Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Security Tutorial | Edureka

CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training

Exchanging Keys between the Communicating Parties
Sam Tom

Transmitting Keys without Sharing
Alice Bob

Transmitting Keys without Sharing
Alice Bob
Common Secret

Diffie-Hellman Key Exchange
Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital
encryption that uses numbers raised to specific powers to produce decryption keys on the
basis of components that are never directly transmitted, making the task of a would-be code
breaker mathematically overwhelming
Alice Bob

Copyright © 2018, edureka and/or its affiliates. All rights reserved.
Cryptographic Explanation

CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-trainingCopyright © 2017, edureka and/or its affiliates. All rights reserved.
1
2
3
Step:1
Working of Diffie-
Hellman
Assuming a prime number and selecting its primitive root
Step:2
Step:3
➢ Assume a prime number q
➢ Select 𝛼, primitive root of q 𝛼 < q
𝛼 is a primitive root of q if:
𝛼 mod 𝑞, 𝛼2
mod 𝑞, 𝛼3
mod 𝑞, …….. 𝛼 𝑞−1
mod 𝑞
1, 2, 3, ……… q-1

1
2
3
Working of Diffie-
Hellman
Step:1
Step:2
Step:3
Finding Private key and public key of Sender and Receiver
Assume 𝑥 𝐴 (Private Key of User A)
𝑥 𝐴< q
Assume 𝑥 𝐵 (Private Key of User A)
𝑥 𝐵< q
Now, Calculate public key, 𝑦 𝐵Now, Calculate public key, 𝑦 𝐴
𝑦 𝐴 = 𝛼 𝑥𝐴
mod 𝑞 𝑦 𝐵 = 𝛼 𝑥𝐵
mod 𝑞
{ 𝑥 𝐴, 𝑦 𝐴} { 𝑥 𝐵, 𝑦 𝐵}

1
2
3
Working of Diffie-
Hellman
Step:1
Step:2
Step:3
Generating secret key at sender’s and receiver’s side
𝑥 𝐴, 𝑦 𝐵, q 𝑥 𝐵, 𝑦 𝐴, q
K= 𝑦 𝐵
𝑥 𝐴 mod 𝑞 K= 𝑦 𝐵
𝑥 𝐴 mod 𝑞

Diffie-Hellman
▪ Not an Encryption algorithm, it is a key exchange algorithm used to exchange secret or symmetric key
▪ Digital information is transmitted in an encrypted form using a shared symmetric key. But sharing a key is a
challenge when eavesdropper’s are lurking. But, what if there’s a way of transmitting a key without sharing it.
What I mean by that is what if they could somehow synthesize keys separately that could be guaranteed to
come out identical. It sounds impossible but can be done via Diffie Hellman key exchange.

Steps:
▪ 1st step is to consider a prime number
Assume prime number q
▪ Select alpha such that it is a primitive root of p and alpha should be < q
▪ Let me tell you about primitive root and how to get this primitive root

What is firewall
▪ Firewall can be a s/w program or
▪ Hardware firewall- device placed between your network and a untrusted network source (if more than one
computer is connected to a network, then it is important to protect your network from the untrusted
internet via a hardware firewall, but it is also important to protect each computer with a software firewall.
▪ All windows OS comes come with inbuilt software firewall
▪ The basic task of a firewall is to regulate the flow of traffic in between computer n/w of different trust levels
▪ Firewall checks whether the messages coming from the internet satisfy the security criteria. If they satisfy
they are passed through the firewall other wise they are blocked by the firewall
▪ Same happens with the outgoing messages. If you turn it off the messages will pass through firewall freely. As
a result hackers can access your sensitive data.
▪ It is advisible to never shut your firewall off if want to keep your system secure.

How firewalls work?
▪ It maintains the list of allowed and not allowed computers

▪ Checks for the following:
▪ Is the source IP address allowed?
▪ Is the destination IP address allowed?
▪ Is the protocol allowed?
▪ Is it the correct port for this protocol?
▪ If the answer to to all these questions are yes then the firewall will allow that data through to the internal
computer system but if the answer to any of these basic firewall rules is no then the access will be blocked

Methods used by the firewalls
▪ Packet Filtering: Firewalls filter packets that attempt to enter or leave a network and either accept or reject
them depending on the predefined set of filter rules.
▪ Application Gateway: The application gateway technique employs security methods applied to certain
applications such as Telnet and File Transfer Protocol servers.
▪ Circuit-Level Gateway: A circuit-level gateway applies these methods when a connection such as
Transmission Control Protocol is established and packets start to move.
▪ Proxy Servers: Proxy servers can mask real network addresses and intercept every message that enters or
leaves a network.
▪ Stateful Inspection or Dynamic Packet Filtering: This method compares not just the header information, but
also a packet’s most important inbound and outbound data parts. These are then compared to a trusted
information database for characteristic matches. This determines whether the information is authorized to
cross the firewall into the network.

