472,958 Members | 2,159 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes and contribute your articles to a community of 472,958 developers and data experts.

Secure Symmetric Key Exchange

1. Introduction
Symmetric Key Exchange is a method where one person (classically called Bob) sends a shared key S to another person (classically called Alice) he wishes to use for an encrypted data communication line.
The classical solution takes a function f, which usually is the XOR function with the property:
f(f(A,B),A) = B and f(f(A,B),B) = A
Bob can encode S with a private key B to f(B,S) and send it to Alice.
Alice now encodes f(B,S) with a private key A to f(f(B,S),A) and returns it to Bob
Bob now removes his private key by using f(f(f(B,S),A),B) = f(A,S) and sends it to Alice
Alice removes the private key using f(f(A,S),A) = S and has the shared key.

2. Problem
On an insecure connection, a man-in-the-middle-attack can be performed, by eavesdropping on the communication between Bob and Alice. A hacker knows f(B,S), f(f(B,S),A) and f(A,S).
By calculation f(f(f(B,S),A),f(B,S)) the hacker determines A. Then by calculating f(f(A,S),A) he can determine S, and listen in on the encrypted connection.

3. Solution
If we can find another function g, where for some or all x, f(x) != g(x) but with the same property g(g(A,B),A) = B and g(g(A,B),B) = A, we can randomly choose between f and g, so a hacker does not know whether to use f or g, making the man-in-the-middle-attack unusable.
We find this function to be the XAND function which has the special property A XAND B = NOT(A XOR B) and A XOR B = NOT(A XAND B). So itís the inverse of the XOR.
We now can use a beautiful logical property.
Let f be a function, either XOR or XAND.
Let g be a function, either XOR or XAND.
We now have the axiom f(g(f(B,S),A),B) = g(A,S). In our handshake Bob only needs f, and Alice only needs g. Because the other party does not need to know what f or g is, they can keep this a secret, making it impossible for a hacker to determine which is used. The encryption is now finalized by using XOR or XAND randomly on every bit to encode.

4. Implementation
Bob wants to send random key S to Alice.
Bob and Alice create private keys B and A.
Now Bob and Alice create a second private key with the same length as A and B, Q for Bob and R for Alice.
Bob calculates E = B XOR S.
For every bit in E we look at the bit at the same position in Q, if it is a 1 we flip the bit in E, making these bits use the XAND function. Then we send E to Alice.
Alice calculates F = A XOR E, and flips the bits of F if the corresponding bit in R is 1, and sends F to Bob.
Bob now calculates G = F XOR B, and once again flips all corresponding bits in G if the bit in Q is 1, and sends G to Alice.
Alice now calculates T = G XOR A, and flips the corresponding bits in T where the bit in R is 1.
T is now equal to S, and we can set up an encoded communication.
A hacker now can only determine R(B,S) or Q(A,S) but doesnít know R nor B nor Q nor A so can impossibly determine S.


5. Example
Bob Alice
Shared Key 10011101 S
Private Key 10110001 B 00111001 A
Private Function Key 00110101 R 11001111 Q

Bob -> Alice: R(B,S) Alice -> Bob: Q(A,R(B,S)) = Q(A,E)
B 10110001 A 00111001
S 10011101 E 00011001
-------------- XOR -------------- XOR
X 00101100 X 00100000
R 00110101 Q 11001111
-------------- Flip X if R = 1 --------------- Flip X if Q = 1
E 00011001 F 11101111

Bob -> Alice: R(B,Q(A,R(B,S))) = R(B,F) Alice: Q(A,R(B,Q(A,R(B,S)))) = Q(A,G)
B 10110001 A 00111001
F 11101111 G 01101011
-------------- XOR -------------- XOR
X 01011110 X 01010010
R 00110101 Q 11001111
-------------- Flip X if R = 1 --------------- Flip X if Q = 1
G 01101011 T 10011101
S 10011101 Successfully sent.
Attached Files
File Type: pdf Secure_Symmetric_Key_Exchange.pdf (61.4 KB, 183 views)
Apr 20 '19 #1
0 1938

Sign in to post your reply or Sign up for a free account.

Similar topics

6
by: Sarah Tanembaum | last post by:
I was wondering if it is possible to create a secure database system using RDBMS(MySQL, Oracle, SQL*Server, PostgreSQL etc) and web scripting/programming language(Perl, PHP, Ruby, Java, ASP, etc)...
6
by: Jason | last post by:
Sorry for the post here but could not find an Exchange newgroup. I developed an application a year or 2 ago that sends SMTP email. The application allows the user to customize the text from...
1
by: Arran Pearce | last post by:
I am wanting to create a web application which will use Microsoft Exchange Server. We currently use Exchange 2000 but if i needed it we would upgrade to 2003. Is 2003 going to provide easyer...
2
by: Xarky | last post by:
Hi, I am writing a small ASP.NET application, and I need to make it secure. I was thinking of SSL but I don't know how to do it, or there exists other ways. Can someone help me out. Thanks in...
4
by: Bryan | last post by:
Ok .. im writing both a server and client aplication that need to be encrypted. I want to use the RSA Key exchange technique .. i think it resides in...
0
by: Chris Fink | last post by:
I have walked through all of the WSE 3 Hands on Labs and got everything working fine. When I create my own certificate and install it in the stores, my client application that is consuming my WSE...
4
by: Protoman | last post by:
I'm writing a Diffie-Hellman-Merkle Key Exchange Program, and, sometimes (I haven't figured out how to predict it yet), Alice's and Bob's shared symmetric key are different! This shouldn't happen!...
8
by: =?Utf-8?B?RGFuTQ==?= | last post by:
Can someone help with the following problem. I am sending an encrypted SOAP message to a .NET 2.0 + WSE 3.0 web service. When .NET attempts to decrypt the message it cannot read the private key...
3
by: ast3r3x | last post by:
I'm trying to implement the protocol used at http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf to create cookies that can't be forged. I got everything working, except I have run into...
2
by: adam.waterfield | last post by:
Maybe someone could help me a little here. On a project I am working on, we have some LDAP authentication to Active Directory which allows users to login to our application - this is fine. When...
0
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
0
by: Aliciasmith | last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
0
tracyyun
by: tracyyun | last post by:
Hello everyone, I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
2
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
3
NeoPa
by: NeoPa | last post by:
Introduction For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
1
by: Teri B | last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course. 0ne-to-many. One course many roles. Then I created a report based on the Course form and...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM) Please note that the UK and Europe revert to winter time on...
0
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
2
by: GKJR | last post by:
Does anyone have a recommendation to build a standalone application to replace an Access database? I have my bookkeeping software I developed in Access that I would like to make available to other...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.