Method for Authentication of Diffie ‒ Hellman Values Based on Pre-Distributed Random Sequences and Wegman ‒ Carter One-Time Pad Algorithm

A method of authentication of keys generated by the Diffie-Hellman method is investigated in the context of the use of a man-in-the-middle attack by an attacker. It is assumed that the users Alice and Bob, who form the key, have pre-distributed random bit strings a and b, respectively, obtained either from some source or generated by themselves based on data obtained from magnetometers or accelerometers from mobile devices. The attacker has no access to these chains. A method for authenticating Diffie ‒ Hellman values (DH values) is proposed. For this purpose, the message (DH-value) is divided by Alice into N blocks. For each block, an authenticator is calculated using the Wegman ‒ Carter algorithm with a one-time pad keys, which are sequences a and b. The DH-value and authenticators are transmitted over the channel to Bob, who calculates authenticators from the received DH-value and compares them with the authenticators received from the channel. If the number of unauthenticated blocks does not exceed the set threshold, then DH-value authentication is considered successful. But the drawback of this method is a little disagreement between authenticating strings of different users. The formulas for probabilities of the undetected deception and the false alarm (due to the mismatch of chains a and b) are proved. The optimization of the method parameters (the number of blocks and the length of the authenticator) is carried out, at which the consumption of the authentication key (chains a and b) is minimized when the specified requirements for the probability of the undetected deception and the false alarm are met. Examples of the choice of authentication parameters for a 256-bit DH-value are given.

1. Diffie M., Hellman M. New directions in cryptography. IEEE Transactions on Information Theory. 1976;22(6):644–654. DOI:10.1109/TIT.1976.1055638

2. Mirzadeh S., Cruickshank H., Tafazolli R. Secure Device Pairing: A Survey. IEEE Communications Surveys & Tutorials. 2014;16:17–40. DOI:10.1109/SURV.2013.111413.00196

3. Zeng K. Physical layer key generation in wireless networks: challenges and opportunities. IEEE Communications Magazine. 2015;53(4):20–27. DOI:10.1109/MCOM.2015.7120014

4. Zhang J., Duong T.Q., Marshall A., Woods R. Key Generation from Wireless Channels: a Review. IEEE Access. 2016;4: 614–626. DOI:10.1109/ACCESS.2016.2521718

5. Jin R., Shi L., Zeng K., Pande A., Mohapatra P. MagPairing: Pairing Smartphones in Close Proximity Using Magnetometer. IEEE Transactions on Information Forensics and Security. 2016;6:1304–1319. DOI:10.1109/TIFS.2015.2505626

6. Mc Cune J., Perring A., Reiter M. Seeing-is-believing: using camera phones for human-verifiable authentication. Proceedings of the Symposium on Security and Privacy, S&P'05, 8–11 May 2005, Oakland, USA. IEEE; 2005. p.110–124. DOI:10.1109/ SP.2005.19

7. Saxena N., Ekberg J.-E., Kostiainen K., Asokan N. Secure Device Pairing Based on a Visual Channel. Proceedings of the Symposium on Security and Privacy, S&P'06, 21–24 May 2006, Berkeley/Oakland, USA. IEEE; 2006. p.57–68. DOI:10.1109/SP. 2006.35

8. Prasad R., Saxena N. Efficient Device Pairing Using “Human-Comparable” Synchronized Audiovisual Patterns. Proceedings of the 6th International Conference on Applied Cryptography and Network Security, ACNS 2008, 3–6 June 2008, New York, USA. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer; 2008. vol.5037. p.328–345. DOI:10.1007/978-3-540- 68914-0_20

9. Goodrich M.T., Sirivianos M., Solis J., Soriente C., Tsudik G., Uzun E. Using Audio in Secure Device Pairing. International Journal of Security and Networks. 2009;4(1):57–68. DOI:10.1504/IJSN.2009.023426

10. Goodrich M.T., Sirivianos M., Solis J., Tsudik G. Uzun E. Loud and Clear: Human-Verifiable Authentication Based on Audio. Distributed Computing Systems. Proceedings of the 26th International Conference on Distributed Computing Systems, ICDCS 2006, 4−7 July 2006, Lisboa, Portugal. IEEE; 2006. p.1−10. DOI:10.1109/ICDCS.2006.52

