STUDY OF VARIOUS PROTOCOLS

TACKLING MAN IN THE MIDDLE ATTACK

PROJECT REPORT
BACHELOR OF TECHNOLOGY
(COMPUTER SCIENCE ENGINEERING)

SUBMITTED BY:
SHUCHI SAREEN
01814 8
 ABSTRACT
 Internet is made up of millions of interconnected
computers that share information. Security of vital
information is imperative for any communication.
 Cryptography is the science of protecting data using
complex mathematics which converts this data into
unreadable form, so that only intended users can
access this information.
 RSA is the most preferred Cryptosystem today , but
is not feasible for miniature devices like Wsn’s
because of resource constraints in such devices.
 Elliptic Curve Cryptography is an alternate to the
RSA as it provides same level of Security .
 Elliptic Curve Diffie-Hellman key exchange
mechanism based upon elliptic curve cryptography,
has been specifically studied and its limitation i.e
Man-in-the-middle attack has been discussed with
much smaller key size.
 ABBREVIATIONS

ECC – Elliptic Curve Cryptography

ECDH – Elliptic Curve Diffie-Hellman
ECDLP – Elliptic Curve Discrete
Logarithm Problem
CA – Certification Authority
SIP – Session Initiation Protocol
MITM – Man in the Middle
 INTRODUCTION
 Cryptography is the practice and study of the
techniques used to communicate and/or store
information or data privately and securely,
without being intercepted by third parties .
 Cryptography uses complex mathematics which
converts data into unreadable form, so that only
intended user can access this information.
 It deals with secure communication over an
insecure channel e.g. Alice (sender) wants to
send a secret message to Bob (receiver) over a
channel in presence of an eavesdropper Eve
(attacker).
Any Cryptosystem has to ensure three things :
• Data Confidentiality i.e. only those with the
rights and privileges to access information can do so.

• Data Integrity i.e. information has not been

corrupted, damaged, destroyed or disrupted during
transmission.

• Data Authentication i.e. the data received

during a communication is original and from the
person/party the receiver was expecting it from.

• Non-repudiation i.e. the person who has sent the

message cannot later deny having send the message .
 TYPES OF CRYPTOGRAPHY
Symmetric Key Encryption
• Caesar Cipher : It shifts all
the letters in a piece of text by a
certain number of places. The
key for this cipher is a letter
which represents the number of
place for the shift. . For eg :A
key 'D' means shift 3 places.
• The One-Time Pad : Its
effect is that given any
ciphertext, and any plaintext of
the same length, there is always
a key that decrypts the
ciphertext to the plaintext.
Asymmetric-Key Encryption
• RSA : In RSA cryptography, both
the public and the private keys
can encrypt a message; the
opposite key from the one used to
encrypt a message is used to
decrypt it.
• Elliptic Curve
Cryptography (ECC):
It operates on a groups of points over
an elliptic curve. Its security stems
from hardness of elliptic curve
discrete logarithmic problem
(ECDLP).
 Comparison between RSA and ECC in
Table 1:

terms of security equivalence.

Key Length Key length of Ratio of
of RSA ECC RSA/ECC
512 106 5:1

768 132 6:1

1024 160 7:1

2048 210 10 : 1
 WHAT IS AN ELLIPTIC CURVE ?
 A curve E over a finite field FP is an Elliptical Curve if it is of the form :
y2 = x3 + Ax +B , where A & B ∈ FP .

 The Elliptical Curve E may also be defined as a set such that,

E = { (x,y) | y2 = x3 + Ax +B} ∪ { O}, where ‘O’ is the point at infinity .

