Authentication of Diffie-Hellman Protocol Against Man-in-the-Middle Attack Using Cryptographically Secure CRC

2018 ◽  
pp. 139-150 ◽  
Author(s):  
Nazmun Naher ◽  
Asaduzzaman ◽  
Md. Mokammel Haque
Keyword(s):  
Diffie Hellman ◽  
Man In The Middle

scholarly journals Traceable and Authenticated Key Negotiations via Blockchain for Vehicular Communications

2019 ◽  
Vol 2019 ◽  
pp. 1-10
Author(s):  
Yuling Chen ◽  
Xiaohan Hao ◽  
Wei Ren ◽  
Yi Ren
Keyword(s):  
Data Sharing ◽  
Unmanned Vehicles ◽  
Vehicular Communications ◽  
Ongoing Research ◽  
Packet Dropping ◽  
Security Scheme ◽  
Diffie Hellman ◽  
Man In The Middle ◽  
The Subject ◽  
Key Negotiation

While key negotiation schemes, such as those based on Diffie–Hellman, have been the subject of ongoing research, designing an efficient and security scheme remains challenging. In this paper, we propose a novel key negotiation scheme based on blockchain, which can be deployed in blockchain-enabled contexts such as data sharing or facilitating electric transactions between vehicles (e.g., unmanned vehicles). We propose three candidates for flexible selection, namely, key exchanges via transaction currency values through value channels (such as the amount in transactions), automated key exchanges through static scripts,and dynamic scripts, which can not only guarantee key availability with timeliness but also defend against MITM (man-in-the-middle) attacks, packet-dropping attacks, and decryption failure attacks.

Adding Channel Security to a Fingerprint Verification Chain

2017 ◽  
Author(s):  
Matthias Wenzl ◽  
Daniel Kluka
Keyword(s):  
Communication Channel ◽  
Negative Impact ◽  
Small Companies ◽  
Fingerprint Verification ◽  
Diffie Hellman ◽  
Man In The Middle ◽  
Read Request ◽  
Run Time ◽  
Diffie Hellman Key Exchange ◽  
Comparison Algorithms

Authenticating persons using fingerprints is a widely accepted method in the field of access control, border control, prosecution and many others. Today, fingerprint modules with customizable firmware can be bought commercially off the shelf by hobbyists and small companies to be used in their applications and are usually locally separated from a controller implementing the feature extraction and comparison algorithms. As a matter of fact, the communication channel between the sensor and the controller module is susceptible to eavesdropping and man in the middle attacks. Nevertheless, adding communication channel security to such a system has a direct negative impact on the system’s response time, thus directly affecting user acceptance. The aim of this paper is to provide a comprehensive investigation on measures to counter run-time degredation when adding communication channel security on behalf of an existing fingerprint verification chain. We show that a combination of the elliptic curve Diffie-Hellman key exchange together with AES-256 and the use of parallelization using OpenMP on a controller node leads to an acceptable run time making key creation and exchange upon every fingerprint read request a suitable undertaking.

scholarly journals Protection against man-in-the-middle attack in Banking Transaction using Diffie Hellman key Exchange Algorithm

IJARCCE ◽  
2017 ◽  
Vol 6 (4) ◽  
pp. 307-311
Author(s):  
Mr. Ajeet Kumar Bhartee ◽  
Neha Pal ◽  
Abhishek Verma
Keyword(s):  
Key Exchange ◽  
Exchange Algorithm ◽  
Diffie Hellman ◽  
Man In The Middle ◽  
Diffie Hellman Key Exchange

scholarly journals Emerging Security Challenges for Ubiquitous Devices

2021 ◽  
pp. 3-18
Author(s):  
Mirosław Kutyłowski ◽  
Piotr Syga ◽  
Moti Yung
Keyword(s):  
Large Scale ◽  
Covert Channels ◽  
Large Scale Systems ◽  
Identity Information ◽  
Diffie Hellman ◽  
Security Challenges ◽  
Man In The Middle ◽  
Cryptographic Algorithms ◽  
Diffie Hellman Key Exchange ◽  
Implicit Identity

AbstractIn this chapter we focus on two important security challenges that naturally emerge for large scale systems composed of cheap devices implementing only symmetric cryptographic algorithms. First, we consider threats due to poor or malicious implementations of protocols, which enable data to be leaked from the devices to an adversary. We present solutions based on a watchdog concept—a man-in-the-middle device that does not know the secrets of the communicating parties, but aims to destroy covert channels leaking secret information. Second, we deal with the problem of tracing devices by means of information exchanged while establishing a communication session. As solutions such as Diffie-Hellman key exchange are unavailable for such devices, implicit identity information might be transmitted in clear and thereby provide a perfect means for privacy violations. We show how to reduce such risks without retreating to asymmetric algorithms.

scholarly journals A New Method to Analyze the Security of Protocol Implementations Based on Ideal Trace

