Addis Ababa Institute of Technology

School of Information Technology and Engineering

Cryptography Final Project

Encrypted Client and Server Communication with DH-key and

AES

Name ID No
1- Bikila Tariku

UGR/8089/14

Sub to : Dr. Henok Sub

date : Jan,24,2025
 1

Tables of content

Introduction 2
Project Overview 3
Architecture 3
Flow of Communication 3
User Interaction 3
Diffie-Hellman Key Exchange 4
how the initiator and acceptor exchange keys securely? 4
Initiator / Client 4
Responsibility for Key Exchange: 4
Shared Key Computation: 4
Acceptor / S e r v e r 5
Responsibility for Key Exchange: 5
Shared Key Computation: 5
AES Encryption and Decryption 6
Graphical User Interface (GUI) 9
Message Encryption/Decryption preview 10
Conclusion 15
 2

Introduction
The purpose of this project is to implement a secure communication system
using Java, involving a graphical user interface (GUI), socket programming,
and cryptographic techniques. The application comprises initiator and
acceptor that communicate over sockets.
The key objectives include the secure exchange of cryptographic keys
using the Diffie-Hellman key exchange algorithm and the subsequent
encryption and decryption of messages using the Advanced Encryption
Standard (AES) algorithm. The project aims to demonstrate a robust and secure
method of communication, ensuring confidentiality and integrity through
cryptographic protocols.
In this project, Java serves as the primary programming language for developing
the communication system. Java's platform independence, object-oriented
nature, and extensive libraries make it a suitable choice for creating robust
applications.
The project involves the creation of a Graphical User Interface (GUI) to
enhance user interaction and provide a visual representation of the
communication process. The GUI is designed to facilitate the initiation of
communication and showcase the secure exchange of messages.
Socket programming is utilized to establish communication channels
between the peer-1(initiator) and the peer-2(acceptor). Sockets enable
bidirectional data flow between the two entities, allowing for the exchange of
cryptographic keys and encrypted messages. This networking paradigm is
crucial for implementing real-time communication and ensuring a seamless
exchange of information between the server and client components of the
system.
 3

Project Overview
Our project focuses on creating a secure communication system using Java,
GUI, and advanced cryptographic techniques. The primary objective is to
establish real-time communication between a peer-1 (initiator) and a peer-2
(acceptor), ensuring the confidentiality and integrity of exchanged information.

Architecture
The architecture comprises a Graphical User Interface (GUI) for user-friendly
interaction, socket communication for bidirectional data flow, and robust error-
handling mechanisms. The Diffie-Hellman key exchange algorithm is integrated
to securely generate shared secret keys, and the Advanced Encryption Standard
(AES) is employed for message encryption and decryption, forming a resilient
foundation for secure communication.

Flow of Communication
The communication flow begins with the initialization of applications, followed
by the secure exchange of partial keys using Diffie-Hellman over sockets. This
establishes a shared secret key for subsequent communication. Messages are
encrypted by the sender using AES and securely transmitted to the receiver,
which decrypts and responds in a similar fashion. The bidirectional
communication ensures a secure and seamless exchange of information.

User Interaction
The GUI facilitates user interactions, allowing users to initiate communication
and monitor encrypted message exchanges. The system provides a responsive
interface, enhancing the overall user experience during the secure
communication process.
 4

Diffie-Hellman Key Exchange

The Diffie-Hellman algorithm is a key exchange protocol that allows two parties
to securely generate a shared secret key over an untrusted communication
channel. The algorithm was proposed by Whitfield Diffie and Martin Hellman in
1976 and forms the basis for secure key exchange in various cryptographic
protocols.
In our project Diffie-Hellman is utilized for the secure exchange of cryptographic
keys between the peer-1(initiator) and the peer-2(acceptor).
The algorithm allows the entities to agree upon a shared secret key over an
untrusted communication channel. It provides a secure method for key
negotiation without the need to transmit the actual secret key over the
network. The DH-key exchange enhances the security of the communication
system by preventing eavesdroppers from easily deducing the shared key.

how the initiator and acceptor exchange keys securely?

The initiator and acceptor play distinct roles in the communication process.
Here's an explanation of their roles:

Initiator / peer-1

Responsibility for Key Exchange:

➔ The initiator generates modulus and base.
➔ The initiator generates its public and private keys.
➔ The modulus, base and public key are sent to the acceptor.

Shared Key Computation:

➔ The initiator receives the acceptor's public key.
➔ The shared secret is calculated using the received public key and
initiator's private key.

Acceptor / peer-2

Responsibility for Key

Exchange:
➔ The acceptor waits for a connection and receives the modulus, base,
and
initiator's public key.
➔ The acceptor generates its public and private keys.
➔ The acceptor sends its public key to the initiator.
 5

Shared Key Computation:

➔ The shared secret is calculated using the received public key and
acceptor's private key.

_modulus=new BigInteger(keyLength,10,cryptographicallySecureRandomNumber);

_base = new BigInteger(keyLength - 1,cryptographicallySecureRandomNumber);

_selfPrivateKey = new
BigInteger(keyLength-1,cryptographicallySecureRandomNumber);

BigInteger selfPublicKey = _base.modPow(_selfPrivateKey, _modulus);

public void send(Object message, ConnectionModel connection) throws

IOException {

connection.output.println(message);

send(_modulus, _connection);

send(_base, _connection);

send(clientPublicKey, _connection);

String serverPublicKeyMessage = receive(_connection).toString();

BigInteger sharedSecret = serverPublicKey.modPow(_selfPrivateKey,

_modulus);
 6

AES Encryption and Decryption

The Advanced Encryption Standard (AES) is a symmetric encryption algorithm
widely used to secure sensitive data. AES was established as a standard by the
U.S. National Institute of Standards and Technology (NIST) in 2001, replacing
the older Data Encryption Standard (DES). AES is considered secure and
efficient and is used in a variety of applications, including securing
communications, encrypting files, and protecting sensitive information.