 The Elliptical Curve E has the following domain parameters

(FP,a,b,G,n,h) where :
 ‘FP’ is the finite field over which the elliptical curve is defined.
 ‘a’ & ‘b’ are elements of the elliptical curve equation.
 ‘G’ is the generator point that can generate all other points of the
same elliptical curve,.
 ‘n’ is the Order of the Generator point ‘G’.
 ‘h’ is the co-factor.
ELLIPTICAL CURVE OF THE FORM : Y2=X3-X+1
ELLIPTICAL CURVE DISCRETE LOG
PROBLEM (ECDLP):
• In the elliptical curve group (E,+) defined over a finite field FP for
some prime no ‘P’, let ‘G’ be a generator point which gives every
other point in the group.
• When this point ‘G’ is added ‘n’ number of times to itself, the
point addition yields another point ‘Q’ belonging to the same
Elliptical curve.
• This can be represented as :
 G + G + G + G +…9………….+ G = Q
 nG = Q
• Given the fact that ‘G’ and ‘Q’ are known, finding ‘n’ becomes
infeasible. This problem of finding ‘n’ is called as Elliptical Curve
Discrete Log Problem. Choosing a suitably large Field makes
searching more difficult .
 ELLIPTICAL CURVE DIFFIE-HELLMAN
(ECDH):
 ECDH is a key agreement/exchange scheme that enables two or more entities to
communicate through an insecure channel and generate a secret key.

 In this scheme the participants agree upon a value called a key. The participants
also agree to certain domain parameters such as (a,b,p,G) where :

 ‘a’ & ‘b’ are elements of the elliptical curve equation.

 ‘p’ is some prime number.
 ‘G’ is the generator point that can generate all other points of the same elliptical
curve.

 Each of the participant contributes to the final key and cannot know it on its own.

 ECDH uses point addition property on Elliptical Curves. The scheme starts with
creating a keyed one-way function which takes in two inputs – a Generator Point and a
private key(an integer) –, multiplies the two to get an output that becomes the public
key which will also be a point on the Elliptical Curve. All the participants in the key
exchange scheme have their own public keys which they transmit to the other
participant(s).
MATHEMATICALLY, THIS CAN BE REPRESENTED AS:
K.G=Q
WHERE ‘K’ REPRESENTS THE PRIVATE KEY, ‘G’ IS THE
GENERATOR POINT AND ‘Q’ BECOMES THE PUBLIC KEY.
 MAN IN THE MIDDLE ATTACK IN ECDH
A SORT OF ATTACK, WHEREIN AN ATTACKER SETS IN HIMSELF BETWEEN
TWO COMMUNICATING SYSTEMS TO CAPTURE THEIR DYNAMIC
COMMUNICATION IS CALLED A MAN IN THE MIDDLE ATTACK.
 SOLUTIONS TO MITM ATTACK
Certification Authority :
 A certificate authority or certification authority (CA) is an
entity that issues digital certificates.
 A digital certificate certifies the ownership of a public key
by the named subject of the certificate.
 A digital certificate is an electronic “passport” that allows a
person, computer or organization to exchange information
securely over the Internet using the public key
infrastructure(PKI).
 A digital certificate may also be referred to as a public key
certificate. A certificate is essential in order to circumvent
a malicious party which happens to be on the route to a
target server which acts as if it were the target.
 A certificate authority (CA) is an organization that stores
public keys and their owners, and every party in a
communication trusts this organization (and knows its
public key).
 SIP (SESSION INITIATION PROTOCOL)
• In 1999, Internet Engineering Task Force (IETF) proposed the Session Initiation
Protocol(SIP). It is a text based peer-to-peer protocol and can be widely used for
controlling multimedia communication sessions.
• The security of SIP authentication is based on the challenge-response mechanism.
Before the authentication procedure starts, the client user pre-shares a password
with the server. This pre shared password is used to verify the identity of the client
user or the server.
• The original SIP authentication scheme proceeds as follows :
Step 1: Client Server: REQUEST
The client sends a REQUEST to the server.

Step 2: Server Client: CHALLENGE (nonce, realm)

The server generates a CHALLENGE that includes a nonce and the client’s realm.
Note that the realm is used to prompt the username and password. Then the server
sends a CHALLENGE back.

