A Non-Conventional Scheme for Enhancing Security Level in Diffie Hellman Key Exchange Protocol
Manan Soni1, Keval Sanghani1 and Prasun Chakrabarti2
1
ITM Universe, Vadodara-391510, Gujarat, India.
2
Executive Dean - Research and International Linkage and Institute Distinguished Senior Chair Professor in Department of Computer Science and Engineering, Techno India NJR Institute of Technology Udaipur-313003, Rajasthan, India and Adjunct Distinguished Professor, ITM SLS Baroda University, Vadodara-391510,
Gujarat, India.
E-mail: [email protected], [email protected], [email protected]
Abstract
Customarily, secure encoded correspondence between two gatherings necessitated that they first trade keys by some protected physical channel, for example, paper key records moved by a confided in dispatch. The Diffie–Hellman key exchange strategy permits two gatherings that have no earlier information on one another to together set up a common mystery key over an uncertain channel. This key would then be able to be utilized to scramble resulting interchanges utilizing a symmetric key figure. However, the algorithm cannot be used for different key at both ends for key trade. One of the key threats is man in the middle. Herein lies the approach of key variability and we have studied different schemes of Diffie Hellman Key Exchange with variable key.
Keywords: Diffie-Hellman key exchange, channel, symmetric key, variable key
1. Introduction
The Diffie-Hellman key Exchange algorithm takes a big Prime Number and its Primitive Root which are available publicly. The purpose of enhancing security, authenticity and integrity. Using random function for generating number, Bhunia [1- 5] generated variable key by achieving XORing bit to previous bits. The steps are:
1. Each of the two communicating parties compute initially their respective secret keys and send them to the other.
2. Each party then will compute XOR function of his first data with the secret key of the other.
3. The other (receiver) will get back the original data by XOR of the previous value with its own secret key.
4. In this manner it will continue till all data elements are sent.
Let, t1 = computational time for initial secret key
t2 = communicational time complexity from one party to the other t3 = time for a single XOR operation
n = total number of data for both parties So, time needed = t1+nt3+(n+1)t2
The computational complexity can be varied based on the operation ga.
If g is large and a is also, then the time to compute the power operation is much more.
As for example, if a = 14, then using single processor (multiplier), 13T clock cycles will be needed assuming that T is the time for multiplication.
In order to reduce time complexity, the square-and-multiply method can be applied.
Then to compute g14, 5T time will be needed if time for squaring = time for multiplication = T
Another method can be applied but at the cast of hardware and hence time complexity. If a LUT is applied which will store the pow values of ga [a ranges from 1-20]. Then total time complexity = T where T is the time needed for mapping and delivering the output.
Another much faster method is that using a Barrel Shifter. This has a special condition. Only if ga is in the form of 2x then only it can be applied. [x being any value]
If we compute ga = 23, i.e. g = 2 and a = 3, then using three bits towards left in the single clock cycle we will get the result.
eg. to compute ga i.e 23 whose binary value is 10002, we will follow following steps.
ga i.e. 23 can be written as 1*23.
So, if we use three left shift operations on the binary value of 1, we will get 8 (i.e. 10002)
Time complexity = T (as in single clock cycle, shifting is done. The only limitation is that ga should be in the form of pow (2, value).
2. Methodology
The work entails enhancement of security level of Diffie-Hellman Algorithm by applying Automatic Variable Key (AVK) to achieve security by differing keys at every session and also sharing hash[6-10] for key integrity which prevents key tampering. As time increases for key to be calculate from formulas, securi ty increases and reduces chances for attacks like brute force for guessing private key or calculating shared keys [11-14].We obtained such results which are optimum of time calculation of shared key and private key with different lengths such as number with 2, 3 and 4 decimal points. Now generating shared keys for user using existing Diffie-Hellman Key Exchange algorithm.
SKA = GAVK(A) MOD(P) SKB = GAVK(B) MOD(P)
where, SKA and SKB are Shared key to exchange
AVK(A) is private key for A generated per Session AVK(B) is private key for B generated per Session G is primitive root of a big prime number(P)
3. Proposed protocol with variability concept of key
For Instance, we get random number a0a1 and to generate this to function AVK(), 1) Len equals RGN.length() (2 in our case)
2) Initialize ai and temp variable and array by 0
3) Loop (i < Len) Do
if(i equals 0) Do
Array[i] set to RGN[i]
tempx set to RGN[i]
Else Do
Array[i] set to RGN[i] XOR RGN[i-1]
tempx will set to Array[i] XOR tempx Exit
Var i will increase by 1 Exit
4) An empty object of string will be considered as “key“
5) Again, set i to 0
6) Loop (i < length of Array) Do
key will concat with key + Array[i]
Done
7) Return key to main thread
If a case is there, such as RGN is 0 then AVK will be 0 and for this false positive we will generate RGN again that is not 0 and it can be in the range of 10000.
