DOCSLIB.ORG

Analyses, Mitigation and Applications of Secure Hash Algorithms.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Analyses, Mitigation and Applications of Secure Hash Algorithms.Pdf ANALYSES, MITIGATION AND APPLICATIONS OF SECURE HASH ALGORITHMS A Dissertation Submitted to the Graduate Faculty of the North Dakota State University of Agriculture and Applied Science By Zeyad Abdel-Hameed Al-Odat In Partial Fulfillment of the Requirements for the Degree of DOCTOR OF PHILOSOPHY Major Department: Electrical and Computer Engineering November 2019 Fargo, North Dakota NORTH DAKOTA STATE UNIVERSITY Graduate School Title ANALYSES, MITIGATION AND APPLICATIONS OF SECURE HASH ALGORITHMS By Zeyad Abdel-Hameed Al-Odat The supervisory committee certifies that this dissertation complies with North Dakota State Uni- versity's regulations and meets the accepted standards for the degree of DOCTOR OF PHILOSOPHY SUPERVISORY COMMITTEE: Samee U. Khan Chair Jacob Glower Sudarshan Srinivasan Ying Huang Zhang Limin Approved: 1, November, 2019 Ben Braaten Date Department Chair ABSTRACT Cryptographic hash functions are one of the widely used cryptographic primitives with a purpose to ensure the integrity of the system or data. Hash functions are also utilized in conjunc- tion with digital signatures to provide authentication and non-repudiation services. Secure Hash Algorithms are developed over time by the National Institute of Standards and Technology (NIST) for security, optimal performance, and robustness. The most known hash standards are SHA-1, SHA-2, and SHA-3. The secure hash algorithms are considered weak if security requirements have been broken. The main security attacks that threaten the secure hash standards are collision and length extension attacks. The collision attack works by finding two different messages that lead to the same hash. The length extension attack extends the message payload to produce an eligible hash digest. Both attacks already broke some hash standards that follow the Merkle-Damg˚ardconstruction. This dissertation proposes methodologies to improve and strengthen weak hash standards against collision and length extension attacks. We propose collision-detection approaches that help to detect the collision attack before it takes place. Besides, a proper replacement, which is supported by a proper construction, is proposed. The collision detection methodology helps to protect weak primitives from any possible collision attack using two approaches. The first approach employs a near-collision detection mechanism that was proposed by Marc Stevens. The second approach is our proposal. Moreover, this dissertation proposes a model that protects the secure hash functions from collision and length extension attacks. The model employs the sponge structure to construct a hash function. The resulting function is strong against collision and length extension attacks. Furthermore, to keep the general structure of the Merkle-Damg˚ardfunctions, we propose a model that replaces the SHA-1 and SHA-2 hash standards using the Merkle-Damg˚ardconstruction. This model employs the compression function of the SHA-1, the function manipulators of the SHA-2, and the 10 1 padding method. In the case of big data over the cloud, this dissertation presents several ∗ schemes to ensure data security and authenticity. The schemes include secure storage, anonymous privacy-preserving, and auditing of the big data over the cloud. iii ACKNOWLEDGEMENTS All praises and thanks to Allah almighty, my Creator, my Sustainer, for giving me courage and strength to pursue my PhD and fulfill the requirements of this disquisition. My heartiest and sincere appreciation and gratitude to my mentor and adviser Dr. Samee U. Khan, who always encouraged me, and persistently conveyed the spirit and guidance required for the research. Without