Electrical Engineering and Computer Science

Computer Scientists Win Best Paper Award at ACM Conference on CCS for Exposing the Vulnerabilities of the Diffie-Hellman Key Exchange

Michigan researchers (L-R) David Adrian, Zakir Durumeric, J. Alex Halderman, Eric Wustrow, Benjamin VanderSloot, and Drew Springall

  Bookmark and Share

A team of researchers including Prof. J. Alex Halderman and CSE graduate students Zakir Durumeric, David Adrian, Drew Springall, Benjamin VanderSloot, and Eric Wustrow, has won a Best Paper Award at the ACM Conference on Computer and Communications Security (CCS), which took place October 12-16, 2015 in Denver, Colorado.

In the paper, “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice”, the researchers investigate the security of Diffie-Hellman key exchange. Diffie-Hellman is a popular algorithm used for encrypted communications, including emails VPNs, HTTPS, and other protocols where a client and server negotiate a shared secret key for communication, in a mathematical process that involves computations with a large, public prime number. The researchers have discovered that the algorithm is less secure than what was actually believed.


The "Imperfect Forward Secrecy" paper also won a Pwnie Award in the category of "Most Innovative Research."

First, they introduce a vulnerability called Logjam, which downgrades a connection to export-grade cryptography to easily crack the encryption of the 512-bit Diffie-Hellman groups. It has been found that this attack has affected 8.4% of Alexa Top Million HTTPS sites and 3.4% of all HTTPS servers that have browser-trusted certificates.

They also consider the risks with the 768-bit and 1024-bit groups, which are widely used and considered to be more secure, but are still vulnerable to decryption. ¬†Prof. Halderman and co-author Nadia Heninger (University of Pennsylvania) state in a blog post that¬† “there seemed to be no reason why everyone couldn’t just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally".

The researchers estimate that 768-bit groups are within range of academic team attackers, and 1024-bit groups may be within range of state-level attackers.

As a short-term fix against the Logjam attack, all mainstream browsers are employing a more restrictive policy on the size of Diffie-Hellman groups they accept. The researchers also recommend “that TLS servers disable export-grade cryptography and carefully vet the Diffie-Hellman groups they use. In the longer term, we advocate that protocols migrate to stronger Diffie-Hellman groups, such as those based on elliptic curves”.

Prof. J. Alex Halderman is a noted security expert with interests in the areas of Internet security and privacy, electronic voting, and anti-censorship. He received his PhD in Computer Science from Princeton in 2009 and joined the faculty at Michigan the same year. Prof. Halderman was been recognized for his efforts with a Sloan Fellowship and as one of Popular Science's Brilliant 10. At Michigan, he has been named a Morris Wellman Faculty Development Professor and has been awarded for the 1938E Award in recognition of his excellence in teaching and his scholarly integrity. He serves as the director of the Center for Computer Security and Society and advises the Michigan Hackers student group on campus.


Posted: October 28, 2015