473,287 Members | 1,613 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes and contribute your articles to a community of 473,287 developers and data experts.

Secure Symmetric Key Exchange

1. Introduction
Symmetric Key Exchange is a method where one person (classically called Bob) sends a shared key S to another person (classically called Alice) he wishes to use for an encrypted data communication line.
The classical solution takes a function f, which usually is the XOR function with the property:
f(f(A,B),A) = B and f(f(A,B),B) = A
Bob can encode S with a private key B to f(B,S) and send it to Alice.
Alice now encodes f(B,S) with a private key A to f(f(B,S),A) and returns it to Bob
Bob now removes his private key by using f(f(f(B,S),A),B) = f(A,S) and sends it to Alice
Alice removes the private key using f(f(A,S),A) = S and has the shared key.

2. Problem
On an insecure connection, a man-in-the-middle-attack can be performed, by eavesdropping on the communication between Bob and Alice. A hacker knows f(B,S), f(f(B,S),A) and f(A,S).
By calculation f(f(f(B,S),A),f(B,S)) the hacker determines A. Then by calculating f(f(A,S),A) he can determine S, and listen in on the encrypted connection.

3. Solution
If we can find another function g, where for some or all x, f(x) != g(x) but with the same property g(g(A,B),A) = B and g(g(A,B),B) = A, we can randomly choose between f and g, so a hacker does not know whether to use f or g, making the man-in-the-middle-attack unusable.
We find this function to be the XAND function which has the special property A XAND B = NOT(A XOR B) and A XOR B = NOT(A XAND B). So it’s the inverse of the XOR.
We now can use a beautiful logical property.
Let f be a function, either XOR or XAND.
Let g be a function, either XOR or XAND.
We now have the axiom f(g(f(B,S),A),B) = g(A,S). In our handshake Bob only needs f, and Alice only needs g. Because the other party does not need to know what f or g is, they can keep this a secret, making it impossible for a hacker to determine which is used. The encryption is now finalized by using XOR or XAND randomly on every bit to encode.

4. Implementation
Bob wants to send random key S to Alice.
Bob and Alice create private keys B and A.
Now Bob and Alice create a second private key with the same length as A and B, Q for Bob and R for Alice.
Bob calculates E = B XOR S.
For every bit in E we look at the bit at the same position in Q, if it is a 1 we flip the bit in E, making these bits use the XAND function. Then we send E to Alice.
Alice calculates F = A XOR E, and flips the bits of F if the corresponding bit in R is 1, and sends F to Bob.
Bob now calculates G = F XOR B, and once again flips all corresponding bits in G if the bit in Q is 1, and sends G to Alice.
Alice now calculates T = G XOR A, and flips the corresponding bits in T where the bit in R is 1.
T is now equal to S, and we can set up an encoded communication.
A hacker now can only determine R(B,S) or Q(A,S) but doesn’t know R nor B nor Q nor A so can impossibly determine S.


5. Example
Bob Alice
Shared Key 10011101 S
Private Key 10110001 B 00111001 A
Private Function Key 00110101 R 11001111 Q

Bob -> Alice: R(B,S) Alice -> Bob: Q(A,R(B,S)) = Q(A,E)
B 10110001 A 00111001
S 10011101 E 00011001
-------------- XOR -------------- XOR
X 00101100 X 00100000
R 00110101 Q 11001111
-------------- Flip X if R = 1 --------------- Flip X if Q = 1
E 00011001 F 11101111

Bob -> Alice: R(B,Q(A,R(B,S))) = R(B,F) Alice: Q(A,R(B,Q(A,R(B,S)))) = Q(A,G)
B 10110001 A 00111001
F 11101111 G 01101011
-------------- XOR -------------- XOR
X 01011110 X 01010010
R 00110101 Q 11001111
-------------- Flip X if R = 1 --------------- Flip X if Q = 1
G 01101011 T 10011101
S 10011101 Successfully sent.
Attached Files
File Type: pdf Secure_Symmetric_Key_Exchange.pdf (61.4 KB, 201 views)
Apr 20 '19 #1
0 2034

Sign in to post your reply or Sign up for a free account.

Similar topics

6
by: Sarah Tanembaum | last post by:
I was wondering if it is possible to create a secure database system using RDBMS(MySQL, Oracle, SQL*Server, PostgreSQL etc) and web scripting/programming language(Perl, PHP, Ruby, Java, ASP, etc)...
6
by: Jason | last post by:
Sorry for the post here but could not find an Exchange newgroup. I developed an application a year or 2 ago that sends SMTP email. The application allows the user to customize the text from...
1
by: Arran Pearce | last post by:
I am wanting to create a web application which will use Microsoft Exchange Server. We currently use Exchange 2000 but if i needed it we would upgrade to 2003. Is 2003 going to provide easyer...
2
by: Xarky | last post by:
Hi, I am writing a small ASP.NET application, and I need to make it secure. I was thinking of SSL but I don't know how to do it, or there exists other ways. Can someone help me out. Thanks in...
4
by: Bryan | last post by:
Ok .. im writing both a server and client aplication that need to be encrypted. I want to use the RSA Key exchange technique .. i think it resides in...
0
by: Chris Fink | last post by:
I have walked through all of the WSE 3 Hands on Labs and got everything working fine. When I create my own certificate and install it in the stores, my client application that is consuming my WSE...
4
by: Protoman | last post by:
I'm writing a Diffie-Hellman-Merkle Key Exchange Program, and, sometimes (I haven't figured out how to predict it yet), Alice's and Bob's shared symmetric key are different! This shouldn't happen!...
8
by: =?Utf-8?B?RGFuTQ==?= | last post by:
Can someone help with the following problem. I am sending an encrypted SOAP message to a .NET 2.0 + WSE 3.0 web service. When .NET attempts to decrypt the message it cannot read the private key...
3
by: ast3r3x | last post by:
I'm trying to implement the protocol used at http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf to create cookies that can't be forged. I got everything working, except I have run into...
2
by: adam.waterfield | last post by:
Maybe someone could help me a little here. On a project I am working on, we have some LDAP authentication to Active Directory which allows users to login to our application - this is fine. When...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
by: marcoviolo | last post by:
Dear all, I would like to implement on my worksheet an vlookup dynamic , that consider a change of pivot excel via win32com, from an external excel (without open it) and save the new file into a...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.