Types of firewalls
▪ Types of firewalls
▪ Proxy firewall
▪ An early type of firewall device, a proxy firewall serves as the gateway from one network to another for a
specific application. Proxy servers can provide additional functionality such as content caching and security
by preventing direct connections from outside the network. However, this also may impact throughput
capabilities and the applications they can support.
▪ Stateful inspection firewall
▪ Now thought of as a “traditional” firewall, a stateful inspection firewall allows or blocks traffic based on state,
port, and protocol. It monitors all activity from the opening of a connection until it is closed. Filtering
decisions are made based on both administrator-defined rules as well as context, which refers to using
information from previous connections and packets belonging to the same connection.
▪ Unified threat management (UTM) firewall
▪ A UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection firewall with
intrusion prevention and antivirus. It may also include additional services and often cloud management.
UTMs focus on simplicity and ease of use.

Hardware firewall vs software firewall
▪ Home router itself act like a firewall
▪ s/w firewall is installed in a computer, it is thus called a host firewall, a hardware firewall is called appliance
firewall
▪ Since s/w firewall is installed in a PC it consumes systems resources, appliance firewall is a separate firewall
and thus has it’s own hardware and software and it doesn’t use computer’s RAM, CPU, etc.
▪ Software firewall can only protect their computer on which it is installed, while a hardware firewall can
protect all the computer in a network
▪ S/w firewall test the traffic of only the computer on which it is installed, whereas the h/w firewall tests the
traffic of entire n/w

A personal firewall is important when…
▪ When you surf the internet using an ‘always on’ broadband connection
▪ When you are connected to a public wifi
▪ When you run a home network and needs it to be kept isolated from the internet

Communicating over Internet
Hey Sam! How are you?
Hey Sam! Lend
me $100 Please
Andy Sam

What is Cryptography?
Message
1034259
1034259
110340082
E
110340082
D 1034259 Or Error
Cybersecurity refers to a set of techniques used to protect the integrity of networks,
programs and data from attack, damage or unauthorized access

Enters Cryptography
Hey Sam! How are you?
2806793004
5602132806793001 Error

Classification of Cryptography
Cryptography
Symmetric key
Cryptography
Asymmetric Key
Cryptography
Classical
Cryptography
Modern
Cryptography
Transposition
Cipher
Substitution
Cipher
Stream Cipher Block Cipher

Symmetric Key
Cryptography
Let’s talk about
Symmetric key
cryptography to
begin with

Symmetric Key Cryptography
‘
Secret key Secret key
Same key
‘
Plain Text
Plain TextCipher Text
An encryption system in which the sender and receiver of a message
share a single, common key that is used to encrypt and decrypt the
message. ... The most popular symmetric-key system is the
Data Encryption Standard (DES)

Transposition
Cipher
Alright, let’s discuss
the subset of classical
cryptography. We’ll
start with
Transposition cipher

Transposition Cipher
1 2 3 4 5 6
M E E T M E
A F T E R P
A R T Y
4 2 1 6 5 3
M E E T M E
A F T E R P
A R T Y
In cryptography, a transposition cipher is a method of encryption by which the positions
held by units of plaintext (which are commonly characters or groups of characters) are
shifted according to a regular system, so that the ciphertext constitutes a permutation of
the plaintext
Plain Text: MEET ME AFTER PARTY
Cipher Text: MEET ME AFTER PARTY
Key Used: 421635

Substitution
Cipher
Next, we’ll talk about
the 2nd type of
classical cryptography
which is Substitution
Cipher

Substitution Cipher
Method of encrypting by which units of plaintext are replaced with
ciphertext, according to a fixed system; the "units" may be single letters
(the most common), pairs of letters, triplets of letters, mixtures of the
above, and so forth
ROT13 is a Caesar cipher, a type of
substitution cipher. In ROT13 alphabet is
rotated 13 steps
Plaintext Alphabet:
Ciphertext Alphabet:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ZEBRASCDFGHIJKLMNOPQTUVWXY
Keyword: Zebras
A message of: flee at once. We are discovered!
enciphers to: SIAA ZQ LKBA. VA ZOA RFPBLUAOAR!
SIAAZ QLKBA VAZOA RFPBL UAOAR

Stream
Cipher
Having discussed the
classical
cryptography, next we
have modern
start with Stream
Cipher

Stream Cipher
A symmetric or secret-key encryption algorithm that encrypts a
single bit at a time. With a Stream Cipher, the same plaintext bit or
byte will encrypt to a different bit or byte every time it is encrypted

Block
Cipher
Having discussed the
classical
cryptography, next we
have modern
start with Stream
Cipher

Block Cipher
An encryption method that applies a deterministic algorithm along
with a symmetric key to encrypt a block of text, rather than encrypting one bit at a
time as in stream ciphers
Block Cipher
Encryption
Key
Block Cipher
Decryption
Key

Asymmetric
Key cryptography
Lastly. Let’s discuss
the asymmetric key
cryptography

Public Key Cryptography
Transaction Message
Sam’s Secret key (sk)
Sign
Verification
Transaction Message
Bobby’s Public key (pk)
Sam decides to send money
to his friend Bobby
Digital Signature
Bobby receives the
transaction

Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Security Tutorial | Edureka

Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Security Tutorial | Edureka

More Related Content

What's hot

Similar to Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Security Tutorial | Edureka

More from Edureka!

Recently uploaded

Diffie Hellman Key Exchange Algorithm | Secret Key Exchange | Network Security Tutorial | Edureka