his kind guidance and continuous efforts, this disquisition would not have been possible. Special thanks to my committee members, Dr. Jacob S. Glower, Dr. Sudarshan K. Srini- vasan, Dr. Ying Huang, and Dr. Zhang Limin for their support, guidance and helpful recommenda- tions. Thanks to the Electrical and Computer Engineering staff members for all the unconditional help and favor. I owe my heartiest thanks to all my friends and colleagues here in the US and Jordan, who always helped me in the time of need. Finally, I would like to thank my family, Father, Mother, Brothers (Maen, Mohammad, Ali, Zaher, Moath), and Sisters (Nisreen, Yasmeen, Haneen, Sadeen). Their continuous support is always a source of motivation and encouragement for me. I especially like to thank my mother and father, who are the only and every reason for whatever I am today and whatever I achieved in my life. I also would like to thank my loving wife Eman and my son Adam, for their patience, time, and support. iv DEDICATION I would like to dedicate this dissertation to my family, especially to my parents, my wife, and my son for all the love, support, and motivation. v TABLE OF CONTENTS ABSTRACT . iii ACKNOWLEDGEMENTS . iv DEDICATION . v LIST OF TABLES . xii LIST OF FIGURES . xiv 1. INTRODUCTION . 1 1.1. Overview . 1 1.2. Cryptographic Hash Functions . 2 1.2.1. Cryptographic Requirements of Hash Functions . 2 1.2.2. Attacks on Hash Functions . 4 1.2.3. Constructions of Hash Functions . 8 1.3. Motivation . 11 1.4. Contributions . 13 1.4.1. Collision Detection of the SHA-1 Hash Function . 13 1.4.2. Improving the Merkle-Damg˚ardHash Functions to Overcome Security Issues 13 1.4.3. Randomness Analyses of the Secure Hash Algorithms . 14 1.4.4. Big Data Applications Using Secure Hash Algorithms . 14 1.5. Thesis Outline . 15 1.6. References . 17 2. BACKGROUND . 21 2.1. Overview . 21 2.2. Secure Hash Algorithm Families . 23 2.2.1. SHA-1 . 25 2.2.2. SHA-2 . 27 vi 2.2.3. SHA-3 . 29 2.3. Hardware Implementations of the SHA Standards . 34 2.3.1. Choice of Hardware to Implement SHA . 34 2.3.2. FPGA Performance Metrics . 36 2.4. Optimization Techniques . 37 2.4.1. FPGA Implementation of the SHA-1 . 38 2.4.2. FPGA Implementations of the SHA-2 . 43 2.4.3. FPGA Implementations of the SHA-3 . 45 2.4.4. Error Detection and Correction . 51 2.5. Discussion . 55 2.6. References . 62 3. MITIGATION AND IMPROVING SHA-1 STANDARD USING COLLISION DETEC- TION APPROACH . 73 3.1. Introduction . 73 3.2. Preliminaries . 74 3.2.1. Brief Description about the SHA-1 . 74 3.2.2. SHA-1 Differential Attack . 76 3.2.3. Threat Model . 77 3.3. Literature Review . 78 3.4. Proposed Methodology . 80 3.4.1. Proposed Work . 80 3.5. Results and Discussions . 83 3.6. Conclusions . 85 3.7. References . 86 4. THE SPONGE STRUCTURE MODULATION APPLICATION TO OVERCOME THE SECURITY BREACHES FOR THE MD5 AND SHA-1 HASH FUNCTIONS . 89 4.1. Introduction . 89 vii 4.2. Background . 91 4.2.1. Brief Description of Secure Hash Algorithms . 91 4.2.2. Sponge Structure Model . 93 4.3. Related Work . 93 4.4. Proposed Methodology . 95 4.5. Results and Discussions . 99 4.5.1. Collision Attack . 99 4.5.2. Length Extension Attack . 100 4.6. Conclusions . 102 4.7. References . 102 5. A MODIFIED SECURE HASH ALGORITHM ARCHITECTURE TO CIRCUMVENT COLLISION AND LENGTH EXTENSION ATTACKS . 105 5.1. Introduction . 105 5.2. Preliminaries . 106 5.2.1. Brief Description of SHA-1 . 106 5.2.2. Brief Description of SHA-2 . 107 5.2.3. Threat Model . 109 5.2.4. Metrics . 110 5.3. Related Work . 111 5.4. Proposed Methodology . 113 5.4.1. Padding Method . 113 5.4.2. Fused Compression Function . 114 5.5. Verification of the Proposed Design . 117 5.5.1. Specifications of the Proposed Design . 117 5.5.2. Functional Specification . 120 5.6. Results and Discussions . 120 5.6.1. Test Vectors . 121 viii 5.6.2. Avalanche Effect . ..
