Let’s take a real example of the DHKE and to figure out how to generate and exchange keys securely between two parties.
- Choose a large prime p.
- Choose a primitive root g of p.
- Publish p and g.
Alice and Bob must agree on the values of p and g; (where g for example is 2 or 5).
Find the attacked PowerPoint slides for a dhke-example.
In conclusion, the DHKE provides both parties to know (k = gAB mod p). Meanwhile, Oscar knows (p, g, gA mod p and gB mod p), which is not enough to compute (gAB mod p), unless Oscar computes the discrete logarithm of (gA mod p) or (gB mod p) to find either A or B.
Therefore, the security of DHKE depends on the difficulty of the discrete logarithm problem.
The most common problem that occur with DHKE that it is susceptible to Man-In-The-Middle (MITM) attack, where both parties (Alice and Bob) believe that they share a secret key with each other, whereas they share a secret key with Oscar via MITM attack. However, it is possible to mitigate/thwart the MITM attack by implementing Digital Signature when exchanging the value.
Digital Signature is a browser technique that defend against MITM by doing the following:
- Digital signature on exchanged values.
- Alice signs gA mod p, Bob signs gB mod p.
- This proves that it was they who generated these values.
Note: modern browsers use Diffie-Hellman to communicate with websites (https://…).
Find the attacked PowerPoint slides for more information about the mitm-attack.
|This link shows which algorithms your browser supports, for example|
|DHE-RSA||Is for key exchange|
|AES128||Is for symmetric encryption (See SK lecture)|
|SHA||Is for Message Authentication (See next lecture)|
|DHE-RSA||Diffie-Hellman Ephemeral with RSA digital signatures|