Diffie-Hellman – PART 2/2

Let’s take a real example of the DHKE and to figure out how to generate and exchange keys securely between two parties.

  1. Choose a large prime p.
  2. Choose a primitive root g of p.
  3. Publish p and g.

Alice and Bob must agree on the values of p and g; (where g for example is 2 or 5).

Find the attacked PowerPoint slides for a dhke-example.

 

In conclusion, the DHKE provides both parties to know (k = gAB mod p). Meanwhile, Oscar knows (p, g, gA mod p and gB mod p), which is not enough to compute (gAB mod p), unless Oscar computes the discrete logarithm of (gA mod p) or (gB mod p) to find either A or B.

Therefore, the security of DHKE depends on the difficulty of the discrete logarithm problem.

 

The most common problem that occur with DHKE that it is susceptible to Man-In-The-Middle (MITM) attack, where both parties (Alice and Bob) believe that they share a secret key with each other, whereas they share a secret key with Oscar via MITM attack. However, it is possible to mitigate/thwart the MITM attack by implementing Digital Signature when exchanging the value.

Digital Signature is a browser technique that defend against MITM by doing the following:

  • Digital signature on exchanged values.
  • Alice signs gA mod p, Bob signs gB mod p.
  • This proves that it was they who generated these values.

Note: modern browsers use Diffie-Hellman to communicate with websites (https://…).

Find the attacked PowerPoint slides for more information about the mitm-attack.

This link shows which algorithms your browser supports, for example
DHE-RSA Is for key exchange
AES128 Is for symmetric encryption (See SK lecture)
SHA Is for Message Authentication (See next lecture)
DHE-RSA Diffie-Hellman Ephemeral with RSA digital signatures
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s