In our project Advanced Encryption Standard (AES) is employed for

encrypting and decrypting the actual messages exchanged between the
communicators.
AES is a symmetric encryption algorithm that uses a shared secret key for both
encryption and decryption.
The shared key generated through the Diffie-Hellman key exchange is utilized
as the symmetric key for AES.
This ensures that even if an unauthorized entity intercepts the encrypted
messages, they cannot decipher the content without the correct key.
encrypt method
protected String encrypt(String plainText, BigInteger sharedSecretKey,
Optional<Integer> specifiedKeyLength)

throws Exception {

Integer symmetricKeyLength =
specifiedKeyLength.orElse(_symmetricKeyLength);

sharedSecretKey = (sharedSecretKey.bitLength() >=

symmetricKeyLength)

? sharedSecretKey.clearBit(sharedSecretKey.bitLength() -
1)

: sharedSecretKey;

byte[] keyBytes = sharedSecretKey.toByteArray();

if (keyBytes.length < (symmetricKeyLength / 8)) {

byte[] paddedKeyBytes = Arrays.copyOf(keyBytes,

(symmetricKeyLength / 8));
 7

paddedKeyBytes[31] = (byte) 0;

keyBytes = paddedKeyBytes;

System.out.println("[*] keyBytes array length: " +

keyBytes.length);

Key key = new SecretKeySpec(keyBytes, 0, keyBytes.length, "AES");

Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");

cipher.init(Cipher.ENCRYPT_MODE, key);

byte[] encryptedBytes =
cipher.doFinal(plainText.getBytes(StandardCharsets.UTF_8));

return Base64.getEncoder().encodeToString(encryptedBytes);

- This method takes a plaintext message, the shared secret key

(derived from Diffie-Hellman key exchange), and an optional specified
key length as parameters.
- The method ensures that the shared secret key is adjusted to the
specified key length.
- Padding is applied to the key if its length is less than the expected length.
- The AES encryption is performed in ECB mode with PKCS5Padding.
- The encrypted bytes are then encoded to Base64 before being returned as a
string.

decrypt method
protected String decrypt(String encryptedText, BigInteger
sharedSecretKey, Optional<Integer> specifiedKeyLength)

throws Exception {

Integer symmetricKeyLength =
specifiedKeyLength.orElse(_symmetricKeyLength);

sharedSecretKey = (sharedSecretKey.bitLength() >=

symmetricKeyLength)

? sharedSecretKey.clearBit(sharedSecretKey.bitLength() -
1)
 8

: sharedSecretKey;

byte[] encryptedBytes = Base64.getDecoder().decode(encryptedText);

byte[] keyBytes = sharedSecretKey.toByteArray();

if (keyBytes.length < (symmetricKeyLength / 8)) {

byte[] paddedKeyBytes = Arrays.copyOf(keyBytes,

(symmetricKeyLength / 8));

paddedKeyBytes[31] = (byte) 0;

keyBytes = paddedKeyBytes;

Key key = new SecretKeySpec(keyBytes, 0, keyBytes.length, "AES");

Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");

cipher.init(Cipher.DECRYPT_MODE, key);

byte[] decryptedBytes = cipher.doFinal(encryptedBytes);

return new String(decryptedBytes, StandardCharsets.UTF_8);

- This method takes an encrypted message, the shared secret key, and an
optional specified key length as parameters.
- Similar to the encrypt method, it adjusts the shared secret key to the
specified key length and applies padding if necessary.
- The encrypted text is decoded from Base64.
- The AES decryption is performed in ECB mode with PKCS5Padding.
- The decrypted bytes are then converted to a string using UTF-8
encoding and returned.
 9

Graphical User Interface (GUI)

The GUI provides a user-friendly interface for interacting with the application.
It includes components for initiating the communication process and visualizing the
message exchange. User actions on the GUI trigger events that initiate the
socket connection, key exchange, and message encryption/decryption
processes.

Initiator acceptor
 10

Message Encryption/Decryption preview

Peer-2 /listener acceptor/ listen on port 1234

Peer-1 Initiator connect to listener on port 1234

 11

Peer-2 send unencrypted message

 12

Interceptor (man-in-the-middle) view unencrypted message

 13

Peer-1 accept encrypted message and decrypt it

Interceptor (man-in-the-middle) unable to view encrypted message

 14

Conclusion
In conclusion, the project successfully demonstrated a secure communication
system that ensures the confidentiality and integrity of exchanged information.
By integrating advanced cryptographic techniques, including Diffie-Hellman for
key exchange and AES for encryption/decryption, the project establishes a solid
foundation for secure peer-to-peer communication. The user-friendly GUI
enhances the overall experience, making the system accessible and intuitive.
The implemented security measures prevent unauthorized interception and
ensure the privacy of exchanged messages. The project's successful
implementation aligns with the objectives of providing a secure and efficient
communication solution.