Load more

Recommended publications
  • Cryptographic Hash Functions and Message Authentication Code
    Cryptographic Hash Functions and Message Authentication Code Thierry Sans Cryptographic hashing H m1 m2 x1 m3 x2 H(m) = x is a hash function if • H is one-way function • m is a message of any length • x is a message digest of a fixed length ➡ H is a lossy compression function necessarily there exists x, m1 and m2 | H(m1) = H(m2) = x Computational complexity m H x • Given H and m, computing x is easy (polynomial or linear) • Given H and x, computing m is hard (exponential) ➡ H is not invertible Preimage resistance and collision resistance m H x PR - Preimage Resistance (a.k.a One Way) ➡ given H and x, hard to find m e.g. password storage 2PR - Second Preimage Resistance (a.k.a Weak Collision Resistance) ➡ given H, m and x, hard to find m’ such that H(m) = H(m’) = x e.g. virus identification CR - Collision Resistance (a.k.a Strong Collision Resistance) ➡ given H, hard to find m and m’ such that H(m) = H(m’) = x e.g. digital signatures CR → 2PR and CR → PR Hash functions in practice IV n’ bits n bits n’ bits Common hash functions m H x Name SHA-2 SHA-3 MD5 SHA-1 Variant SHA-224 SHA-256 SHA-384 SHA-512 SHA3-224 SHA3-256 SHA3-384 SHA3-512 Year 1992 1993 2001 2012 Guido Bertoni, Joan Daemen, Michaël Designer Rivest NSA NSA Peeters, and Gilles Van Assche Input 512 512 512 512 1024 1024 1152 1088 832 576 n bits Output 128 160 224 256 384 512 224 256 384 512 n’ bits Speed 6.8 11.4 15.8 17.7 12.5 cycle/byte Considered Broken yes yes no no How to hash long messages ? Merkle–Damgård construction m split m in blocks of n bits and add padding p n bits m1
    [Show full text]
  • Hello, and Welcome to This Presentation of the STM32MP1 Hash Processor
    Hello, and welcome to this presentation of the STM32MP1 hash processor. 1 Hash peripheral is in charge of efficient computing of message digest. A digest is a fixed-length value computed from an input message. A digest is unique - it is virtually impossible to find two messages with the same digest. The original message cannot be retrieved from its digest. Hash digests and Hash-based Message Authentication Code (HMAC) are widely used in communication since they are used to guarantee the integrity and authentication of a transfer. 2 HASH1 is a secure peripheral (under ETZPC control through ETZPC_DECPROT0 bit 8) while HASH2 is a non secure peripheral. HASH1 instance can be allocated to: • The Arm® Cortex®-A7 secure core to be controlled in OP-TEE by the HASH OP-TEE driver or • The Arm® Cortex® -A7 non-secure core for using in Linux® with Linux Crypto framework HASH2 instance can be allocated to the Arm® Cortex®-M4 core to be controlled in the STM32Cube MPU Package using the STM32Cube HASH driver. HASH1 instance is used as boot device to support binary authentication. 3 The hash processor supports widely used hash functions including Message Digest 5 (MD5), Secure Hash Algorithm SHA-1 and the more recent SHA-2 with its 224- and 256-bit digest length versions. A hash can also be generated with a secrete-key to produce a message authentication code (MAC). The processor supports bit, byte and half-word swapping. It supports also automatic padding of input data for block alignment. The processor can be used in conjunction with the DMA for automatic processor feeding.
