INTERNATIONAL JOURNAL OF INFORMATION AND COMPUTING SCIENCE ISSN NO: 0972-1347 Attacks on Cryptographic Hash Functions and Advances Arvind K. Sharma1, Dr.S.K. Mittal2, Dr.Sumit Mittal3 1,3 Department of Computer Applications (MMICT&BM) Maharishi Markandeshwar University, Mullana, Ambala (Haryana), India University School of Engineering & Technology2 Rayat Bahra University, Sahibzada Ajit Singh Nagar (Punjab), India Email: [email protected], [email protected], [email protected] Abstract: −− Cryptographic Hash Functions have a distinct importance in the area of Network Security or Internet Security as compare to Symmetric and Public Key Encryption-Decryption techniques. Major issues primarily which resolved by any hash algorithm, are to manage the Integrity and Authenticity of messages which are to be transmitting between communicating parties and users with digital signatures. Hash function also utilized for fixed length secrect key generation in Symmetric and Public Key Cryptosystems. Different level of security provided by different algorithms depending on how difficult is to break them. The most well-known hash algorithms are MD4, MD5, SHA, JH, Skein, Grøstl, Blake, Hamsi, Fugue, Crush, Whirlpool, Tav etc. In this paper we are discussing importance of hash functions, hash functions widely used in networking, most importantly various Attacks applicable on hash functions and compression functions utilized by hash functions. Keywords: Algorithms; Compression Function, Cipher; Stream; Block; Confidentiality; Integity; Authentication; Server; Message-Digest, Message-Block, Non-repudation;Differential; Communication between at-least two parties using a network may uses Encryption-Decryption 1. Introduction techniques to maintain privacy. And for Security and Privacy in interconnected authentication purpose apart from Encryption- domain means to preserve the Confidentiality, Decryption techniques Hash Functions most Integrity and Authenticity of messages as well as widely used. The world is becoming more manages the Accountability and Authorization of interconnected with the help of Internet and new resources to be used. Security initializes with networking technologies and there is huge Authorization i.e. enterance to particular system amount of personal, military, commercial, and commonly with the help of pre-specified government information on networking credentials like username and password. infrastructures worldwide available. So it‟s Network Security consists of the Policies important to find out who is transmitting critical adopted or Rules specified by a Network data and who is receving, this will be take care Analysist, Administrator or Cyber Security by accountabilty policies managed by Experts to prevent and track unauthorized access administrator. But how to identify wheather data (i.e., with ACL, Logs, Firewalls) and received by one user is sent or e-mailed by valid modification in system and, denial of a computer user or the data received is actual one and not network and network resources. If a user manipulated (i.e., Non-Repudation, Integrity). authorized to do something still, a firewall forces All these issues resolved by proving the to access policies or rules such as what services authenticity of data and user with the help of are allowed to be accessed for that network user hash function individually or with digital and to that user w.r.t. current location, as some signatures scheme. As these systems quite services only to be accessed by authorized users helpful for us to manage various networking in intranet not on internet. So these policies are problems, still these are vulnerable to attacks too, okay to prevent unauthorized access to system, so in this paper we‟re importantly focusing on but this component may fail to check potentially attacks which can be applied to hash functions or harmful content such as computer Worms or compression functions and it‟s level of impact. Trojans being transmitted over the network. Organization of the Paper: The rest of the Anti-virus software or an Intrusion Detection paper is organized as follow. Section II describe System (IDS) help detect the Malware. 1 Volume 5, Issue 11, November 2018 89 http://ijics.com INTERNATIONAL JOURNAL OF INFORMATION AND COMPUTING SCIENCE ISSN NO: 0972-1347 in brief about Hash Functions and, Properties of easy to generate a message code of given Hash Functions and their Varients, Section III message but hard to generate a message back describe Types of Attacks and it‟s impact on from given digest. The fifth requirement also Hash Functions, we are winding our work with known as Second pre-image resistance or conclusion and my future work with some new Collision resistance property guarantees that an techniques. And at end acknowledgement, alternative message hashing to the same code as References takes place. a given message cannot be found. 