*2.4.3 Diffie-Hellman (DH) key exchange algorithm*

Key exchange algorithms are cryptographic methods that generate cryptographic shared keys that are shared among users. After Alice and Bob agree on a shared key, they can use it in HMAC, and they can also use it in symmetric encryption algorithms to encrypt or to decrypt files. Alice encrypts file using one of the symmetric algorithms and sends it to Bob. Bob in turn uses the same symmetric algorithm to decrypt the file. Note that Alice and Bob must agree on a shared key before using symmetric algorithm. Many key agreement protocols have been proposed. The Diffie-Hellman (DH) algorithm [12] is a very popular example that introduces a key exchange protocol using the discrete logarithm problem [13]. DH algorithm enables Alice and Bob to exchange secure keys over an insecure channel.

**Figure 2** shows the mechanism of DH. The values g and p are public parameters known to Alice and Bob, whereby p is a prime number and g (generator of p) is an integer less than p. This means that for all every number n between 1 and p-1, there is a power k of g such that n = gk mod p. Both Alice and Bob choose a secret random integer number, a and b, respectively. After that, Alice sends to Bob (gb mod p), and Bob sends to Alice (gb mod p). Finally, they agree on a secret key by using this formula ((ga ) b mod p).

**Figure 3** shows that a "man-in-the-middle" (Mallory) can listen and modify the conversation messages between Alice and Bob. In so doing, she can convince Alice and Bob that they are communicating with each other while in fact both are communicating with Mallory [7]. Moreover, **Figure 3** shows that the main vulnerability in the DH protocol is that it does not have an authentication process. Several

#### **Figure 2.**

*Diffie-Hellman key exchange algorithm. Alice and Bob agree on a secret key over an insecure channel. The secret key that they agree on is computed as (ga)b mod p.*

**Figure 3.**

*A Diffie-Hellman weakness. A man-in-the-middle (e.g., Mallory) impersonates Alice to agree on a shared key with Bob. Also, she impersonates Bob to agree on a shared key with Alice.*

versions of DH protocol exist to overcome this problem, for example, by using DH with digital signature [11]. Diffie et al. [14] enhance a Diffie-Hellman protocol with an authentication process, whereby Alice and Bob must authenticate themselves using a digital signature. Alice and Bob must have a pair of keys (public key and private key) and a certificate for the public key. So, during execution of DH protocol, Alice and Bob transmit massages with signature; Mallory cannot forge the signature because she needs to share Alice's private key and Bob's private key.

The DH algorithm relies on heavy computation, which may not be suitable to resource-constrained platforms.

### **3. Related work**

There are many researches that target covert channel undetectability [15–17], but most of the works have drawbacks and lack in channel detectability (Girling [18] in 1987). He creates three covert channels through a local area network (LAN): two of them are storage channels, and the third is a timing channel. The two storage channels depend on "what-is-sent" strategy, whereby one of them depends on the frame size, which is sent by the sender. If the frame size equals to 256, the amount of covert information decoded by receiver, who monitors the sender activity on the LAN, would be 8 bits. On the other hand, the timing channel depends on the time that represents the time interval between successive sends. The time difference between successive sends may be odd or even, and the prior agreement between the sender and receiver (who monitors the time between successive sends) is such

**113**

**Figure 4.**

*Secure Communication Using Cryptography and Covert Channel*

that the odd time means bit "0" and even time means bit "1." So, the timing channel

Some researches, Fatayer et al. [15–17], try to use covert channel as benign channel, and it can be used to send legal information between the client and server. They used gaps in memory to create covert channel. Also, they used the channel to send text and audio files in acceptable time. The proposed technique depends on preagreement database which consists of original keys and its corresponding fake keys. Each original key has multiple fake keys. The database consist of the characteristics of clients; each feature represents an original key, and it has multiple fake keys. **Figure 4** figures out the pre-agreement between the client and server before using

Customer asks cloud provider to access his resources. The summarization of approach is as follows. First, pre-agreement between the server and client is shown in **Figure 4**. Second, the customer sends a packet which contains "Fakei" attribute belongs to a specific customer (e.g., name) to the cloud provider. Third, the cloud provider will analyze the packet and make sure that the "Fakei" belongs to which customer. If yes, the provider goes to next step. Fourth, the cloud provider will ask for extra information to verify the customer and then he sends a packet that contains another fake key to the customer. Fifth, the customer receives the packet and he verifies the packet. The customer will send the required information to cloud provider such as one of the fake keys of email. Seventh, the cloud provider will analyze the packet to make sure that the "Fakei" (email) belongs to which customer. If yes, the cloud provider will accept the request. Eight, steps from 4 to 7 are considered the first level of security, so if these steps are repeated more than one time, it

A new detection approach of covert timing channel is proposed by Fahimeh et al. [25], where this approach enables to detect covet time channel through traffic distribution. They used statistical test to measure the network traffic online.

