Enhancement of Security of Diffie-Hellman Key Exchange Protocol using RSA Cryptography.

Cryptography is related and referred to as the secured transmission of messages amongst the sender and the intended receiver by ensuring confidentiality, integrity, and authentication. Diffie – Hellman (DH) key exchange protocol is a well-known algorithm that would generate a shared secret key among the sender and the intended receiver, and the basis of cryptosystems for using public and private key for encryption and decryption process. But it is severely affected by the Man in the Middle (MITM) attack that would intercept and manipulate thus eavesdropping the shared secret key. This paper proposes a model of integrating the public-key RSA cryptography system with the DH key exchange to prevent the MITM attack. The performance of the proposed work has been compared to the DH Key Exchange algorithm as well as RSA Cryptosystem to conclude for effectiveness of the proposed model.


Introduction
Cryptography is branch of information security that deals with the concealment of messages to ensure and serve the vital needs of maintaining confidentiality, integrity, and authentication. Security of data can be breached easily and thus, needs to be secured utilizing the most efficient systems available. Cryptographers have developed several such systems in order to achieve the same. In fact, it is an ongoing research on the security level of the cryptosystem for secured message transmission from the authentic sender to the intended receiver [2]. Cryptosystems are widely classified into traditional and modern approaches. But the modern approaches are highly recommended as the traditional cryptosystems such as Caesar Cipher, Vigenère Cipher are susceptible to attacks with ease. Modern cryptosystems are then further bifurcated based on the type of keys being shared among the users in the systems. If it is a shared secret (single) key, then it is symmetric cryptosystemstream or block ciphers. Otherwise, the other classification is asymmetric cryptosystem. Figure 1 enlists the various types of asymmetric cryptosystem as well [3].
Diffie -Hellman (DH) Key-Exchange Algorithm is based on the idea of asymmetric cryptosystem [1]. For two hypothetic users -Alice and Bob, this algorithm generates a shared secret key among them with the help of public and private keys of Alice as well as Bob [ Table 2]. But every algorithm is having a susceptibility towards attack, in the similar fashion it is prone to MITM attack. Such an attack involves intercepting the public keys of Alice and generating a shared secret key known to all the three including the adversary. Table 3 details the attack on the DH Key exchange protocol [6].
The proposed work focuses on inculcating the RSA cryptosystem to secure the DH Key Exchange Algorithm for minimum or no effect of MITM attack.

Related Works.
The proposed model is an engender of the literature review of [3], [4], [5], [6], [9] and [15]. Table 1 below elucidates the related works and the proposed models by the authors of the literature reviewed articles in the field of DH Key Exchange and the RSA. Proposed an efficient approach of preventing DH Key Exchange against the MITM attack. In their proposed model, they have used Geffe generator to yield a sequence of binary characters with high randomness to ensure nontransmission of the secret keys through channel rather hashed and stored in the server. J.E. Avestro, A.M. Sison, R.P. Medina. [4] Proposed model is based on hybrid cryptography of modified Diffie -Hellman key exchange algorithm and RSA in order to prevent MITM attack, thus resulting in a secure algorithm. They have implemented it in such a manner that two-tier security is ensured. In-A Song, Young-Seok Lee. [5] The authors have given a suggestion of a protocol to prevent the MITM attack. They have achieved it by using timestamp along with compare to the already existing approaches. Proper examination and analysis aid them in concluding with the results. A. Taparia, S.K. Panigrahy, S.K. Jena. [6] Research work was entitled on presenting a three-round key-exchange protocol but with minimum user interference along with the cover of security by combining commitment scheme with the authentication strings to seize the MITM effects. They also concluded that their results can be used for wireless networks. Tianjie Cao, Dongdai Lin. [9] It was the joint venture of the entitled authors to figure out and conclude the susceptible nature of the Authenticity of Password in the Key-Exchange based on RSA to dictionary attacks. Their major focus throughout the paper lies in the cryptanalysis of the password validation. P. Yellamma, C. Narasimham, V. Sreenivas. [15] Discussion and implementation RSA in data storage as well as security in the cloud has been the focus and the novelty of their work, thus inferring that this public-key cryptosystem has the ability to provide high level of required security when it comes to concealment approach for data of high potential.
Thus, as cited in the list above, the related works are concentric about the security attack to which the DH key exchange protocol is susceptible to as well as the security level provided by the RSA cryptographic system using its encryption-and-decryption techniques. The subsequent sections of the paper discussed about those protocols and methodologies, followed by the proposed model.

