Secure Peer Connection: MitM Protection

TL;DR

Yes, a secure channel can be established between two strangers without a man-in-the-middle (MitM) attack using the Diffie-Hellman key exchange combined with authentication. This guide explains how to do it practically.

Establishing a Secure Channel

1. Key Exchange Protocol: Diffie-Hellman
• Diffie-Hellman allows two parties to generate a shared secret over an insecure channel without ever transmitting the secret itself.
• It relies on mathematical properties of modular exponentiation.
2. Generate Key Pairs (Both Peers)

Each peer needs to independently generate a private key and corresponding public key.

openssl genrsa -out peer1_private.pem 2048

openssl rsa -in peer1_private.pem -pubout -out peer1_public.pem

(Repeat for Peer 2)

3. Exchange Public Keys

Peers exchange their public keys over the insecure channel. This is safe because only the public key is shared.

4. Calculate Shared Secret (Both Peers)

Each peer uses their private key and the *other* peer’s public key to calculate a shared secret.

openssl pkeyutl -derive -pkey peer1_private.pem -inkey peer2_public.pem -out peer1_shared_secret

(Repeat for Peer 2, swapping keys)

5. Authentication: Digital Signatures

Diffie-Hellman alone doesn’t prevent a MitM from impersonating one of the peers. We need authentication.

• Each peer signs their public key with their private key using a digital signature algorithm (e.g., RSA).
• The other peer verifies the signature using the signer’s public key. This proves the identity of the key owner.
6. Sign Public Key (Peer 1)

openssl dgst -sha256 -sign peer1_private.pem -out peer1_public.sig peer1_public.pem

7. Verify Signature (Peer 2)

openssl dgst -sha256 -verify peer1_public.pem -signature peer1_public.sig

(Repeat for Peer 2, swapping keys)

8. Symmetric Encryption: Using the Shared Secret

Once authenticated, use the shared secret to generate a symmetric encryption key (e.g., using KDF – Key Derivation Function).

openssl kdf -pbkdf2 -digest sha256 -salt  -iter 10000 peer1_shared_secret -out symmetric_key

Use the symmetric key to encrypt all further communication (e.g., with AES).

9. Protecting Against Replay Attacks
• Include a nonce (number used once) in each message. This prevents an attacker from re-sending old messages.
• Timestamp messages and reject those that are too old.

Important Considerations

• Key Management: Securely store private keys.
• Random Number Generation: Use a cryptographically secure random number generator for key generation.
• Salt: The salt used in the KDF must be unique and unpredictable.
• Implementation Libraries: Use well-vetted cryptography libraries (e.g., OpenSSL, libsodium) to avoid common pitfalls.