Diffie-Hellman Man-in-the-middle attack

17 January 2016

Learn how to carry a Man-in-the-middle attack against the Diffie-Hellman key exhange with a Python script.

Introduction

The Diffie-Hellman protocol is a method for two users to generate a shared private secret with which they can then exchange information across a public channel. This protocol is mostly used to secure a variety of network services.

A Diffie-Hellman key exchange by itself does not provide authentication of the communicating parties and is thus vulnerable to a man-in-the-middle attack.
An attacker may establish two distinct key exchanges between the two parties, allowing it to decrypt, then re-encrypt the messages transmitted between them.

The Diffie-Hellman key exchange

Alice and Bob want to exchange information across an insecure channel.
The Python code below is a simple implementation of the Diffie-Hellman protocol.

[ Alice ]---------------------[ Bob ]

#!/usr/bin/env python
from random import getrandbits

g = 2
p = 0xF36E2495C4A214F8A498AC594894C19B
bits = 128

# Generate Alice's secret and public keys (a, A)
a = getrandbits(bits)
A = pow(g, a, p)

# Generate Bob's secret and public keys (b, B)
b = getrandbits(bits)
B = pow(g, b, p)

# Generate the shared secrets
sa = pow(B, a, p)
sb = pow(A, b, p)

if sa == sb:
    print("Alice and Bob share the same secret : {:x}".format(sa))

g is the generator
p is a prime
a is Alice's secret
b is Bob's secret
A is Alice's public key
B is Bob's public key
sa and sb are Alice's and Bob's shared key

Man-in-the-middle attack against Diffie-Hellman

This time a malicious thrid party, Mallory, is able to modify messages between Alice and Bob.
Mallory knows p the prime, and g the primitive root modulo p.

[ Alice ]-----[ Mallory ]-----[ Bob ]

#!/usr/bin/env python
from random import getrandbits

g = 2
p = 0xF36E2495C4A214F8A498AC594894C19B
bits = 128

# Generate Alice's secret and public keys (a, A)
a = getrandbits(bits)
A = pow(g, a, p)

# Generate Bob's secret and public keys (b, B)
b = getrandbits(bits)
B = pow(g, b, p)

# Generate Mallory's secret and public keys (m, M)
m = getrandbits(bits)
M = pow(g, m, p)

# Generate the shared secrets
sam = pow(M, a, p)
sma = pow(A, m, p)

sbm = pow(M, b, p)
smb = pow(B, m, p)

if sam == sma:
    print("Alice and Mallory share the same secret : {:x}".format(sam))

if sbm == smb:
    print("Bob and Mallory share the same secret : {:x}".format(sbm))

m is Mallory's secret
M is Alice's public key
sam and sma are Alice's and Mallory's shared key
sbm and smb are Bob's and Mallory's shared key