Algorithms
Prior to discussion of the proposed model and illustrating it with required citations as well as snapshots of executed code, pre-requisite is knowledge about the cryptography system and the protocol used to arrive at the intended result of the work.

Diffie -Hellman Key -Exchange Algorithm
It a protocol that involves sharing of the public keys amongst the sender and receiver to yield a shared secret key for further message transfer through encryption methodology [3]. This protocol is used for generating keys in the ElGamal and ECC cryptosystems [2]. It is demonstrated in table 2 and figure 2.
Assume, Alice and Bob are two users where both would like to establish such a communication among themselves that it remains concealed and secured. The finally obtained shared secret key 'k' is the common key to be used by Alice and Bob for encryption and decryption. It would follow in such a manner that Bob deciphers the encrypted text received from Alice using 'k' [1]. Thus, both the sides computed values of 'k' must be the same values for encryption and decryption purposes [7].

Alice
• 'a' as secret key Here,  and  are the public keys. 3 Exchange of public keys :  is shared with Bob and  is shared with Alice Thus , k(Alice) = k(Bob) where k is the shared secret key.

Man-in-the-Middle (MITM) attack on DH Key Exchange Protocol
Illustration in the figure 2 states the fact that an eavesdropper in the middle would serve as the man in middle. DH Key Exchange is highly susceptible to the MITM attack that involves interference of a third person who intercepts the public keys while they get exchanged [2].
Assume that Eve is the third person and is willing to figure out the communication happening amidst Alice and Bob. [2] He tries and does successfully interception of the public key shared by Alice to Bob. So, the possible attack occurs in the 3rd step, which is illustrated in figure 3. Once Eve, having his own private keys, gets the knowledge of Alice public key, would now compute his own public key using his own private key and shares it with Bob. Unfortunately, Bob comprehends the received public key as the public key shared by Alice and thus uses it for further computation of the secret key value of 'k' (as in step 4 of table 3). Eve shares his public key with Alice as well, making her feel that it is the public key shared by Bob and thus she also uses it to calculate 'k'. [2]

Initiation :
Agreement on large prime number and base generator, 'p' and 'g' respectively, such that : (p,g > 0) and (p>g) 2

Alice
• 'a' as secret key and calculates  = g a (mod p) (1) Bob • 'b' as secret key and calculates  = g b (mod p) (2) Thus this step involves computing the public keys( and ) by their own private keys . The classical Diffie-Hellman key exchange protocol remains the same till the current step. 3

RSA Cryptography
RSA Cryptography is a publickey asymmetric cryptosystem, developed and proposed by Rivest-Shamir-Adleman [13]. As the name entails, asymmetric (or non-symmetric) cryptosystem involves two keys: public and private key. Message hiding or encryption, done using public key while decrypting the encrypted message on the receiver side requires the use of the private or the secret key [8].
RSA is a public key cryptosystem; thus, it involves both public keys and private keys. It is generally based on the basic idea of one-way trapdoor function; its properties make it easy to share the public keys without security threat to the private key [14]. It involves three distinct phases [ Table 4] of key generation, encryption followed by decryption [11]. The key generation would involve random generation of two distinct prime numbers, which are known only to Alice and Bob [10]. Further steps and phases involved in RSA is enlisted below. The mathematics involved in this process is calculation of inverse and modulus(remainder). Choose random prime number as e, such that : (i) 1 < e < (n) (ii) ( e, (n) ) are co-primes. 4 Secret key 'd' is calculated as : d ≡ e -1 (mod (n))

5
Public key = { e, n } → shared with Bob Secret key = {d , n} → Kept with herself Encryption Phase : done by Bob , intended sender.

6
'm' is the message Bob will transfer to Alice.
For that, he hides it as 'C' using the following RSA encryption strategy : Ciphertext, C ≡ M e (mod n) Bob encrypts his message and thus C , the encrypted version of the message is sent to Alice.
Decryption Phase : done by Alice, intended receiver.

7
Alice receives message C from Bob through an insecure channel.
He understands it is an encrypted message and thus decrypts it using her own secret key 'd'.
m ≡ C d (mod n) Alice achieves to receive the correct and intended message m , sent by Bob.
Notable remark over here is only when the prime numbers P, Q are known to any person only then RSA would be susceptible to attack of an adversary otherwise which breaking the system to discover the encrypted message being transferred is nearly impossible [12].

Limitations and Scope
The scope of the discussed paper lies within easy-to-understand integer values with the limitations of extensive work for higher number of key-size bits.

