Diffie-Hellman

Symmetrical encryption, as explained earlier, is when the same key is used to encrypt and decrypt data. To establish communications with a remote system, the key must be made available to the participants for encryption and decryption purposes. Some inter-esting security issues include: how does one provide a key to the other systems without exposing it to unauthorized individuals? Better yet, what if there is no predefined relationship with desired communication peer? The answer to these questions and the hundreds that follow is that one can send a representation of the key that can be verified and used to create the final symmetric key. This action sounds much more simple than it is, but administrative interaction is limited and user interaction is nonexistent. The process is integrated into many applications and happens automatically. However, know-ing the details will allow us to appreciate IPSec operations and the protection it provides by the intricate message content and timing.

In 1976, two mathematicians, Bailey W. Diffie from Berkeley and Martin E. Hellman from Stanford (California), defined the Diffie-Hellman Agreement Protocol (also known as exponential key agreement) and published it in a paper entitled, “New Directions in Cryptography.” The protocol allows two autonomous systems to exchange a secret key over an untrusted network without any prior secrets. Diffie and Hellman postulated that the generation of a key could be accomplished by fundamental relationships between prime numbers. This allows communication of a symmetrical key without transmitting the actual key, but rather a mathematical portion or fingerprint.

An example of this process is system A and system B requires keying material for the DES encryption for the SA. Each system acquires the Diffie-Hellman parameters:

a large prime number p

a base number g, which is smaller than p – 1

the host then generates the final number, X, which is less than p – 2

With these three numbers (p, g, X), a new value can be generated that is unique to the system. The numbers p and g must be hard-coded or retrieved from a remote system because large prime numbers are difficult to generate.

As shown in Exhibit 4-12, a new public value is generated with these numbers, g^Xmod p. The result Y, or fingerprint, is then shared between the systems over the untrusted network. The formula is then exercised again using the shared data from the other system and the Diffie-Hellman parameters. The results will be mathematically equivalent, regardless of the value of the Diffie-Hellmann parameters, and can be used

to generate a symmetrical key. If each system executes this process successfully, they will have matching symmetrical keys without transmitting the key itself. The Diffie-Hellman protocol was finally patented in 1980 (U.S. 4,200,770) and is such a strong protocol that there are currently 128 other patents that reference Diffie-Hellman.

An added feature of Diffie-Hellman is the Station to Station (STS) protocol that leverages asymmetrical encryption to further protect the Diffie-Hellman (DH) key.

The Diffie-Hellman process has one primary weakness in the standard protocol: it is vulnerable to man-in-the-middle attacks.

Assume for a minute that an attacker knew that two individuals were going to establish communications using symmetrical encryption, and could intercept and control communications between the two peers. Once again, one can use the ever-present Alice and Bob to explain the relatively simple process. Alice creates the DH value and sends it to Bob so that Bob can create the necessary key for the following encrypted communications. Unfortunately, Alice’s DH key is consumed by the attacker and denies it from Bob, but sends his own DH key to Bob in place of the one expected from Alice. Of course, as Bob sends his DH key, the attacker executes the same process in reverse. The result is that Alice and Bob have established keying material with the attacker but not with each other. The attacker has become the key Exhibit 4-12. Diffie-Hellman Exchange Protocol

proxy and all communications between Alice and Bob are open to the attacker. This is a very simplified example, as most attacker scenarios are, simply because the entire process is layers of complex interactions by the attacker, but these procedures are far from impossible.

The key point is that the public value should be protected. To do so, public key cryptography can be employed to enhance the underlying Diffie-Hellman protocol. As the DH key is created and prepared to be shared with the peer, it is encrypted with the peer’s public key and then sent on its way. The simple addition of the encryption step eliminates the man-in-the-middle attack from the equation; but as with most increased security, the complexity is elevated as well. The inclusion of public key cryptography introduces all the administration required for implementing the technol-ogy. The added process is shown in Exhibit 4-13.

It is interesting to note that each property required to create a Diffie-Hellman public value can be different. In other words, the prime number and base number can be different on each peer; of course, the host-generated number will be unique as well. The actual mathematical properties of the Diffie-Hellman procedure are well beyond the scope of this book, but the basic components have been introduced and

Exhibit 4-13. Diffie-Hellman Exchange Protocol with the use of public key cryptography p

their role in IPSec will be continually revisited in remaining chapters. The use of Diffie-Hellman is crucial to IPSec operations because the vast majority of communi-cation is encrypted with symmetrical encryption technology. As the advent of AES is integrated into the protocol to increase security and performance, Diffie-Hellman will remain as the utility to communicate key material.