key. For his porpoise we introduce some techniques and timestamps to prevent Replay attacks.