report - Computer Science - Western Michigan University

fortunabrontideInternet and Web Development

Nov 13, 2013 (3 years and 8 months ago)

96 views

CS
595/
603


Fall 2005

Project


D
-
H Key Agreement using DES



Implementation

of the Diffie
-
Hellman Key Exchange

CS 603


Fall 2005

Final Project Report

Dr. Leszek Lilien


Submitted by
:

Sahil Behl

Muhammad Rehan Fayyaz


Motive:


The spectacular growth of the Internet has spawned an increased awareness of and interest
in
security issues. Although security has been considered in the design of the basic Internet
protocols, many applications have been and are being designed with minimal attention paid
to issues of confidentiality, authentication, and privacy. As our daily
activities become more
and more reliant upon data networks, the importance of an understanding of such security
issues will only increase.

Many cryptographic algorithms (e.g., DES,AES, HMAC) require
the establishment of
shared keying material

in advance
.

M
anual distribution

of keying
material is
inefficient

and
complex
. This is where the Diffie
-
Hellman Key Agreement
algorithm is useful.



Project Description:


The motive of the project is to review and implement the Diffie
-
Hellman key exchange
protocol and
study its applications especially for the internet key exchange.

Create a web page for an electronic business. Encipher sensitive data such as customer credit
number, SSN etc before transporting them from client to server.


The idea is simple, the custome
r access the website powered by our simple http server, our
web server will reply with a java servlet. The client will communicate with server by Diffie
-
Hellman key
-
exchange protocol to generate the common shared key which is used in the later
communicatio
n. After key exchange, both server and client will use the shared key to
encipher and decipher the sensitive data such as customer credit number, SSN etc



CS
595/
603


Fall 2005

Project


D
-
H Key Agreement using DES





Brief Description of Individual modules:


Diffie
-
Hellman Key Exchange algorithm.

Diffie
-
Hellman k
ey exchange offers the best of both worlds
--

it uses public key techniques
to allow the excha
nge of a private encryption key.

Let's take a look at how the protocol
works, from the perspective of Alice and Bob, two users who wish to establish secure
commun
ications. We can assume that Alice and Bob know nothing about each other but are
in contact.


Here are the nine steps of the process:

1.

Communicating in the clear, Alice and Bob agree on two large positive integers,
n

and
g
, with the stipulation that
n

is a
prime number and
g

is a generator of
n
.

2.

Alice randomly chooses another large positive integer,
X
A
, which is smaller than
n
.
X
A

will serve as Alice's private key.

3.

Bob similarly chooses his own private key,
X
B
.

4.

Alice computes her public key,
Y
A
, using the

formula
Y
A

= (
g^X
A
) mod
n
.

5.

Bob similarly computes his public key,
Y
B
, using the formula
Y
B

= (
g^X
B
) mod
n
.

6.

Alice and Bob exchange public keys over the insecure circuit.

7.

Alice computes the shared secret key,
k
, using the formula
k

= (
Y
B

^X
A
) mod
n
.

8.

Bob

computes the same shared secret key,
k
, using the formula
k

= (
Y
A

^X
B
) mod
n
.

9.

Alice and Bob communicate using the symmetric algorithm of their choice and the
shared secret key,
k
, which was never transmitted over the insecure circuit.

Working of the prog
ram
:



The algorithm generates a public key and a private key for the client (say Alice)

CS
595/
603


Fall 2005

Project


D
-
H Key Agreement using DES




KeyPairGenerator aliceKpairGen=KeyPairGenerator.getInstance("DH");

aliceKpairGen.initialize(dhSkipParamSpec);

KeyPair aliceKpair = aliceKpairGen.generateK
eyPair();



The KeyPairGenerator class is used to generate pairs of public and private keys.

Key pair generators are constructed using the
getInstance

factory methods (static
methods that return instances of a given class).

A Key pair generator for
a particular algorithm creates a public/private key pair that
can be used with this algorithm. It also associates algorithm
-
specific parameters with
each of the generated keys.

(Ref.
http://java.sun.com/j2se/1.4.2/docs/api/java/security/KeyPairGenerator.html
)



Alice then encodes her public key and sends it to Bob, who then retrieves the DH
parameters associated with Alice’s public key and uses it to generate his own

key
pair.


DHParameterSpec dhParamSpec =((DHPublicKey)alicePubKey).getParams();






Bob initializes his own DH key pair



KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");



bobKpairGen.initialize(dhParamSpec);



KeyPair bobKpair = bobKpairGen.generateKeyPair();



Bob encodes his public key and sends it over to Alice

byte
[] bobPubKeyEnc = bobKpair.getPublic().getEncoded();


At this stage, both Bob and Alice have created their public and private keys, and

have
exchanged their public keys. The will now generate a shared key.