Now, after Generating AVK, same process will take place to and Once a SKA and SKB is generated, A hash calculation will occur and It will also take place with shared keys for increased Data Integrity. For Hash Generation,
1) Let a variable hash to be initialized
2) Get MessageDigest for “SHA-256” and set to a variable md 3) Initialize byte array and convert SK to bytes and store 4) Now, Initialize temporary variable i and a buffer 5) Loop (i < length of byte array)
6) Do
Append integer of (byte[i] & 0xff) + 0x100,16)[0] in buffer temporary var i will be increased by 1
Exit
7) Hash variable will be set to buffer’s value 8) Return it to main thread or flow.
By this, the Receiver(B) can check if SKA is not tampered by comparing through generating hash from SKA from B side.
When this shared key has transmitted, same formulas of the Diffie-Hellman will take place which is mentioned below. And One thing will be noted that G, P and AVK for both will be the same during a session. It will result into SPKA = SPKB
SPKA = (SKB)AVK(A)MOD(P) SPKB = (SKA)AVK(B)MOD(P)
Where, SPK(i) is Shared Private Key which will exact same for both And i equals to Sender or Receiver.
4. Results
Figure 1. Time Taken for Generation by SK(A)/SK(B) and SPK(A)/SPK(B) in Seconds
Figure 2. Number of decimal point increases in AVK(A)/AVK(B) compare to Figure 3
Figure 3. Numbers of Decimal point increases in RGN(A)/RGN(B) Table 1. Execution Time for Calculation of Key Taken for Shared Key and
Shared Private Key in Seconds.
Generated Number
Random Generated
Variable
Generated AVK
Time taken for Generation in Seconds
P G RGNA RGNB AVKA AVKB SKA/SKB SPKA/SPKB 48337 48327 3 6 3 3 0.08792577 0.16674184 48337 48327 2 9 2 4 0.09237668 0.162935607 48337 48327 4 9 4 5 0.100679178 0.183320269 48337 48327 18 9 19 1 0.179360506 0.287518104 48337 48327 56 61 53 55 0.147231105 0.243778974 48337 48327 82 22 810 11 0.15552026 0.227922307 48337 48327 95 95 912 51 0.134247881 0.23116748 48337 48327 24 89 81 19 0.120518749 0.192043239 48337 48327 631 597 652 21014 4.103595315 7.643548211 48337 48327 778 640 7015 1715 0.655260312 1.183288131 48337 48327 764 517 712 417 0.225936915 0.338811539 48337 48327 774 118 703 11 0.191419355 0.295659545 48337 48327 327 266 315 115 0.18365548 0.265046522 48337 48327 409 80 449 22 0.141723652 0.214362923 48337 48327 584 991 51312 548 25.20555456 46.26219863 48337 48327 168 902 1714 7151 0.799718052 1.27671005
48337 48327 607 399 667 176 0.140494424 0.219656863 48337 48327 830 511 8113 770 0.767203498 1.404456671 48337 48327 2490 1481 26139 403 6.251378227 10.65950014 48337 48327 7634 8274 7157 61515 32.50966845 57.63370038 48337 48327 9505 8102 91255 8102 81.09582962 139.5726772 48337 48327 1394 417 121013 198 135.4069063 244.499056 48337 48327 4195 8169 45812 2547 19.18044797 34.41501901
Research finding: For a key, as decimal points are increases, time taken for generating both keys at both ends will increase with increases security drastically.
However, 3 numbered keys are optimum for time as well as security.
5. Diffie-Hellman using complex equation
The nature of the curse may be in the form of x+iy = m. Let P(x1, y1) is taken as the base point. In case of communication between two communicating parties A and B, the following steps can be done:
Party A Key Generation, Private Key = nA
Public Key = PA = nA*P Party B Key Generation,
Private Key = nB
Public Key = PB = nB*P
Generation of Secret Key by party A and party B KS = nA*PB (party A)
KS = nB*PA (party B)
e.g. Let the equation is x+iy = 4 … (1).
the base point is P(1, 3), value of nA is 5
and value of nB is 4.
So, public Key of party A = PA = nA*P = 5*(1, 3)
So, the equation takes the form 5+15i = 20 and hence when it is mapped, PA = (5, 15) Similarly, public Key of party B = PB = nB*P = 4*(1, 3). So, the equation takes the form 5+15i = 20 and hence when it is mapped, PB = (4, 12). The secret Key KS = nA*PB
(by party A) = 5*(4, 12) = (20, 60) (after mapping). Again, nB*PA = 4*(5, 15) = (20, 60) after mapping = KS. So, shared secret Key = (20, 60).
