Diffie-Hellman Key Exchange Modification using Blowfish Algorithm to Prevent Logjam Attack

Aldo Adrian, Maya Cendana, Silvester Dian Handy Permana

Abstract


Diffie-Hellman Key Exchange promises secure connections using modulus computation. However, there is a flaw in its implementation which makes it vulnerable, especially to an attack called Logjam Attack. Therefore, a new key exchange algorithm was developed to prevent this attack. The proposed algorithm is the result of modified DiffieHellman Key Exchange using another algorithm, namely the Blowfish algorithm. Modifications that occur in the DiffieHellman Key Exchange are at the modulus computation, which were replaced by customized Blowfish encryption algorithm. The encryption process of the Blowfish algorithm used in the proposed algorithm used 136 XOR operations every 64-bits messages, which were about to be encrypted. The Diffie-Hellman modified algorithm was implemented into programs using Java programing language. The modified algorithm program has less memory usage and execution time than Diffie-Hellman Key Exchange program, which was tested. With the replacement of modulus computations with Blowfish encryption at the main process could make the modification algorithm immune to Logjam Attack. Therefore, the use of the modification algorithm is more secured than the one without modification.

Keywords


Blowfish, Diffie-Hellman Key Exchange, Java, Logjam Attack, SSL, TLS;

Full Text:

PDF

References


Boni, S., Bhatt, J., & Bhat, S. 2015. “International Journal of Computer Applications”, Improving The Diffie-Hellman Key Exchange Algorithm by Proposing the Multiplicative Key Exchange Algorithm. Vol 130 (15). 7-10.

Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J. A., Heninger, N., Springall, D., Thome, E., Valenta, L., VanderSloot, B., Wustrow, E., Zanella-Béguelin, S., & Zimmermann, P. 2015. “CCS '15 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security”, Imperfect Forward Secrecy: How Diffie-Hellman Fails In Practice. pp 5-17.

Trustworthy Internet Movement. SSL Pulse. Accessed date: 22 February 2017. https://trustworthyinternet.org/ssl-pulse/

Shrivastava, V. & Singh, G. 2013. “IJCST”, Computer Trend with Security by RSA, DES and BLOWFISH Algorithm. Vol. 4, pp. 618- 620.

Patil, S. D. 2013. “IJRRE ST: International Journal of Research Review in Engineering Science and Technology”, Passwords Management using Blowfish Algorithm. Vol. 2, pp. 48-52.

Bhanot, R. & Hans, R. 2015. “International Journal of Security and Its Applications”, A Review and Comperative Analysis of Various Encryption Algorithm. Vol 9 (4). 289-306.

Ristic, I. 2014. Bulletproof SSL and TLS. London: Fiesty Duck.

Ahmed, M., Sanjabi, B., Aldiaz, D., Rezaei, A., & Omotunde, H. 2012. “IJESTI”, Diffie-Hellman and Its Application in Security Protocols. Vol 1(2). 69-73.

Revuelto, V. & Socha, K. 2016. “CERT-EU Security Whitepaper”, Weakness in Diffie-Hellman Key Exchange Protocol. Vol 16 (2). 1-7.

Sharma, S. & Bisht, J. S. 2015. “International Journal of Scientific Research in Network Security and Communication”, Performance Analysis of Data Encryption Algorithms. Vol. 3, pp. 1-5.

Valmik, N. K. & Kshirsagar, V. K. 2014. “IOSR – Journal of Computer Engineering”, Blowfish Algorithm. Vol. 16, 2014, pp. 80- 83.

Pfleeger, P. C., Pfleeger, S. L, & Margulies, J. 2015. Security in Computing Fifth Edition. Prentice Hall.

Ammarah, P. S., Kaul, V., & Narayankhedkar, S. K. 2014. “Proceeding ICWAC 2014”, Security Enhancement Algorithm for Data Transmission using Elliptic Curve Diffie-Hellman Key Exchange. No. 2. 10-16.

Deshmukh, S. & Patil, R. 2014. “International Journal of Computer Science and Information Technologies”, Hybrid Cryptography Technique Using Modified Diffie-Hellman and RSA. Vol 5 (6). 7302- 7304.

Ibrahem, M. K. & Ali, T. A. M. 2013. “IJCSET”, Secure Messaging System Using ZKP. Vol 3 (11). 388-393.

Kaushik, A. & Satvika. 2013. “Proceeding 2nd ICETEM”, Extended Diffie-Hellman Algorithm for Key Exchange and Management.

Kurose, J. F. & Ross, K. W. 2014. Computer Networking Sixth Edition. Boston: Pearson.

Madhuri, D. M. S., Annapurna, G, Venkataramana, C. H., & Swetha, G. 2015. “BEST: IJMITE”, Text Hiding Using RSA and Blowfish with Hash-Based LSB Tecnique. Vol 3 (4). 5-12.

Meyer, C. 2014. 20 Years of SSL/TLS Research an Analysis Of The Internet’s Security Foundation. Ruhr-University Bochum.

Rachmawanto, E. H. 2010. Teknik Keamanan Data Menggunakan Kriptografi Dengan Algoritma Vernam Cipher Dan Steganografi Dengan Metode End of File (EoF). Semarang.

Singh, S. 2013. “IJRET”, A Combined Approach Using Triple DES and Blowfish. Vol 2 (7). 63-67.

Thangavelu, S. & Vijaykumar, V. 2016. “The International Arab Journal of Information Technology”, Efficient Modified Elliptic Curve Diffie-Hellman Algorithm for VoIP Networks. Vol 13 (5). 492-500.


Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

ISSN: 2180-1843

eISSN: 2289-8131