Diffie-Hellman (Man-in-the-middle)

The Diffie-Hellman method is used in key exchange, and where two parties can generate a shared secret encryption key.

Diffie-Hellman (Man-in-the-middle)

The Diffie-Hellman method is used in key exchange, and where two parties can generate a shared secret encryption key.

Bob and Alice first need to agree on two values (g and p), where p is a prime number. Next they generate two random numbers (a and b), and exchange values. Unfortunately thus is prone to a man-in-the-middle attack, and where Eve generates two keys, with one to communicate with Bob, and the other to communicate with Alice.

Figure 1: Diffie Hellman method

Method

In this case, no matter what value Eve gets, she will return a value to both Bob and Alice, based on her random number.

For example if g=15 and p=1011, and Alice uses a random value of 5. For her key, Alice will calculate:

A=15⁵ (mod 1011)=114

If Bob takes a random value of 9. Bob will calculate:

B=15⁹ (mod 1011)=462

Eve changes Alice’s value in the tunnel to give:

114⁷ (mod 1011)=402

So, Alice receives a value of 402. She calculates a key of:

KeyAlice=402⁵ (mod 1011)=636

Bob receive a value of 426 and calculate his key of:

KeyBob= 462⁹ (mod 1011)=483

This is, of course, wrong, as the Diffie-Hellman method should give the same value. But Eve is the man-in-the-middle, so she has two keys, and basically deciphers the message, and re-encrypts.

Sample code

The following gives some sample code for the DH calculation [link]:

import random
import base64
import hashlib
import sys
g=15
p=1011
a= 5
b = 9
eve = 7
message=21
A=(g**a) % p
B=(g**b) % p
Eve1 = (A**eve) % p
Eve2 = (B**eve) % p
Key1= (Eve1**a) % p
Key2= (Eve2**b) % p
print 'g: ',g,' (a shared value), n: ',p, ' (a prime number)'
print '\n== Random value generation ==='
print '\nAlice calculates:'
print 'a (Alice random): ',a
print 'Alice value (A): ',A,' (g^a) mod p'

print '\nBob calculates:'
print 'b (Bob random): ',b
print 'Bob value (B): ',B,' (g^b) mod p'
print '\n==Alice sends value to Eve ==='
print 'Eve takes Alice\'s value and calculates: ',Eve1
print 'Alice gets Eve\'s value and calculates key of: ',Key1
print '\n==Bob sends value to Eve ==='
print 'Eve takes Bob\'s value and calculates: ',Eve2
print 'Bob gets Eve\'s value and calculates key of: ',Key2

A sample run is here [link]:

g: 15 (a shared value), n: 1011 (a prime number)
Eve’s value: 7
== Random value generation ===
Alice calculates:
a (Alice random): 5
Alice value (A): 114 (g^a) mod p
Bob calculates:
b (Bob random): 9
Bob value (B): 462 (g^b) mod p
==Alice sends value to Eve ===
Eve takes Alice’s value and calculates: 402
Alice gets Eve’s value and calculates key of: 636
==Bob sends value to Eve ===
Eve takes Bob’s value and calculates: 528
Bob gets Eve’s value and calculates key of: 483

Conclusion

The key problems of the DH method is that Bob and Alice cannot validate each other, and thus we can get a MITM attack. It also suffered from pre-computed values (Logjam) and where values for the random numbers could be pre-computed for default prime numbers. These problems have now been overcome with the help of elliptic curve methods (ECDH — Elliptic Curve Diffie Hellman), and in supporting ephemeral keys and forward secrecy. For enterprise networks, Tor, Wi-fi and many other things, ECDH is the king of the hill just now.