Proposed Work (Research Methodology).
The proposed methodology involves the integration of RSA encryption/decryption technique in the DH Key Exchange. The algorithm is described in the table 5 with illustration-aided validation in the subsequent table 6 validating the proposed model. Random generation of large prime numbers : p, q, X and g such that : • 0 < g < p , 0 < g < q , p ≠ q and g < X So, 'p' and 'q' : large and distinct prime numbers and at the same time greater than the value of the base generator 'g'. Note - • 'p' and 'q' : secret and known only to Alice and Bob.
• Decrypting received message  = R2 ≡ 84 37 (mod 143) = 6 Thus, the public key of Alice is shared with Bob with confidentiality ensured.

Implementation and working of RSA-Integrated DH Key-Exchange Protocol.
Alice and Bob are two users who wish to communicate among themselves in a secured manner. They make a proposal that their public keys should be encrypted such that when shared and exchanged are known only to them and no one else can intercept it. The proposed model integrates the RSA system into the Diffie-Hellman Key Exchange algorithm to meet the same. Initially it generates 4 large nonnegative , non-zero random numbersp, q, X and g such that they meet certain necessary conditions: • p and q are distinct • p, q are larger than the base generator 'g' value • global element X is greater than 'g' • p and q are kept private while X, g are global elements. This is followed by RSA protocol of determining 'n' and '(n)' values required to compute the public and private keys of each of the users. As mentioned in step 2 of table 4 as well as table 5, • n = product(p,q) • (n) = product((p-1), (q-1)). (n) is regarded as the Euler's totient function. Now, Alice and Bob agrees on a randomly generated value 'e' such that (n) and 'e' are co-primes (mathematically, it refers to their greatest common divisor as 1) as well as (n) is larger to the value of 'e'. Alice and Bob select their own secret keys 'a' and 'b' respectively such that (a, b) < X. Modulo inverse of 'e' with respect to (n) results in the another set of private keys 'd1' and 'd2' computations by Alice and Bob respectively while 'α' and 'β' are determined by Alice and Bob as exponential functions of g with their respective secret keys, modulus X. Since the proposed system majorly involves DH key exchange algorithm, following steps would involve exchange of the computed public keys of Alice and Bob amongst themselves over an insecure channel. Prior to this, the initially computed 'e' and 'n' would be used to encrypt the public keys 'α' and 'β'. Any third-party attacker requires to have the prior knowledge of 'p' and 'q' in order to break those ciphertexts since 'n' is a product of those secret large prime numbers. Encryption of the public keys would be followed by exchanging those ciphers amongst the users -Alice and Bob. The computed set of private keys 'd1' and 'd2' would suffice in helping the users to decrypt the received ciphers to gain the originally shared public keys. Once Alice has decrypted the public key of Bob using 'd1' and Bob of Alice using 'd2', DH exchange algorithm follows in determining the shared secret keys 'k1' and 'k2' using respective secret keys and the decrypted public keys.
As explained above, an adversary may aim to determine the ciphers exchanged but it would be nearly impossible to break the value of the product of the secretly kept large prime numbers.

Results and Discussions.
RSA-Integrated DH-Key exchange algorithm involves both the Diffie-Hellman key-sharing protocol as well as the RSA cryptosystem. It becomes immensely important to compare the performance of the newly proposed system with respect to the used systems in the model. Also important to note is the fact that the proposal made would be less prone to the MITM attack unlike the classical DH key exchange algorithm.
The implementation of the proposed model is displayed in Figure 4, along with the time taken to execute the proposed algorithm. This is an approach that details the merge of RSA cryptosystem in the DH Key Exchange for concealment of the public keys exchanged amongst Alice and Bob. Performance Analysis of this model [ Table 7] can be performed in contrast to the already established and existing models.
It is definite to mark that complexity of the algorithm, proposed in Section 5, would be higher than the existing methodologies of RSA cryptosystem and the DH Key Exchange Algorithm. But it would be definitely less or not prone to the MITM attack where the eavesdropper would not be able to decipher the encrypted public keys without the knowledge of the secret key computed based on the RSA scheme, and thus can be defined as a better approach for preventing the MITM attack of the Key Exchange Protocol.

Conclusion and Future Work
The paper has introduced a model that would amalgamate the RSA cryptosystem phases of key generation, encryption and decryption into the well-known DH Key Exchange for preventing the latter to be prone to the MITM attack.
In future, extension to the current model would be primary focus for implementation within the cryptosystems that utilizes DH Key Exchange Protocol for key-generation. Also, examining higher values for input to ensure no breach to security throughout public key exchange would even be considered in the long run.