Authentication of Diffie-Hellman Protocol for Mobile Units Executing a Secure Device Pairing Procedure in Advance

摘要

It is well known that Diffie-Hellman key distribution protocol is vulnerable to a man-in-the-middle attack for which an adversary manages to share the key with the legitimate users. In order to protect the protocol against such attack it is necessary to authenticate so called Diffie-Hellman values using some additional secret information shared by the legitimate users in advance. For mobile units using for a communication between portable devices, it is very appropriate to extract an authenticating information executing the secret device pairing process. But the drawback of this method is a little disagreement between authenticating strings of different users. The mathematical model of the described scenario is a binary symmetric channel without memory. An authentication method based on the use of such additional strings slightly corrupted by errors and followed by executing the hash functions chosen from strongly universal- hash function class is considered. The formulas for probabilities of the undetected deception and the false alarm are proved. In addition, the methods of parameter optimization, i.e. the number of blocks and the full authenticator length, are proposed.