6. Conclusion
The work entails enhancement of security level of Diffie-Hellman Algorithm by applying Automatic Variable Key (AVK) to achieve security by differing keys at every session and also sharing hash for key integrity which prevents key tampering. As time increases for key to be calculate from formulas, security increases and reduces chances for attacks like brute force for guessing private key or calculating shared keys. The concept of complex variable in Diffie Hellman protocol has also been pointed out.
References
1. Chakrabarti P., Bhuyan B., Chaudhuri A. and Bhunia C.T., “A novel approach towards realizing optimum data transfer and Automatic Variable Key (AVK)”, International Journal of Computer Science and Network Security, 8(5), pp.241-250, 2008
2. Chakrabarti P. and Goswami P.S., “Approach towards realizing resource mining and secured information transfer”, International Journal of Computer Science and Network Security, 8(7), pp.345-350, 2008
3. Chakrabarti P., Choudhury A., Naik N. and Bhunia C.T., “Key generation in the light of mining and fuzzy rule”, International Journal of Computer Science and Network Security, 8(9), pp.332-337, 2008
4. Chakrabarti P., “Information Security: An Artificial Intelligence And Data Mining Based Approach” , International Journal of Engineering and Technology ,1(5), pp.448-453,2009
5. Chakrabarti P., “Crytic key prediction and statistical inferences thereoff”, International Journal of Computer Theory and Engineering,1(5), pp.515-518,2009
6. Bhuyan B., Chakrabarti P., Chaudhuri A., Masulli F. and Bhunia C.T. “Implementation of Automatic Variable Key with Chaos Theory and Results Thereof”, The IUP Journal of Computer Sciences, 5(4), pp. 22-32,2011
7. Chakrabarti P., Mondal G.H. and Bhunia C.T., “Various New and Modified Approaches for encryption and their comparative study”, In. Proc. First International Conference on Information Technology (INTL-INFOTECH) India, Mar 19-21(2007)p.165
8. Chakrabarti P. et.al. , “Selective DES and results thereof”, In. Proc. First International Conference on Information Technology (INTL-INFOTECH) India, Mar 19-21(2007) p.138
9. Chakrabarti P., Bhunia C.T. and Bhuyan B., “Analysis of Diffie-Hellman Key Exchange in the light of Automatic Variable Key(AVK)”, In. Proc. First International Conference on Information Technology ( INTL-INFOTECH ) India, Mar 19-21(2007).p.141
10. Chakrabarti P. ,Biswas S. and Pal U., “Cipher generation using fuzzy rule and Hamming code”, In Proc. International Conference on Globalization :Issues and Challenges. India,Dec 27- 29(2007)p.201
11. Chakrabarti P. et.al. “Enhancement of security level in quantum computing by Automatic variable key AVK) and that of speed by parallelism”, In. Proc. First International Conference on Information Technology (INTL-INFOTECH) India, Mar 19-21(2007)p.749
12. Chakrabarti P., Pal U and Debnath A., “Shared key evaluation in multiparty communication”, In Proc. International Conference on Soft Computing and Intelligent Systems, India. Dec 27- 29(2007)p.296
13. Chakrabarti P., Biswas S and Saha S., “Cryptanalysis in Data Compression and Quantum technology”, In Proc. International Conference on Sensors and related Networks, India. Dec 12-14 (2007),p.11
14. Chakrabarti P., “Intelligent schemes of cipher generation using comparison analysis and curves”, In Proc. International Conference on Soft Computing and Intelligent Systems, India. Dec 27- 29(2007)p.299
Authors
Manan Soni is a B.Tech Computer Science Engineering student in Institute of Technology and Management Universe, Vadodara. He has filed 2 Indian patents. His research interests lie in Data Science.
Keval Sanghani is a B.Tech Computer Science Engineering student in Institute of Technology and Management Universe, Vadodara. He has filed 1 Indian patent. His research interests lie in Algorithms & Optimization.
Prof Dr Prasun Chakrabarti has received his PhD (Engg) from Jadavpur University in 2009. He is working as Executive Dean (Research and International Linkage) and Institute Distinguished Senior Chair Professor, Techno India NJR Institute of Technology. He has 182 publications, 9 books and 34 filed Indian patents in his credit. He has supervised ten PhD candidates successfully. On various research assignments, he has visited Waseda University Japan (2012 availing prestigious INSA-CICS travel grant), University of Mauritius (2015), Nanyang Technological University Singapore (2015,2016,2019).