CS
595/
603


Fall 2005

Project


D
-
H Key Agreement using DES





Alice shared key
:


aliceKeyAgree.doPhase(bobPubKey,
true
);


int

aliceLen = aliceSharedSecret.length;

Bob Shared Key:

byte
[] bobSharedSecret =
new

byte
[aliceLen];



Bob an
d Alice write down their shared keys into a file, which are then read by the
server and client servlets respectively.


(Please find the attached code for the entire DiffieHellman.java program in the appendix)


Client
:



The client program was implemented

using Java servlets and a HTML page that
invokes the servlet.



The user enters the data to be sent via the HTML page which then invokes the Client
servlet.



The servlet then encrypts this data using the shared key object generated by the
Diffie
-
Hellman Key

Agreement algorithm and the Data Encryption Standard (in
ENCRYPT mode) and send it over to the server.



The client servlet uses URL Redirection to send the encrypted message from the
client to the server.

(Please find the
attached
code for Client.java in t
he appendix)

.

Server
:



The server itself is a simple servlet that is connected to a database.



It receives the encrypted message from the client and decrypts it using the shared key
object generated by the Diffie
-
Hellman algorithm and DES (in DECRYPT mode)
.



Once the message has been decrypted the server will store the message into the
database, which can be retrieved at a later stage.


(Please find the attached code for the server in the appendix)

CS
595/
603


Fall 2005

Project


D
-
H Key Agreement using DES










Non
-

Mathematical Representation:






(Ref: http://www.securitydocs.com/library/2978)





CS
595/
603


Fall 2005

Project


D
-
H Key Agreement using DES




A
rchitecture
:


The architecture for the entire implementation process is as follows:





a.
High Level Architecture:

















T
he
descriptions of the individual modules are

as follows


(
Please

refer next page)


Generates shared
key for client

SERVER


(Servlet)

Database


Pointbase

Encrypt

Data

using
DES + D.H



Retrieving Data

Stores Decrypted
Data

Generates shared key
for server

DH Key
Generator
Algorithm

CLIENT


(S
ervlet)

HTML
Page

FIGURE 01

CS
595/
603


Fall 2005

Project


D
-
H Key Agreement using DES





b)
.
Individual Modules:



(i) Client :















(ii
) Server :



















(i)

(ii)

(iii)

FIGURE 02

Read

Shared Key
from
file



Read

plaintext

us
ing the
doGet

function using get
parameter method

Generate

DES
Cipher


(
Using shared
Key
)

Encrypt

Plaintext message
using cipher



S
end the encrypted message
to the servlet.

P
lain
Text

HTML

Shared Key using
FileInputStream

(from the file into which the DH
algorithm writes the shared key)


To servlet
using
URL
Redirecting

Read

Shared Key
from

file



Read

encrypted message
using the
doGet

function
using get parameter
method


Shared Key using
FileInputStream

(from the file into which the DH
algorithm writes the shared key)



Encrypted
message



(

from client)

(i)

Decrypt the message
using the
shared
key

object and
DES
(in DECRYPT
mode).



Log
the
decrypted

data
into the data
base.


Display the encrypted
and decrypted data as the
output

OUTPUT

on screen.

Write message
into database

(ii)

(iii)

FIGURE 03

CS
595/
603


Fall 2005

Project


D
-
H Key Agreement using DES





Goals accomplished :


Please refer to the
to do list

in the checkpoint report.


(Attached to the appendix)


Example :


Plaintext

Shared Key (in
text format)

Encrypted message
(received as string)
(received as string)


padded

Encrypted
message
(bytes)

Decrypted message

Sr. No.

Tasks

Description

Date

1

Integration of the modules.

Implement the Diffie
-

Hellman a
lgorithm

within
the client
-

server model we
have created.

Done

2

Testing the modules

Test

each module individually
and collectively.

Done

3

Use a network sniffer

We will use
Ethereal,

to sniff
the messages being exchanged
between the client and the
serv
er.

Done

4

Project Documentation

Project manuals created at
each phase of software
development.

Done

5 (OPTIONAL)

Implement a database

Connect a database to the
servlet
to store the messages
received from the client. The
servlet itself is
stateless

Done

CS
595/
603


Fall 2005

Project


D
-
H Key Agreement using DES



hello

?
›«LRû

2NnxBDxYFJY=

[B@6214f5

hello


Technologies used:


NOTE:



Please put th
e class files of the servlets in the /webapps/ROOT/WEB
-
INF/classes
directory of tomcat.




Please put the HTML page in the /webapps/ROOT directory of tomcat.



1)

Servlets:

a)

ShowParameters.java

b)

Client.java



(Please find the attached source code in the appendi
x)


2)

Java classes:

a)

DiffieHellman.java

b)

ServletUtilities.java


(Please find the attached source code in the appendix)


3)

Encryption algorithms:


Key Agreement


a) Diffie


Hellman Key Agreement



Algorithm used to encipher plain text


a) Data
Encryption Standard (DES)


4)

Application server:


a) Tomcat.

