Abstract—An efficient and reliable key-establishment
method is the most important building block of any secure
cryptographic channels. Public-key cryptography was a
revolution in cyber security key administration and enabled
peers to dynamically create keys for each cryptographic session.
The Diffie-Hellman (DH) algorithm is the first published
public-key cryptosystem. DH and its variants are extensively
investigated, standardized, and widely used in network security
protocols. However, DH is vulnerable to some concerning
mathematical, implementation-related and network-specific
attacks. Defending against these attacks is important in secure
implementation of DH in network protocols. This paper
categorizes various attacks on DH scheme with focuses on
attacks related to the DH integration in network protocols
(referred as network-specific attacks). Furthermore, we
comparatively review the approaches taken by commercial
protocols to tackle network attacks and analyze the strength of
these solutions.
Index Terms—Key-exchange, DH, ECDH, MiTM, DoS, reply
attack, SSH, ZRTP, SSL/TLS, IPsec, IKEv2.
Iraj Fathirad and John Devlin are with the Department of Electronic
Engineering, La Trobe University, Victoria 3086, Australia (e-mail:
I.fathirad@latrobe.edu.au, J.devlin@latrobe.edu.au).
Sepidehsadat Atshani is with Faculty of Business, Economics and Law,
La Trobe University, Victoria 3086, Australia (e-mail:
satshani@students.latrobe.edu.au).
[PDF]
Cite:Iraj Fathirad, John Devlin, and Sepidehsadat Atshani, "Network-Specific Attacks on Diffie-Hellman Key-Exchange in Commercial Protocols," International Journal of Computer Theory and Engineering vol. 8, no. 2, pp. 129-135, 2016.