Researching Neural Network and Applying for Secret Key Exchange
Truong, Sy (2021)
2021
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202104306480
https://urn.fi/URN:NBN:fi:amk-202104306480
Tiivistelmä
While cyber-attacks have been increasing through the years, the key exchange protocols, for example, Diffie-Hellman key exchange protocol implementation, remain inadequate in terms of security that attackers can exploit to steal or change the confidential information of users and organizations worldwide. In addition, hackers have used the advantages of machine and technology to increase the likelihood of success and reduce the execution time of an attack.
The Diffie-Hellman protocol is vulnerable to man-in-the-middle attack since it establishes public secrecy to be used for secure data exchange over an insecure public channel. To explain the man-in-the-middle attack to the Diffie-Hellman secret key exchange protocol, a competitor called Eve intercepts Alice’s transmitting value as Alice transmits a public key to Bob and sends her own values to Bob. Eve substitutes the value of Bob with her own value and gives it to Alice as Bob transfers the public key onto Alice. Eve and Alice then settle a common key, and Eve and Bob agree on a separate common key. After this exchange, Eve will simply decode and read all the messages sent by Alice and/or Bob before re-encrypting with the correct key and sending it to the other side.
To tackle the weakness of Diffie-Hellman key exchange protocol, a symmetric encryption method based on the fast synchronization of two identically structured Tree Parity Machine model is proposed. In the beginning, two parties enter their individual randomly generated weight vector. The vectors can be seen as their secrets. The Tree Parity Machine models then synchronize with each other as they exchange the outputs through the public channel. When the outputs of two machines are identical, the weight value is updated. The process repeats itself until the weight values are the same on both machines; and weight value is the secret key.
Since only the outputs of the Tree Parity Machine models are exchanged through public channel, it is safer for the secret key as it is generated on both machines at the same time rather than being transmitted from one party to another using public channel. In the worst-case scenario, the attackers can eavesdrop messages between parties A and B; however, he/she does not have enough time to change them due to the synchronization process requires a short amount of time to complete. Furthermore, this approach can also deal with another reputational cyber-attack, named brute force. By K hidden neurons, K x N input neurons and boundary of weights L, the attack must test (2L + 1)KN possible key. For example, the configuration K =
Bachelor’s thesis: Researching Neural Network and Applying for Secret Key Exchange
3, L = 3 and N = 100 gives the program 3 x 10253 possibilities, making the attack impossible with the presently computer power.
Besides the advantages, there are issues that need to be considered when applying this approach. First and foremost, the issue when building an artificial network is choosing the learning algorithm for it. Nearly, any algorithm will accomplish the goal with the precision of the metrics for training of pre-fixed datasets. However, the choice and navigation of the algorithm for training on these datasets require a considerable number of experimentations, which is vastly important. On a model, if choosing a suitable algorithm and evaluation function, the neural network can give great results.
In conclusion, even though this implementation is not completely secure, the ideas behind chaotic synchronization could potentially lead to a more secure approach. On the other hand, this protocol, in comparison to the Diffie-Hellman protocol, guarantees the safety of the process and reduces the damage of a cyber-attack. To improve the security of the protocol, it is recommended to update the hidden layers as well as the neurons in hidden layers; or changing the value of weight matrix increase the complexity of the algorithm and reduce the attacker’s ability to hack the key.
The Diffie-Hellman protocol is vulnerable to man-in-the-middle attack since it establishes public secrecy to be used for secure data exchange over an insecure public channel. To explain the man-in-the-middle attack to the Diffie-Hellman secret key exchange protocol, a competitor called Eve intercepts Alice’s transmitting value as Alice transmits a public key to Bob and sends her own values to Bob. Eve substitutes the value of Bob with her own value and gives it to Alice as Bob transfers the public key onto Alice. Eve and Alice then settle a common key, and Eve and Bob agree on a separate common key. After this exchange, Eve will simply decode and read all the messages sent by Alice and/or Bob before re-encrypting with the correct key and sending it to the other side.
To tackle the weakness of Diffie-Hellman key exchange protocol, a symmetric encryption method based on the fast synchronization of two identically structured Tree Parity Machine model is proposed. In the beginning, two parties enter their individual randomly generated weight vector. The vectors can be seen as their secrets. The Tree Parity Machine models then synchronize with each other as they exchange the outputs through the public channel. When the outputs of two machines are identical, the weight value is updated. The process repeats itself until the weight values are the same on both machines; and weight value is the secret key.
Since only the outputs of the Tree Parity Machine models are exchanged through public channel, it is safer for the secret key as it is generated on both machines at the same time rather than being transmitted from one party to another using public channel. In the worst-case scenario, the attackers can eavesdrop messages between parties A and B; however, he/she does not have enough time to change them due to the synchronization process requires a short amount of time to complete. Furthermore, this approach can also deal with another reputational cyber-attack, named brute force. By K hidden neurons, K x N input neurons and boundary of weights L, the attack must test (2L + 1)KN possible key. For example, the configuration K =
Bachelor’s thesis: Researching Neural Network and Applying for Secret Key Exchange
3, L = 3 and N = 100 gives the program 3 x 10253 possibilities, making the attack impossible with the presently computer power.
Besides the advantages, there are issues that need to be considered when applying this approach. First and foremost, the issue when building an artificial network is choosing the learning algorithm for it. Nearly, any algorithm will accomplish the goal with the precision of the metrics for training of pre-fixed datasets. However, the choice and navigation of the algorithm for training on these datasets require a considerable number of experimentations, which is vastly important. On a model, if choosing a suitable algorithm and evaluation function, the neural network can give great results.
In conclusion, even though this implementation is not completely secure, the ideas behind chaotic synchronization could potentially lead to a more secure approach. On the other hand, this protocol, in comparison to the Diffie-Hellman protocol, guarantees the safety of the process and reduces the damage of a cyber-attack. To improve the security of the protocol, it is recommended to update the hidden layers as well as the neurons in hidden layers; or changing the value of weight matrix increase the complexity of the algorithm and reduce the attacker’s ability to hack the key.