Implementing the Diffie -Hellman Key Agreement using Data Encryption Standard Presented by : Sahil Behl Muhammad Rehan Fayyaz Under the guidance of Dr.

Slides:



Advertisements
Similar presentations
Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.
Advertisements

COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
Public Key Algorithms 4/17/2017 M. Chatterjee.
Authentication System
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Csci5233 Computer Security1 GS: Chapter 5 Asymmetric Encryption in Java.
Computer Science Public Key Management Lecture 5.
Public Key Model 8. Cryptography part 2.
Strong Password Protocols
Rachana Y. Patil 1 1.
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
Key Agreement Guilin Wang School of Computer Science 12 Nov
Cryptography and Network Security (CS435) Part Eight (Key Management)
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
IPSEC : KEY MANAGEMENT PRESENTATION BY: SNEHA A MITTAL(121427)
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
CSE 331: Introduction to Networks and Security Fall 2001 Instructor: Carl A. Gunter Encrypted Knock Knock.
PUBLIC KEY CRYPTOGRAPHY ALGORITHM Concept and Example 1IT352 | Network Security |Najwa AlGhamdi.
6 June Lecture 2 1 TU Dresden - Ws on Proof Theory and Computation Formal Methods for Security Protocols Catuscia Palamidessi Penn State University,
ECE509 Cyber Security : Concept, Theory, and Practice Key Management Spring 2014.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
COEN 351 E-Commerce Security
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.
NTRU Key Exchange based on a posting of Lars Luthman on the Cryptography mailinglist on 05/17/2014 The search for a Post-Quantum Diffie-Hellman replacement.
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Key Management Network Systems Security Mort Anvari.
1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Introduction to Pubic Key Encryption CSCI 5857: Encoding and Encryption.
1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Information Security and Management 10. Other Public-key Cryptosystems Chih-Hung Wang Fall
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
최신정보보호기술 경일대학교 사이버보안학과 김 현성.
Reviews Rocky K. C. Chang 20 April 2007.
Key Exchange References: Applied Cryptography, Bruce Schneier
Key Management Network Systems Security
El Gamal and Diffie Hellman
Diffie-Hellman key exchange/agreement algorithm
Secure Diffie-Hellman Algorithm
Key Exchange, Man-in-the-Middle Attack
Diffie-Hellman Algorithm
Presentation transcript:

Implementing the Diffie -Hellman Key Agreement using Data Encryption Standard Presented by : Sahil Behl Muhammad Rehan Fayyaz Under the guidance of Dr. Leszek Lilien Dept. Of Computer Science Western Michigan University.

Motive  Many cryptographic algorithms (e.g., DES,AES, HMAC) require the establishment of shared keying material in advance.  Manual distribution of keying material is inefficient and complex.  Seek automated key establishment schemes. (Example (X.509 Standard)  Requirement of an algorithm that can use public key techniques to allow the exchange of a private encryption key.

Solution… Diffie – Hellman Key Agreement Algorithm: Let's take a look at how the protocol works. Assume that to users, Alice and Bob know nothing about each other but are in contact. The algorithm outlines a nine step process for the communication: 1. Alice and Bob agree on two large positive integers, n and g, with the stipulation that n is a prime number and g is a generator of n. 2. Alice randomly chooses another large positive integer, XA, which is smaller than n. XA will serve as Alice's private key.

DH Key Agreement algorithm 3. Bob similarly chooses his own private key, XB. 4. Alice computes her public key, YA, using the formula YA = (g^XA) mod n. 5. Bob similarly computes his public key, YB, using the formula YB = (g^XB) mod n. 6. Alice and Bob exchange public keys over the insecure circuit. 7. Alice computes the shared secret key, k, using the formula k = (YB ^XA) mod n. 8. Bob computes the same shared secret key, k, using the formula k = (YA ^XB) mod n. 9. Alice and Bob communicate with a symmetric algo. of their choice using shared key k.

