Diffie-Hellman Key Exchange Documentation Writeup PDF

Preview

Summary

Explanation of a basic Client/Server implemented encryption
program using Diffie-Hellman key exchange. The algorithm establishes a
“shared secret” cryptographic key between users to allow for secure
communication over a network. Includes Screencaptures
...

Description

Diffie-Hellman Key Exchange CA304 – Computer Networks 2  The project we have written is a basic Client/Server implemented encryption program using Diffie-Hellman key exchange. The algorithm establishes a “shared secret” cryptographic key between users to allow for secure communication over a network. Although much of the information is sent over a public network, it becomes very difficult for any intruder to effectively decipher the secure information due to the numbers used for the key exchange being enormously large. This creates something called a “Discrete Logartihm Problem”, by which it is quite easy to raise a number (A) to a very large number (B) to get a result (X), but becomes very hard to find out what the very large number (B) was, if given the number and result (A and X). A full description of Diffie-Hellman Key Exchange may be found on the web page provided with this project. Our program is written in the C programming language and makes use of its Unix socket infrastructure to perform these calculations across a network. The program itself is an inter-mingling of TCP Server/Client examples (Provided in the assignment specification) and the MIRACL Big Number C/C++ library (Courtesy of Mike Scott/Shamus.ie) for all of the large number calculations. The program must be compiled and run on a Linux based operating system (We used both Ubuntu and OpenSUSE). The program works by User 1 creating a server and listening in on a User defined port.

(FIG 1: User1 creates a server on port 4906) User 2 then attempts to connect to the server via a terminal, using the same port as shown in “FIG 1”.

(FIG 2: User2 attempts to connect to User1's server via port 4906) (NOTE: localhost is only used for example purposes, actual networked examples later in document)

After a connection is established, The key exchange calculations are able to begin. The process is as follows ●

● ● ● ● ● ●

●

On the client side, “p” (type big) which contains the previously defined original hardcoded Prime Text “pt” is converted to a string “primeText” using cotstr and is sent to the Server The Server receives the Client's prime number and stores it in “primeText” Both sides perform calculations using their respective primeTexts to create “pa” and “pb” Server converts “pb” to a string “pbString” and sends it to Client Client recieves “pbString”, and converts “pa” to “paString”, which is then sent to the Server. Client side: “pbString” is converted to “pb”, Server side: “paString” is converted to “pa” Both the Client and Server perform a modulo calculation using “pb” and “pa” respectively to both create “key”. Considering “key” is created using the same calculation from both Client and Server (powmod(pa,b,p,key); == powmod(pb,a,p,key);), since both calculations are essentially the same, the outcome “key” is also the same. Allowing both Client and Server to have a shared secret. The key is then output by both the Server and Client for the user to examine. The sockets are then closed and the program ends.

Problems and Solutions  While working on this assignment, a few issues arose which we found quite difficult to deal with. The most noticable problem we had was the inability to create a non-hard coded large prime number for each run. We attempted to create a function to create a large prime number using some code found in the MIRACL library, however we were unable to create a suitable inplementation for this project. We resigned ourselves to using the hardcoded large prime number contained in the example (pk-demo). Taking input from the command line to redirect to either Client/Server also posed a problem. Nearly all of the Server/Client code was taken from examples (tcps.c and tcpc.c), however, both of these were included in a main function in seperate files. Both the Server and Client are each given their own function in our code, to which the Port/Machine information is passed to in the form of arguments, These command line arguments are redirected by inputting 'S' or 'C' into the command line as the 2nd  argument (1st  being the file name). The 2nd  argument is then compared to 'S' or 'C' characters (Depending on if the information is bound for server or client) using the string compare (strcmp) function, if the input is correct, the information is passed to the corresponding function, if not, an error is returned to the user. (The port number is converted

from a string to an integer using the atoi() function). We are also using exit(-1) to exit if any error occurs, however that required the addition of the STDLIB header file to the top of the file to allow for its usage.

Program Screenshots ...