    [Show full text]
  • Downloaded on 2017-02-12T13:16:07Z HARDWARE DESIGNOF CRYPTOGRAPHIC ACCELERATORS
    Title Hardware design of cryptographic accelerators Author(s) Baldwin, Brian John Publication date 2013 Original citation Baldwin, B.J., 2013. Hardware design of cryptographic accelerators. PhD Thesis, University College Cork. Type of publication Doctoral thesis Rights © 2013. Brian J. Baldwin http://creativecommons.org/licenses/by-nc-nd/3.0/ Embargo information No embargo required Item downloaded http://hdl.handle.net/10468/1112 from Downloaded on 2017-02-12T13:16:07Z HARDWARE DESIGN OF CRYPTOGRAPHIC ACCELERATORS by BRIAN BALDWIN Thesis submitted for the degree of PHD from the Department of Electrical Engineering National University of Ireland University College, Cork, Ireland May 7, 2013 Supervisor: Dr. William P. Marnane “What I cannot create, I do not understand” - Richard Feynman; on his blackboard at time of death in 1988. Contents 1 Introduction 1 1.1 Motivation...................................... 1 1.2 ThesisAims..................................... 3 1.3 ThesisOutline................................... 6 2 Background 9 2.1 Introduction.................................... 9 2.2 IntroductiontoCryptography. ...... 10 2.3 MathematicalBackground . ... 13 2.3.1 Groups ................................... 13 2.3.2 Rings .................................... 14 2.3.3 Fields.................................... 15 2.3.4 FiniteFields ................................ 16 2.4 EllipticCurves .................................. 17 2.4.1 TheGroupLaw............................... 18 2.4.2 EllipticCurvesoverPrimeFields . .... 19 2.5 CryptographicPrimitives&Protocols
    [Show full text]
  • Grostl-Comment-April28.Pdf
    Some notes on Grøstl John Kelsey, NIST, April 2009 These are some quick notes on some properties and observations of Grøstl. Nothing in this note threatens the hash function; instead, I'm pointing out some properties that are a bit surprising, and some broad approaches someone might take to get attacks to work. I've discussed these with the Grøstl team, and gotten quite a bit of useful feedback. I'm pretty sure they agree that my observations are correct, but obviously, any errors here are mine alone. 1 Grøstl Compression Function The Grøstl compression function is built from two different fixed permutations, P and Q, on 2n bits, where n is the final hash output size. The design is quite interesting; among other things, this (like LANE and Luffa, among others) takes away the key schedule as a way of affecting things inside P and Q. Here is a picture of the Grøstl compression function: M Q v u w Y + P + Z In this diagram, I've labeled the input hash chaining value Y, the output Z, and the message M. Similarly, I have introduced variables for the internal values inside the compression function--u, v, and w. I'll use this notation a lot in the next few pages to simplify discussion. To write this in terms of equations: u = Y xor M v = Q(M) w = P(u) Z = v xor w xor Y or, in a shorter form: Z = Q(M) xor P(Y xor M) xor Y It's important to remember here that all variables are 2n bits, so for a 256-bit hash, they're 512 bits each.
    [Show full text]
  • Methods and Tools for Analysis of Symmetric Cryptographic Primitives
    METHODSANDTOOLS FOR ANALYSIS OF SYMMETRICCRYPTOGRAPHIC PRIMITIVES Oleksandr Kazymyrov dissertation for the degree of philosophiae doctor the selmer center department of informatics university of bergen norway DECEMBER 1, 2014 A CKNOWLEDGMENTS It is impossible to thank all those who have, directly or indirectly, helped me with this thesis, giving of their time and experience. I wish to use this opportunity to thank some of them. Foremost, I would like to express my very great appreciation to my main supervisor Tor Helleseth, who has shared his extensive knowledge and expe- rience, and made warm conditions for the comfortable research in one of the rainiest cities in the world. I owe a great deal to Lilya Budaghyan, who was always ready to offer assistance and suggestions during my research. Advice given by Alexander Kholosha has been a great help in the early stages of my work on the thesis. My grateful thanks are also extended to all my friends and colleagues at the Selmer Center for creating such a pleasant environment to work in. I am particularly grateful to Kjell Jørgen Hole, Matthew G. Parker and Håvard Raddum for the shared teaching experience they provided. Moreover, I am very grateful for the comments and propositions given by everyone who proofread my thesis. In addition, I would like to thank the administrative staff at the Department of Informatics for their immediate and exhaustive solutions of practical issues. I wish to acknowledge the staff at the Department of Information Tech- nologies Security, Kharkiv National University of Radioelectronics, Ukraine, especially Roman Oliynykov, Ivan Gorbenko, Viktor Dolgov and Oleksandr Kuznetsov for their patient guidance, enthusiastic encouragement and useful critiques.