CS
595/
603


Fall 2005

Project


D
-
H Key Agreement using DES




(
Downloaded from:

http://www.coreservlets.com/Apache
-
Tomcat
-
Tutorial/
)


5)

JDBC (Pointbase):

a) ShowParameters.java


(
Come
s with J2EE )


6) URL Redirecting:

a)

Client.java



7) Network Protocol Analyzer
:


a)

Ethereal


8
) HTML:


Form Data

a)

login.html



Tables

a)

ShowParameters.java



Security Issues:

1.

Denial of service Attacks
:


-
The attacker
tries to stop Alice and Bob from

successfully carrying out the protocol.

Example:

Deleting the messages that Alice and

Bob send to each other, or by overwhelming
the parties with

unn
ecessary computation or communication.



2.

Outsider Attacks
:




-
The attacker tries to disrupt the protocol (by for

example adding, removing,
replaying messages) so that hegets some interesting knowledge (i.e. information he could not

CS
595/
603


Fall 2005

Project


D
-
H Key Agreement using DES




have gotten by just looking at the public values).



3.

Insider Attacks:



-

It is possible that one of the participants in a DH protocol creates a breakable
protocol run on purpose in order

to try to gain knowledge about the secret key of his peer.


-

This is an important attack if one of the

participants

holds a static secret key that
is used in many

key agreement protocol runs. Note that malicious software

could be very successful in mounting this attack.


4.

Man in the Middle Attacks:


-

An active attacker (Oscar), capable of removing


an
d adding messages, can easily
break the core DH protocol .


-

By intercepting the public keys and replacing

them, Oscar (O) can fool Alice and
Bob into thinking that

they share a secret key.


Future

Work:

1.

Exchange the shared key generated b
y the Diffie
-

Hellman algorithm over the
network.

(
We had problems transferring a PublicKey object over the network)

2.

Implement the Diffie
-
Hellman algorithm using other encryption algorithms and
compare them.










CS
595/
603


Fall 2005

Project


D
-
H Key Agreement using DES




References
:


Websites:


1.

http://www.cc.gatech.edu/classes/cs8113e_96_winter/

-

Visited on 09/16/2005


college website

2.

http://www.cryptography.com/
-

Visited on 09/18/2005

3.

http://www.cs.purdue.edu/homes/jiangx/02spring/
-

Visited on 09/18/2005

4.

http://www.securitydocs.com

-

Visited on

09/14/2005


Network Security White
papers

5.

http://www.sans.org/rr/whitepapers/vpns/751.php

-

Visited

on 09/17/2005



SANS Institute
2001, a paper on the Diffie


Hellman Algorithm and its use in secure Internet
protocols.

6.

http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci876048,00.html


Visited on
09/23/2005,

Network Security Webpage.

7.

http://java.sun.com/docs/books/tutorial/i18n/text/string.html
-

Visited on 11/15/2005
,

Reason: was getting an exception while encoding the encrypted message, searched on
Google.

8.

http://forum.java.sun.com/thread.jspa?threadID=234706&messageID=2524244

:
Visited on 11/18/2005. It is a java forum. Reason: was getting badPaddingException,
searched on Google.

9.

http://forum.java.sun.com/thread.jspa?threadID=283282&messageID=1105080
:
Visited

on 11/23/2005. It is a java forum. Reason: searching for a way
to

store and
restore a key.
Searched on Google.

10.

http://forum.java.sun.com/thread.jspa?threadID=492193&messageID=2317123
:

Visited

on 11/24/2005. It is a java forum.
Reason: was

getting an exceptio
n
IllegalBlockSizeException. Searched on Google.

11.

http://www.unix.org.ua/orelly/java
-
ent/jenut/ch02_06.htm

:

Visited 11/26/2005.It was
useful for writing the code to store data into t
he database.

12.

http://javaalmanac.com/egs/java.nio/CreateBuf.html?l=rel

:Visited 11/25/2005.
Useful for exchanging data between the servlets.



CS
595/
603


Fall 2005

Project


D
-
H Key Agreement using DES




Books:

1.


Java Network Programming and D
istributed Computing
-

Davis Reilly


Michael
Really.

2.


Core Servlets and JSP
-

Marty Hall.

3.


How to program Java


Deteil and Deteil.


Acknowledgements:


1.

Dr. Leszek Lilien

Department of Computer Science, Western Michigan University.


Appendix
:

The appendix c
onsists of:

1.

The source code of the programs.

2.

The IEEE paper for this implementation

3.

The powerpoint presentation slides.


4.

The JavaDocs of the classes used in the programs