Non-Mathematical Explanation

Implementation  Architecture:

Implementation  Individual modules: 1. Diffie - Hellman Key Generator: a) The classes used were java.security.*; java.security.spec.*; java.security.interfaces.*; javax.crypto.*; javax.crypto.spec.*; javax.crypto.interfaces.*; com.sun.crypto.provider.SunJCE; b) Alice generates her DH key pair using KeyPairGenerator aliceKpairGen=KeyPairGenerator.getInstance("DH"); aliceKpairGen.initialize(dhSkipParamSpec); KeyPair aliceKpair = aliceKpairGen.generateKeyPair();

Implementation c) Alice initializes her shared key object and sends her public key to Bob. KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH"); aliceKeyAgree.init(aliceKpair.getPrivate()); byte[] alicePubKeyEnc = aliceKpair.getPublic().getEncoded(); d) Bob receives Alice’s public key and creates his own DH parameters. KeyFactory bobKeyFac = KeyFactory.getInstance("DH"); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(alicePubKeyEnc); PublicKey alicePubKey = bobKeyFac.generatePublic(x509KeySpec); e) Bob will send his own public key to Alice now and Alice generates her shared key.

Implementation KeyFactory aliceKeyFac = KeyFactory.getInstance("DH"); x509KeySpec = new X509EncodedKeySpec(bobPubKeyEnc); PublicKey bobPubKey = aliceKeyFac.generatePublic(x509KeySpec); aliceKeyAgree.doPhase(bobPubKey, true); f ) Similarly, Bob uses Alice’s public key to generate his shared key bobKeyAgree.doPhase(alicePubKey, true); At this moment both parties have generated the same shared key. 2. We then used the Data Encryption Standard to encipher the plaintext using the shared key that the DH Key Agreement algorithm generated.

Implementation 3. Client and server modules: They were implemented using servlets. Tomcat was the application server The database connected to the server was pointbase. Ethereal was used as a Network Protocol Analyzer.

DEMONSTRATION….

Security Issues with DH 1.Denial of service Attacks: -The attacker tries to stop Alice and Bob from successfully carrying out the protocol. Example: Deleting the messages that Alice and Bob send to each other, or by overwhelming the parties with unnecessary computation or communication. 2. Outsider Attacks: -The attacker tries to disrupt the protocol (by for example adding, removing, replaying messages) so that he gets some interesting knowledge (i.e. information he could not have gotten by just looking at the public values).

Security Issues with DH 3. Insider Attacks: - It is possible that one of the participants in a DH protocol creates a breakable protocol run on purpose in order to try to gain knowledge about the secret key of his peer. - This is an important attack if one of the participants holds a static secret key that is used in many key agreement protocol runs. Note that malicious software could be very successful in mounting this attack. 4. Man in the Middle Attacks: - An active attacker (Oscar), capable of removing and adding messages, can easily break the core DH protocol. - By intercepting the public keys and replacing them, Oscar (O) can fool Alice and Bob into thinking that they share a secret key.

Current and future research 1. N-Party Encrypted Diffie-Hellman Key Exchange Using Different Passwords (2005): [Center for Information Security Technologies (CIST), Korea University, Anam Dong, Sungbuk Gu, Seoul, Korea] - The paper provides a method to securely and efficiently extend three-party case to N-party case with a formal proof of security. - Two provably secure N-party EKE protocols are suggested. - N-party EKE-U in the unicast network and N- party EKE-M in the multicast network. 2. An Authenticated Diffie-Hellman Key Agreement Protocol Secure Against Active Attacks

References and Acknowledgements ,00.html ssageID= ssageID= essageID=

References and Acknowledgements Books: 1.Java Network Programming and Distributed Computing- Davis Reilly – Michael Really. 2. Core Servlets and JSP- Marty Hall. 3.How to program Java – Deteil and Deteil. Acknowledgements: Dr. Leszek Lilien, Dept. of Computer Science, Western Michigan University..