    [Show full text]
  • Recommendation for Applications Using Approved Hash Algorithms
    Archived NIST Technical Series Publication The attached publication has been archived (withdrawn), and is provided solely for historical purposes. It may have been superseded by another publication (indicated below). Archived Publication Series/Number: NIST Special Publication 800-107 Title: Recommendation for Applications Using Approved Hash Algorithms Publication Date(s): February 2009 Withdrawal Date: August 2012 Withdrawal Note: SP 800-107 is superseded in its entirety by the publication of SP 800-107 Revision 1 (August 2012). Superseding Publication(s) The attached publication has been superseded by the following publication(s): Series/Number: NIST Special Publication 800-107 Revision 1 Title: Recommendation for Applications Using Approved Hash Algorithms Author(s): Quynh Dang Publication Date(s): August 2012 URL/DOI: http://dx.doi.org/10.6028/NIST.SP.107r1 Additional Information (if applicable) Contact: Computer Security Division (Information Technology Lab) Latest revision of the SP 800-107 Rev. 1 (as of August 12, 2015) attached publication: Related information: http://csrc.nist.gov/ Withdrawal N/A announcement (link): Date updated: ƵŐƵƐƚϭϮ, 2015 NIST Special Publication 800-107 Recommendation for Applications Using Approved Hash Algorithms Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department of Commerce Otto J. Wolff, Acting Secretary National Institute of Standards and Technology Patrick D. Gallagher, Deputy Director NIST SP 800-107 Abstract Cryptographic hash functions that compute a fixed- length message digest from arbitrary length messages are widely used for many purposes in information security. This document provides security guidelines for achieving the required or desired security strengths when using cryptographic applications that employ the approved cryptographic hash functions specified in Federal Information Processing Standard (FIPS) 180-3.
    [Show full text]
  • Modes of Operation for Compressed Sensing Based Encryption
    Modes of Operation for Compressed Sensing based Encryption DISSERTATION zur Erlangung des Grades eines Doktors der Naturwissenschaften Dr. rer. nat. vorgelegt von Robin Fay, M. Sc. eingereicht bei der Naturwissenschaftlich-Technischen Fakultät der Universität Siegen Siegen 2017 1. Gutachter: Prof. Dr. rer. nat. Christoph Ruland 2. Gutachter: Prof. Dr.-Ing. Robert Fischer Tag der mündlichen Prüfung: 14.06.2017 To Verena ... s7+OZThMeDz6/wjq29ACJxERLMATbFdP2jZ7I6tpyLJDYa/yjCz6OYmBOK548fer 76 zoelzF8dNf /0k8H1KgTuMdPQg4ukQNmadG8vSnHGOVpXNEPWX7sBOTpn3CJzei d3hbFD/cOgYP4N5wFs8auDaUaycgRicPAWGowa18aYbTkbjNfswk4zPvRIF++EGH UbdBMdOWWQp4Gf44ZbMiMTlzzm6xLa5gRQ65eSUgnOoZLyt3qEY+DIZW5+N s B C A j GBttjsJtaS6XheB7mIOphMZUTj5lJM0CDMNVJiL39bq/TQLocvV/4inFUNhfa8ZM 7kazoz5tqjxCZocBi153PSsFae0BksynaA9ZIvPZM9N4++oAkBiFeZxRRdGLUQ6H e5A6HFyxsMELs8WN65SCDpQNd2FwdkzuiTZ4RkDCiJ1Dl9vXICuZVx05StDmYrgx S6mWzcg1aAsEm2k+Skhayux4a+qtl9sDJ5JcDLECo8acz+RL7/ ovnzuExZ3trm+O 6GN9c7mJBgCfEDkeror5Af4VHUtZbD4vALyqWCr42u4yxVjSj5fWIC9k4aJy6XzQ cRKGnsNrV0ZcGokFRO+IAcuWBIp4o3m3Amst8MyayKU+b94VgnrJAo02Fp0873wa hyJlqVF9fYyRX+couaIvi5dW/e15YX/xPd9hdTYd7S5mCmpoLo7cqYHCVuKWyOGw ZLu1ziPXKIYNEegeAP8iyeaJLnPInI1+z4447IsovnbgZxM3ktWO6k07IOH7zTy9 w+0UzbXdD/qdJI1rENyriAO986J4bUib+9sY/2/kLlL7nPy5Kxg3 Et0Fi3I9/+c/ IYOwNYaCotW+hPtHlw46dcDO1Jz0rMQMf1XCdn0kDQ61nHe5MGTz2uNtR3bty+7U CLgNPkv17hFPu/lX3YtlKvw04p6AZJTyktsSPjubqrE9PG00L5np1V3B/x+CCe2p niojR2m01TK17/oT1p0enFvDV8C351BRnjC86Z2OlbadnB9DnQSP3XH4JdQfbtN8 BXhOglfobjt5T9SHVZpBbzhDzeXAF1dmoZQ8JhdZ03EEDHjzYsXD1KUA6Xey03wU uwnrpTPzD99cdQM7vwCBdJnIPYaD2fT9NwAHICXdlp0pVy5NH20biAADH6GQr4Vc
    [Show full text]
  • Broad View of Cryptographic Hash Functions
    IJCSI International Journal of Computer Science Issues, Vol. 10, Issue 4, No 1, July 2013 ISSN (Print): 1694-0814 | ISSN (Online): 1694-0784 www.IJCSI.org 239 Broad View of Cryptographic Hash Functions 1 2 Mohammad A. AlAhmad , Imad Fakhri Alshaikhli 1 Department of Computer Science, International Islamic University of Malaysia, 53100 Jalan Gombak Kuala Lumpur, Malaysia, 2 Department of Computer Science, International Islamic University of Malaysia, 53100 Jalan Gombak Kuala Lumpur, Malaysia Abstract Cryptographic hash function is a function that takes an arbitrary length as an input and produces a fixed size of an output. The viability of using cryptographic hash function is to verify data integrity and sender identity or source of information. This paper