Authentication of Diffie-Hellman Protocol Against Man-in-the-Middle Attack Using Cryptographically Secure CRC

摘要

Diffie-Hellman key exchange (DHKE) protocol, which is also known as exponential key exchange protocol, is one of the practical ways of generating a common secret key between two communicating parties. But this protocol itself is a non-authenticated protocol; hence, the protocol is exposed to man-in-the-middle (MITM) attack. An attacker can easily hijack sender's public value. Attacker calculates his own public value and sends this value to the receiver instead of sending the original value. Attacker does the same thing when receiver replies back to the sender. After this exchange, attacker can decrypt any messages sent by both of the communicating parties. In this paper, a simple authentication mechanism is developed based on the cryptographically secure version of well-known cyclic redundancy check (CRC). A cryptographically secure CRC is capable of detecting both random and malicious errors where the CRC divisor polynomial is randomly generated and secret. A common CRC divisor polynomial is generated for both of the communicating parties. The system is capable of generating cryptographically secure random numbers which are different in every session. Here the length of the divisor polynomial for CRC must be large. In our proposed system, cryptographically secure CRC is combined with the Diffie-Hellman algorithm for checking whether the public value of the sender is changed by an attacker. MITM attack is detected successfully by using only one securely and randomly generated secret nonzero divisor polynomial of cryptographically secure CRC. The length of public keys to be sent in the Diffie-Hellman protocol and modified system are also compared to show the overhead is negligible.