TCP/IP protocol is used to create covert channel that is targeted by many researchers, where they used TCP to hide information [19–22]. Zhang et al. [6] propose covert channel to transfer messages to control (increasing or decreasing) the period of silence in traffic of VoLTE traffic. Create covert channel through hiding information in IP fields [20, 23]. Mead et al. [24] propose timing covert channel for wireless communication; they developed android application to communicate through local area network and mobile network. The results show that the channel is very undetectable in spite of the existence of malware and intrusion

*DOI: http://dx.doi.org/10.5772/intechopen.82580*

detection system.

covert channel.

can achieve multilevel of security.

*Database as pre-agreement between the client and server.*

obviously depends on "when-is-sent" strategy.

#### *Secure Communication Using Cryptography and Covert Channel DOI: http://dx.doi.org/10.5772/intechopen.82580*

*Computer and Network Security*

*secret key that they agree on is computed as (ga)b mod p.*

**Figure 2.**

**Figure 3.**

versions of DH protocol exist to overcome this problem, for example, by using DH with digital signature [11]. Diffie et al. [14] enhance a Diffie-Hellman protocol with an authentication process, whereby Alice and Bob must authenticate themselves using a digital signature. Alice and Bob must have a pair of keys (public key and private key) and a certificate for the public key. So, during execution of DH protocol, Alice and Bob transmit massages with signature; Mallory cannot forge the signature

*A Diffie-Hellman weakness. A man-in-the-middle (e.g., Mallory) impersonates Alice to agree on a shared key* 

*Diffie-Hellman key exchange algorithm. Alice and Bob agree on a secret key over an insecure channel. The* 

The DH algorithm relies on heavy computation, which may not be suitable to

There are many researches that target covert channel undetectability [15–17], but most of the works have drawbacks and lack in channel detectability (Girling [18] in 1987). He creates three covert channels through a local area network (LAN): two of them are storage channels, and the third is a timing channel. The two storage channels depend on "what-is-sent" strategy, whereby one of them depends on the frame size, which is sent by the sender. If the frame size equals to 256, the amount of covert information decoded by receiver, who monitors the sender activity on the LAN, would be 8 bits. On the other hand, the timing channel depends on the time that represents the time interval between successive sends. The time difference between successive sends may be odd or even, and the prior agreement between the sender and receiver (who monitors the time between successive sends) is such

because she needs to share Alice's private key and Bob's private key.

*with Bob. Also, she impersonates Bob to agree on a shared key with Alice.*

resource-constrained platforms.

**3. Related work**

**112**

that the odd time means bit "0" and even time means bit "1." So, the timing channel obviously depends on "when-is-sent" strategy.

TCP/IP protocol is used to create covert channel that is targeted by many researchers, where they used TCP to hide information [19–22]. Zhang et al. [6] propose covert channel to transfer messages to control (increasing or decreasing) the period of silence in traffic of VoLTE traffic. Create covert channel through hiding information in IP fields [20, 23]. Mead et al. [24] propose timing covert channel for wireless communication; they developed android application to communicate through local area network and mobile network. The results show that the channel is very undetectable in spite of the existence of malware and intrusion detection system.

Some researches, Fatayer et al. [15–17], try to use covert channel as benign channel, and it can be used to send legal information between the client and server. They used gaps in memory to create covert channel. Also, they used the channel to send text and audio files in acceptable time. The proposed technique depends on preagreement database which consists of original keys and its corresponding fake keys. Each original key has multiple fake keys. The database consist of the characteristics of clients; each feature represents an original key, and it has multiple fake keys. **Figure 4** figures out the pre-agreement between the client and server before using covert channel.

Customer asks cloud provider to access his resources. The summarization of approach is as follows. First, pre-agreement between the server and client is shown in **Figure 4**. Second, the customer sends a packet which contains "Fakei" attribute belongs to a specific customer (e.g., name) to the cloud provider. Third, the cloud provider will analyze the packet and make sure that the "Fakei" belongs to which customer. If yes, the provider goes to next step. Fourth, the cloud provider will ask for extra information to verify the customer and then he sends a packet that contains another fake key to the customer. Fifth, the customer receives the packet and he verifies the packet. The customer will send the required information to cloud provider such as one of the fake keys of email. Seventh, the cloud provider will analyze the packet to make sure that the "Fakei" (email) belongs to which customer. If yes, the cloud provider will accept the request. Eight, steps from 4 to 7 are considered the first level of security, so if these steps are repeated more than one time, it can achieve multilevel of security.

A new detection approach of covert timing channel is proposed by Fahimeh et al. [25], where this approach enables to detect covet time channel through traffic distribution. They used statistical test to measure the network traffic online.


**Figure 4.** *Database as pre-agreement between the client and server.*