provides a detailed overview of cryptographic hash functions. It includes the properties, classification, constructions, attacks, applications and an overview of a selected dedicated cryptographic hash functions. Keywords-cryptographic hash function, construction, attack, classification, SHA-1, SHA-2, SHA-3. Figure 1. Classification of cryptographic hash function 1. INTRODUCTION CRHF usually deals with longer length hash values. An A cryptographic hash function H is an algorithm that takes an unkeyed hash function is a function for a fixed positive integer n * arbitrary length of message as an input {0, 1} and produce a which has, as a minimum, the following two properties: n fixed length of an output called message digest {0, 1} 1) Compression: h maps an input x of arbitrary finite bit (sometimes called an imprint, digital fingerprint, hash code, hash length, to an output h(x) of fixed bit length n.
    [Show full text]
  • HCAHF: a New Family of CA-Based Hash Functions
    (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 10, No. 12, 2019 HCAHF: A New Family of CA-based Hash Functions Anas Sadak1, Fatima Ezzahra Ziani2, Bouchra Echandouri3, Charifa Hanin4, Fouzia Omary5 Faculty of Science, Mohammed V University Rabat, Morocco Abstract—Cryptographic hash functions (CHF) represent a The article is organized as follows: in Section 2, a core cryptographic primitive. They have application in digital background on cellular automata and hash functions is signature and message authentication protocols. Their main included. In Section 3, some related works are presented. building block are Boolean functions. Those functions provide Section 4 details the hashing scheme proposed. In Section 5, pseudo-randomness and sensitivity to the input. They also help the result of the different statistical tests and the cryptographic prevent and lower the risk of attacks targeted at CHF. Cellular properties of cellular automata are provided. Next, in Section 6 automata (CA) are a class of Boolean functions that exhibit good a security analysis is performed. Finally, Section 7 summarizes cryptographic properties and display a chaotic behavior. In this the article. article, a new hash function based on CA is proposed. A description of the algorithm and the security measures to II. BACKGROUND increase the robustness of the construction are presented. A security analysis against generic and dedicated attacks is A. Cryptographic Hash Functions (CHF) included. It shows that the hashing algorithm has good security Cryptographic hash functions with good security properties features and meet the security requirements of a good hashing represent a significant part of cryptography. They are the basis scheme.
    [Show full text]
  • Secure Hash Algorithms
    Keywords: secure hash, 1-wire, i2c, iButton, parasitic power, security, sha1, sha2, sha3, sha256, sha3-256, authentication, intellectual property protection, puf, physically unclonable function, chipdna, eeprom, cloning, counterfeit, medical disposables APPLICATION NOTE 7015 BACK TO BASICS: SECURE HASH ALGORITHMS Abstract: This application note goes over the basics of Secure Hash Algorithms (SHA) and discusses the variants of the algorithm. It then briefly touches on how the algorithm is used for authentication, including the concept of a Hashed Message Authentication Code (HMAC). It concludes by looking at some of the Maxim secure authenticators that can be used to very easily deploy SHA algorithms for security applications. Introduction In this application note, we will discuss the Secure Hash Algorithms (SHA) that are widely used in symmetric key cryptography. The basic idea behind a SHA function is to take data of variable size and condense it into a fixed-size bit string output. This concept is called hashing. The SHA functions are a family of hashing algorithms that have been developed over time through oversight by the National Institute of Standards and Technology (NIST). The latest of these is the SHA-3 function. Maxim has a family of secure authenticator products that provide both SHA-2 and SHA-3 functions. Figure 1 shows the basic concept of secure hash generation. Figure 1. Secure hash generation, basic concept. SHA Characteristics The SHA functions have the following characteristics: They have variable input length and fixed output length. They are one-way functions. Figure 1 shows that it is infeasible to use the resultant hash value to regenerate the input text other than trying each possible input text.