11. Soriente C., Tsudik G., Uzun E. HAPADEP: Human-Assisted Pure Audio Device Pairing. Proceedings of the 11th International Conference on Information Security, ISC 2008, 15−18 September 2008, Taipei, Taiwan. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer; 2008. vol.5222. p.385–400. DOI:10.1007/978-3-540-85886-7_27

12. Mayrhofer R. Gellersen H. Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices. IEEE Transactions on Mobile Computing. 2009;8(6):792–806. DOI:10.1109/TMC.2009.51

13. Soriente C., Tsudik G., Uzun E. BEDA: Button-Enabled Device Association. Proceedings of the 1st International Workshop on Security for Spontaneous Interaction (IWSSI). Linz: Institute of Networks and Security; 2007. p.443−449.

14. Kumar А., Saxena N., Tsudik G., Uzun E. Caveat emptor: A comparative study of secure device pairing methods. Proceedings of the International Conference on Pervasive Computing and Communications, 9−13 March 2009, Galveston, USA. IEEE; 2009. p.1–10. DOI:10.1109/PERCOM.2009.4912753

15. Korpusov V., Olkhovoy O., Yakovlev V. The Research of the Random Number Generator Based on the Magnetometer. Proceedings of the VIIth International Conference on Infotelecommunications in Science and Education, 28 February−1 March 2018, St. Petersburg, Russia. St. Petersburg: The Bonch-Bruevich Saint-Petersburg State University of Telecommunications Publ.; 2018. p.488‒494. (in Russ.)

16. Yakovlev V.A. Authentication of Keys Distriburted by the Diffie − Hellman Method for Mobile Devices Based on Authentication Codes and Magnetometric Data. SPIIRAS Proceedings. 2019;18(3):705−740. DOI:10.15622/sp.2019.18.3.705-740

17. Maurer U. Information-Theoretically Secure Secret-Key Agreement by not Authenticated Public Discussion. Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques, 11–15 May 1997, Konstanz, Germany. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer; 1997. vol.1233. p.209−223. DOI:10.1007/3-540- 69053-0_15

18. Korzhik V., Yakovlev V., Morales-Luna G., Chesnokov R. Perfomance Evaluation of Keyless Authentication Based on Noisy Channel. Proceedings of the 4th International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2007, 13–15 September 2007, St. Petersburg, Russia. Communications in Computer and Information Science. Berlin, Heidelberg: Springer, 2007. vol.1. p.115−126. DOI:10.1007/978-3-540-73986-9_9

19. Yakovlev V. Authentication Method Diffie-Hellman Values Based on Pre-Distributed Binary Sequences and Strictly Universal Hash Functions // Proceedings of the X International Conference on Infotelecommunications in Science and Education, 24−28 February 2021, St. Petersburg, Russia. St. Petersburg: The Bonch-Bruevich Saint-Petersburg State University of Telecommunications Publ.; 2021. p. 693‒698. (in Russ.)

20. Yakovlev V., Korzhik V., Adadurov S. Authentication of Diffie-Hellman Protocol for Mobile Units Executing a Secure Device Pairing Procedure in Advance. Proceedings of the 29th Conference of Open Innovations Association, FRUCT, 12−14 May 2021, Tampere, Finland. IEEE; 2021. DOI:10.23919/FRUCT52173.2021.9435495

21. Wegman M.N., Carter J.L. New Hash Functions and their Use in Authentication and Set Equality. Journal of Computer and System Sciences. 1981;22(3):265−279. DOI:10.1016/0022-0000(81)90033-7

22. Carter J.l., Wegman M.N. Universal classes of hash functions. Journal of Computer and System Sciences. 1979;18(2):143−154. DOI:10.1016/0022-0000(79)90044-8

23. Maurer U. Secret key agreement by public discussion from common information. IEEE Transactions on Information Theory. 1993;39(3):2535–2549.

24. GOST Р 34 12-2015. Information Technology. Cryptographic Information Protection. Block Ciphers. М.: Standartinform Publ.; 2015. (in Russ.).

25. FIPS 197. Specification for the ADVANCED ENCRIPTION STANDARD (AES). Nov.2001.