2017 ◽  
Vol 2017 ◽  
pp. 1-15
Author(s):  
Fusheng Wu ◽  
Huanguo Zhang ◽  
Wengqing Wang ◽  
Jianwei Jia ◽  
Shi Yuan
Keyword(s):  
Code Generation ◽  
Source Code ◽  
Security Analysis ◽  
Memory Access ◽  
New Method ◽  
Pointer Analysis ◽  
C Language ◽  
Model Extraction ◽  
Diffie Hellman ◽  
Man In The Middle

The security analysis of protocols on theory level cannot guarantee the security of protocol implementations. To solve this problem, researchers have done a lot, and many achievements have been reached in this field, such as model extraction and code generation. However, the existing methods do not take the security of protocol implementations into account. In this paper, we have proposed to exploit the traces of function return values to analyze the security of protocol implementations at the source code level. Taking classic protocols into consideration, for example (like the Needham-Schroeder protocol and the Diffie-Hellman protocol, which cannot resist man-in-the-middle attacks), we have analyzed man-in-the-middle attacks during the protocol implementations and have carried out experiments. It has been shown in the experiments that our new method works well. Different from other methods of analyzing the security of protocol implementations in the literatures, our new method can avoid some flaws of program languages (like C language memory access, pointer analysis, etc.) and dynamically analyze the security of protocol implementations.

scholarly journals Diffie-Hellman Key Exchange through Steganographied Images

2018 ◽  
Vol 10 (1) ◽  
pp. 147-160
Author(s):  
Amine Khaldi
Keyword(s):  
Digital Signature ◽  
Data Exchange ◽  
Key Exchange ◽  
Private Key ◽  
Diffie Hellman ◽  
Man In The Middle ◽  
Diffie Hellman Key Exchange ◽  
Set Up ◽  
Secure Channel

Purpose – In a private key system, the major problem is the exchange of the key between the two parties. Diffie and Hellman have set up a way to share the key. However, this technique is not protected against a man-in-the-middle attack as the settings are not authenticated. The Diffie-Hellman key exchange requires the use of digital signature or creating a secure channel for data exchanging to avoid the man-in-the-middle attack. Methodology/approach/design – We present a Diffie-Hellman key exchange implementation using steganographied images. Using steganography made invisible the data exchange to a potential attacker. So, we will not need a digital signature or creating a secure channel to do our key exchange since only the two concerned parts are aware of this exchange. Findings – We generate a symmetric 128-bit key between two users without use of digital signature or secure channel. However, it works only on bitmap images, heavy images and sensitive to compression.

scholarly journals SPDH - A Secure Plain Diffie-Hellman Algorithm

2012 ◽  
Author(s):  
Henrik Tange ◽  
Birger Andersen
Keyword(s):  
Elliptic Curve ◽  
Secure Communication ◽  
Public Key Cryptography ◽  
Public Key ◽  
Wireless System ◽  
Eavesdropping Attack ◽  
Replay Attacks ◽  
Diffie Hellman ◽  
Man In The Middle ◽  
Shared Secret

Secure communication in a wireless system or end-to-end communication requires setup of a shared secret. This shared secret can be obtained by the use of a public key cryptography system. The most widely used algorithm to obtain a shared secret is the Diffie–Hellman algorithm. However, this algorithm suffers from the Man-in-the-Middle problem; an attacker can perform an eavesdropping attack listen to the communication between participants A and B. Other algorithms as for instance ECMQV (Elliptic Curve Menezes Qo Vanstone) can handle this problem but is far more complex and slower because the algorithm is a three-pass algorithm whereas the Diffie–Hellman algorithm is a simple two-pass algorithm. Using standard cryptographic modules as AES and HMAC the purposed algorithm, Secure Plain Diffie–Hellman Algorithm, solves the Man-in-the-Middle problem and maintain its advantage from the plain Diffie–Hellman algorithm. Also the possibilities of replay attacks are solved by use of a timestamp.

scholarly journals Vibration-based Key Exchange among Multiple Smart Devices on the Desk

2016 ◽  
Vol 21 (2) ◽  
pp. 33-43
Author(s):  
Alisa Arno ◽  
Kentaroh Toyoda ◽  
Yuji Watanabe ◽  
Iwao Sasase ◽  
P. Takis Mathiopoulos
Keyword(s):  
Performance Evaluation ◽  
Data Sharing ◽  
Key Exchange ◽  
Smart Devices ◽  
Secure Communications ◽  
Indoor Environments ◽  
Experimental Performance ◽  
Diffie Hellman ◽  
Man In The Middle

Abstract Eavesdropping is an important and real concern in mobile NFC (Near Filed Communication) payment and data sharing applications. Although the DH (Diffie-Hellman) scheme has been widely used in key exchange for secure communications, it may fail in indoor environments due to its vulnerability against man-in-the-middle attack. In this paper, we propose a new vibration-based key exchange among multiple smart devices which are placed on a desk. In this scheme, devices are assumed to be located next to each other with each of them vibrating with patterns converted from a key to be exchanged. The vibration patterns are measured by an accelerometer and each key is recovered from the measured acceleration. The proposed scheme has been implemented using Android smartphones and various experimental performance evaluation results have validated its effectiveness.

Sign in / Sign up

Export Citation Format

Share Document