2. Cryptographic Hash Functions The term hash function has been used in computer science and it refers to a function that compresses a message of arbitrary lenght to a message of fixed length called Message Digest. However if it satisfies some additional requirements, then it can be used for cryptographic applications and then known as Cryptographic Hash functions. Cryptographic Hash functions are most important tool in the stream of Security and Cryptography and are Fig 2.1: Hash Function [24] used to achieve a number of security goals like authenticity, digital signatures, pseudo number There are various Hash functions exists in the generation, digital time stamping etc. Hash history and current market, many of them are Function may be of two types Keyed and Un- used continuely from a decade in order to Keyed. Keyed Hash Functions use secret key provide services after updations, because of there (Salt) for computing the digest and these are also well known security and other properties. We‟re known as MAC (Message Authentication Code) using these variants as per requirements and but in other we are not using any secret key. when need ariese such that, for systems like Secret key can be distributed in a secure way also where lower level of security required like: OTP to the parties. It‟ll be nice to use random key generation for few seconds, or for few minutes or generation system there, or take a help of well in wireless sensons services it‟s better to use MD known technologies like Kerberos, Radius or family based hash function or light weight hash Certificates.. functions like: Locha, Photon, Quark etc. which have small digest size, because these services are One-way Hash Function (OWHF) defined by frequent onces and expired after a certain time Merkle [3] is a hash function „H‟, that satisfies period (Timestamp) so, there is no need to go for the following requirements: those hash functions which have a very complex 1. H can be applied to Block of data of any structure to execute through, high power length. (any length means size of Block must consumption and large digest size. On the other be greater than size of Digest we conclude at hand where we required to store Passwords, the end). Keys, etc. for long period of time it‟s highly 2. H produces a fixed-length output i.e., recommended that we opt for highly secure hash Message Digest. functions like: SHA family, SHA-1, SHA-2, SHA-3, JH, Skein, Grøstl, Blake, Hamsi, Fugue, 3. Given H and x (any given input), it is easy to Crush, Whirlpool, Tav etc. As I already computer Message Digest H(x). discussed in detail about variou Hash Function in 4. Given H and H(x), it is computationally my previously published Research article [32] so infeasible to find x. here I just closed this section just with MD(x) and SHA only. 5. Given H and H(x), it is computationally infeasible to find x and x‟ such that H(x) = MD(x) H(x‟). Ivan Damgard [2] and Ralph Merkle [3] in The first three requirements are must for 1989 independently proposed the iterative practical applications of a hash function to technique for construction of collision resistant message authentication and digital signatures. hash function by using fixed length input The fourth requirement also known as pre-image compression function. Both give proof(s) in their resistance or one way property, states that it is researh papers [3], [2] that if there exists a fixed 2 Volume 5, Issue 11, November 2018 90 http://ijics.com INTERNATIONAL JOURNAL OF INFORMATION AND COMPUTING SCIENCE ISSN NO: 0972-1347 length collision resistant compression function: f: and the block permutation is applied if additional {0,1}a X {0,1}b → {0,1}c then one can design a output is desired. Central to the Sponge variable length input collision resistant hash construction is capacity „c‟ of hash function and function H: {0,1}* → {0,1}n ,by repeatedly it can be adjusted based on security requirements. iterating that compression function. This scheme SHA-3 [10] final round candidate algorithm is now mostly called Merkle-Damgard Keccak [10] is a hash function based on Sponge construction. construction only and it sets a conservative c = 2n, where „n‟ is the size of the output hash. Now SHA in the next section we‟re proceeding with various SHA is called Secure Hash Algorithms, types of attack(s) possible on cryptographic hash which is most widely used hash function till date function and it‟s insider compression function. in many different places like: Software(s), Websites, OS, Servers, Banking Systems and in 3. Attack on Hash Functions Back-end Databases etc. It was first proposed by Uses of Hash Functions is well known to National Institute of Standard and Technology persons who‟re working in the area of (NIST), United States in late 1993. It based on Cryptography i.e., branch of Networking and the same design strategy as used by MD(x) Securiy, As Hash functions properly providing family and was published as (FIPS-180) in 1993 necessary security services from long ago w.r.t.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages8 Page
-
File Size-