    [Show full text]
  • ΥΣ13 - Computer Security
    ΥΣ13 - Computer Security Hashing Κώστας Χατζηκοκολάκης 1 • Solution : hash function - h(x): f0; 1g∗ ! f0; 1gn - h(x) is the hash/digest of x Context • Goal - Represent large/sensitive message by a smaller one - Numerous applications 2 Context • Goal - Represent large/sensitive message by a smaller one - Numerous applications • Solution : hash function - h(x): f0; 1g∗ ! f0; 1gn - h(x) is the hash/digest of x 2 - h(x) ! x : hard · Even to find a single bit of x ! • No collisions - Do x =6 x0 exist such that h(x) = h(x0)? YES - But the should be hard to find! Properties • One-way - x ! h(x) : easy 3 YES - But the should be hard to find! Properties • One-way - x ! h(x) : easy - h(x) ! x : hard · Even to find a single bit of x ! • No collisions - Do x =6 x0 exist such that h(x) = h(x0)? 3 Properties • One-way - x ! h(x) : easy - h(x) ! x : hard · Even to find a single bit of x ! • No collisions - Do x =6 x0 exist such that h(x) = h(x0)? YES - But the should be hard to find! 3 • Just 23! − • − 364 · 363 · · 365 22 ≈ pb = 1 365 365 ::: 365 0:507 • Approximation - e−x ≈ 1 − x (x ≈ 0) − m2 - pb ≈ 1 − e 2·365 Collision-resistance Birthday paradox • How many people do we need so that any 2 have the same birthday with pb 50%? 4 • Approximation - e−x ≈ 1 − x (x ≈ 0) − m2 - pb ≈ 1 − e 2·365 Collision-resistance Birthday paradox • How many people do we need so that any 2 have the same birthday with pb 50%? • Just 23! − • − 364 · 363 · · 365 22 ≈ pb = 1 365 365 ::: 365 0:507 4 Collision-resistance Birthday paradox • How many people do we need so that
    [Show full text]
  • Year 2010 Issues on Cryptographic Algorithms
    IMES DISCUSSION PAPER SERIES Year 2010 issues on cryptographic algorithms Masashi Une and Masayuki Kanda Discussion Paper No. 2006-E-8 INSTITUTE FOR MONETARY AND ECONOMIC STUDIES BANK OF JAPAN C.P.O BOX 203 TOKYO 100-8630 JAPAN You can download this and other papers at the IMES Web site: http://www.imes.boj.or.jp Do not reprint or reproduce without permission. NOTE: IMES Discussion Paper Series is circulated in order to stimulate discussion and comments. Views expressed in Discussion Paper Series are those of authors and do not necessarily reflect those of the Bank of Japan or the Institute for Monetary and Economic Studies. IMES Discussion Paper Series 2006-E-8 June 2006 Year 2010 issues on cryptographic algorithms Masashi Une† and Masayuki Kanda* Abstract In the financial sector, cryptographic algorithms are used as fundamental techniques for assuring confidentiality and integrity of data used in financial transactions and for authenticating entities involved in the transactions. Currently, the most widely used algorithms appear to be two-key triple DES and RC4 for symmetric ciphers, RSA with a 1024-bit key for an asymmetric cipher and a digital signature, and SHA-1 for a hash function according to international standards and guidelines related to the financial transactions. However, according to academic papers and reports regarding the security evaluation for such algorithms, it is difficult to ensure enough security by using the algorithms for a long time period such as ten or fifteen years due to advances in cryptanalysis techniques, improvement of computing power and so on. In order to enhance the transition to more secure ones, NIST (National Institute of Standards and Technology) of the United States describes in various guidelines that NIST will no longer approve two-key triple DES, RSA with a 1024-bit key, and SHA-1 as the algorithms suitable for IT systems of the Federal Government after 2010.
    [Show full text]