Step 3: Client Server: RESPONSE (nonce, realm, username,

response)
The client computes a response = F (nonce, username, password, realm) where F (.)
is a one-way hash function. Then the client sends the RESPONSE to the server.
 TSAI’S AUTHENTICATION SCHEME
a) Registration Phase:- When a user wants to register and become a new legal
user, this user must first submit his/her username and password to remote server.
b) Authentication Phase:- If a legal user wants to login in system, he/she must type
his or her username and password. All steps of authentication phase execute
as following:

 Step 1: U→S: REQUEST (username, Nc)

 Step 2: S → U: CHALLENGE (realm, Ns)
 Step 3: U → S: RESPONSE (username, realm)
 Step 4: When S receives the response message, S uses
Ns, Nc, PW to compute the message. If the computed
message is not the same as response ,then S rejects the
user request. Otherwise, S accepts the connection. After
mutual authentication between S and U, SK =Ns is used as
a session key.
 ARSHAD AND IKRAM PROTOCOL
FOR SIP BASED ON ECC
• R. Arshad and N. Ikram did a cryptanalysis of Tsai’s scheme and showed
that it cannot resist the password guessing attack, stolen verifier attack,
known key secrecy and perfect forward secrecy.
• Registration phase: When U wants to register and become a new
legal user, U and S execute the following steps over a secure channel.
 Step 1: U S: {username, PW}
 Step 2: S computes the password verifier VPW = HPW ⊻ HKS for U.
 Step 3: S stores U’s username and VPW in the user account database.
• Authentication phase : If a legal user wants to login into S, he/she
must type his/her username and PW. All steps of authentication phase
executed as follows :
 Step 1: U S: REQUEST (username, R1)
 Step 2: S U: CHALLENGE (realm, R1, h1)
 Step 3: U S: RESPONSE (username, realm)
 Step 4: Upon receiving the response message, S computes the message and
verifies whether it is equal to the received response. If they are not equal, S
rejects the user response message. Otherwise, S authenticates U and accepts
the user’s login request.
 COMPARISON OF STUDIED PROTOCOLS
 In 2008, Tsai proposed an efficient authentication scheme for SIP using
only one way hash functions and exclusive XOR operations.
 In 2011 Arshad et al did a cryptanalysis of Tsai’s scheme and showed
that it cannot withstand the offline password guessing attack, stolen
verifier attack. It also does not provide known key security, perfect
forward secrecy and anonymity.
 In 2011 Arshad et al gave a mutual authentication scheme for session
initiation protocol. The Arshad et al scheme did not provide anonymity
to the user.
 Hongbin Tang and Xinsong Liu in 2012 did a cryptanalysis of Arshad et
el scheme and showed that it cannot resist the offline password
guessing attack.
 In 2014 Zezhong Zhang, Qingqing Qi, Neeraj Kumar, Naveen
Chilamkurti and Hwa-Young Jeong gave a secure authentication
scheme for session initiation protocol using elliptical curve
cryptography.
 This scheme is secure against replay attack, password guessing
attack, modification attack, stolen verifier attack and it provides mutual
authentication, session key security, known key security, perfect
forward secrecy and anonymity.
 Tsai’s Scheme Arshad et al Zhang et al Scheme
Scheme
Man in the middle secure secure secure
attack
Replay Attack secure secure secure

Password Guessing Insecure Insecure secure

Attack
Modification Attack secure secure secure

Stolen-verifier Insecure secure secure

attack
Mutual Provided Provided Provided
Authentication
Session key security Provided Provided Provided

Known key secrecy Not Provided Provided Provided

Perfect forward Not Provided Provided Provided

secrecy
 CONCLUSION AND FUTURE WORK
 This study explores the most important aspect of any communication
system i.e. security. A commonly used key exchange mechanism Elliptic
Curve Diffie-Hellman has been extensively studied to show the infamous
Man-in-the-middle attack it suffers from.
 The work has analysed various protocols that have been proposed so far
to tackle this problem. Many of those protocols still lack in some aspect
which have been identified.
 The Tsai scheme for SIP suffered from the offline password guessing
attack and stolen verifier attack. It did not provide known key secrecy,
perfect forward secrecy and anonymity.
 Arshad et al gave a better scheme for SIP but it did not provided
anonymity and suffered from the offline password guessing attack.
 Zhang et al gave a secure scheme for SIP that tackles all the above
mentioned attacks and also provides anonymity.
 A Secure protocol that tackles all the known drawbacks of the studied
protocols can be presented in the near future.
THANKYOU