Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
DH-Attack
1. Dickson Alorwornu
New York Institute of Technology, Fall 2015
Man in the Middle Attacks on Diffie-Helman Key Exchange
Since its inception in 1976, Diffie-Hellman cryptosystem has become one of the famous and largely
used cryptographic system.
In its basic design, it was an efficient solution to the problem of sharing a common secret between two
parties.
Diffie-Hellman introduced a new age of cryptography where its not just about developing block
ciphers but designing algebraic protocols like the properties of exponentiation.
Diffie-Hellman is also used as the basic building block of many complex cryptographic protocols and
thus working around it may lead to a more efficient and new protocols.
In this paper I describe how a third party can eavesdrop on a Diffie-Helman cryptosystem.
First I talk about key exchange without an online 3rd
party where Alice and Bod wants to share a secret,
k, unknown to an eavesdropper.
In this scenario, Alice chooses a random value a from 1 to p-1 and Bob does the same for b.
Alice computes the number g to the power of a modulo p which reduces the result to the modular prime
p and stores the value in A.
Alice then sends A to Bob.
Bob does the same and chooses a random number b in the range 1 to p-1 and computes g to the b
modulo of p and stores the value in B.
Bob sends B to Alice and now they can both generate a secret key, k.
Alice Bob
Random a {1 to p-1} Random b {1 to p-1}
-----------------------------------”Alice”, A ←ga
(mod p)……………………………..>>>
2. <<<-------------------------------”Bob”, B←gb
(mod p)………………………………..
The secret key k, defined as kAB and its basically the value of gab
. The amazing observation of Diffie-
Hellman is that both parties can compute the value gab.
Ba
(mod p) = (gb
)a
= kAB = gab
(mod p) = (ga
)b
= Ab
(mod p)
Alice can compute this value because she can take her value B received from Bob, raise it to the power
of a and gets (gb
)a
and by the rules of exponentiation, (gb
)a
is the same as gab.
Bob can do something similar, so his goal is to compute (ga
)b
which again is gab
so both Alice and Bob
have successfully computed kAB. Bob can do this by taking the value A that he received from Alice and
he raises it to his own secret b and that gives him the shared secret gab
.
An eavesdropper only sees the prime p and the generator g since these are fixed values which everyone
knows. The eavesdropper also sees the value Alice sent to Bob ie A and also the value Bob sent to
Alice, B.
Eavesdropper sees: p,g, A=ga
(modulo p), and B=gb
(modulo p)
More generally, Diffie-Hellman is defined as DHg(ga
, gb
) = gab
(mod p).
This protocol is vulnerable to attacks. Suppose an eavesdropper is trying to intercept the conversation
between Alice and Bob, the protocol starts with Alice sending ga
over to Bob and that gets intercepted
and replaced with another value say a' then Bob receives ga'
.
Alice Eve Bob
---------A← ga
----------------------→ | a' --------------------------------- A' ←ga'
gab'
<== B' ←gb'
------------------------- b' | ←---------------------------B←gb
==> ga'b
b' ==> gab'
,ga'b
Attacker relays traffic
---------------------------------------------------→ ------------------------------------------------→
From Alice to Bob and reads it in the clear
3. Bob doesn't know that the message from Alice has been tempered with in transit, he only knows he
received A' .
As far as he knows, that value came from Alice and he's going to send back his value B which is gab
to
Alice and then again the eavesdropper intercepts B, generates her own b' and sends Alice B' which is
gb'.
What happens next is Alice will compute her part of the secret key and get gab'
. Bob also computes his
part of the secret key and gets gba'
.
We notice these aren't the same keys, Eve knows both A' and B' and she can compute both gab'
and
gba'
.
It is not difficult to see that Eve knows both values and as a result she can basically play this man in the
middle and when Alice sends an encrypted message to Bob, Eve can simply decrypt this message
because she knows the secret key that Alice encrypted the message with, re-encrypts it using Bob's key.
And then send the message to Bob.
This way Alice sent the message, Bob receives it and thinks the message is secure but in fact that
message went through an eavesdropper.
Eve was able to decrypt it, re-encrypted it for Bob and at the same time she was able to completely read
it, modify it if he wants to etc.
This shows that the Diffie-Hellman protocol is completely insecure given a man in the middle.