Polawat Witoolkollachit. The avalanche effect of various hash functions The avalanche effect of various hash functions between encrypted raw images versus non-encrypted images: A comparison study Polawat Witoolkollachit Department of Information Technology, King Mongkut’s University of Technology North Bangkok, Thailand Abstract Symmetric encryption technology is widely used in of Blowfish, AES-256 and DES against SHA-1, internet security systems. To keep images secure, image HMAC-SHA256, and CMAC-SHA256, showed no encryption technique is a specific security process. The statistical significance in terms of the averages of the encryption technique should be strong enough to prevent avalanche effect but the RC4 and 3DES were statistically breaking the algorithm. The integrity checking of the significant. However, the RC4 encrypted image group had encrypted image file can detect whether any critical a lesser average avalanche effect than 3DES. The 3DES system files have been changed, thus enabling the encrypted image group with CMAC-SHA256 showed the system administrator to look for unauthorized alterations best avalanche effect with statistical significance among of the system. Hash function is the desired function for the SHA-1 and HMAC-SHA246 groups. hash value comparisons. This study focused on the comparison of the avalanche effect on the various hash Keywords: avalanche effect, encrypted raw images, values of images before and after various encryption non-encrypted images. techniques and which of the combined encryption techniques and then hash functions show the maximum Received 20 December 2015; Accepted 25 avalanche effect. According to this study, the combination March 2016 Introduction Symmetric encryption technology is widely used in should be strong enough to prevent breaking the internet security systems.1 It utilizes a confusion and algorithm.2,3 The integrity checking of the encrypted diffusion technique to encrypt the subject. The time of image file can detect whether any critical system files encryption is the most sensitive variable for encryption have been changed, thus enabling the system security techniques. Most people expect immediate administrator to look for unauthorized alteration of the results from encryption techniques. Image encryption system. Hash function is the desired function by hash is a common security process. The encryption technique value comparison.4,5 Avalanche effect is one of the desirable properties of cryptographic algorithms, typically blocking ciphers Correspondence: Polawat Witoolkollachit, Department of 6 Information Technology, King Mongkut’s University of and cryptographic hash functions. This phenomenon is Technology North Bangkok, Thailand (Tel.: +66-2555-2708; evident if, when an input is changed slightly E-mail address: [email protected]). (for example, flipping a single bit) the output changes Journal of the Thai Medical Informatics Association, 1, 69-82, 2016 69 The avalanche effect of various hash functions Polawat Witoolkollachit. significantly. If a block cipher or cryptographic hash RC4 key ought to never be used again when scrambling function does not exhibit the avalanche effect to a two other information streams. significant degree, then it has poor randomization, Blowfish is a symmetric-key block cipher, designed and thus a cryptanalyst can make predictions about in 1993 by Bruce Schneier9 and included in a large the encryption algorithm of the input by seeing the number of cipher suites and encryption products. cypher texts. This may be sufficient for guessing the Blowfish provides a good encryption rate in software difficulty to break the algorithm. Thus, the avalanche and no effective cryptanalysis of it has been found to date. effect is a desirable condition from the point of view AES is a symmetric key block cipher. It uses a fixed of the designer of the cryptographic algorithm or device. 128-bit block cipher and three key lengths supported The wide use of high resolution images in by AES as this was an NIST design requirement.10 medical care such as X-ray images, photos of wound The number of internal rounds of the cipher is a function characteristics are common in the present medical of the key length according to the Hash based message practice. The hospitals must keep all image files secret authentication code (HMAC) and has been the by privacy law. The integrity checking of the encrypted mandatory-to implement MAC for IPSEC. HMAC based images by hash values is currently the most favorable on secure hash algorithm (HMAC-SHA-1) has been technique.7 Therefore, the collision resistance property recommended for message authentication in several must be of concern. network security protocols. The key reasons behind This study observed two groups of ten images. this were the free availability, flexibility of changing The original images are the same in both groups. the hash function and reasonable speed, among others. The first group was unencrypted RAW images which The MAC based on the block ciphers such as received hash function application. The hash values were CBC-MAC-DES was generally considered slow due to recorded. The hash values from this group were used the complexity of the encryption process. as the control group. The second was five different DES is the archetypal block cipher,11 an algorithm symmetric encryption algorithms namely; AES-256, DES, that takes a fixed-length string of plain text bits and 3DES, RC4 and Blowfish against 19 raw images. transforms it through a series of complicated operations Then the hash function was applied to all images and into another cipher text bit string of the same length. all hash values were recorded. The purpose of this study In the case of DES, the block size is 64 bits. was to determine differences in the avalanche effect DES also uses a key to customize the transformation, of various hash functions on the encrypted image groups so that decryption can supposedly only be performed compared to the avalanche effect of hash function of by those who know the particular key used to encrypt. the non-encrypted image group and which pair had The key ostensibly consists of 64 bits; however, the greatest avalanche effect. This study also used only 56 of these are actually used by the algorithm. statistics to test the differences of variance of the mean Eight bits are used solely for checking parity, and are avalanche effect between all observed groups. thereafter discarded. Hence the effective key length is 56 bits. The original DES cipher's key size of Related Work 56 bits was generally sufficient when that algorithm RC4 has a utilization in both encryption and unscrambling was designed, but the availability of increasing while the information stream experiences XOR together computational power made brute-force attacks with a progression of created keys.8 It takes in keys feasible. Triple DES (3DES)12 provides a relatively of irregular lengths and this is known as a maker of simple method of increasing the key size of DES pseudo subjective numbers. The yield is then to protect against such attacks, without the XORed together with the flood of information to create need to design a completely new block cipher recently encoded information. Consequently, a specific algorithm. 70 Journal of the Thai Medical Informatics Association, 1, 69-82, 2016 Polawat Witoolkollachit. The avalanche effect of various hash functions A cryptographic hash is a kind of ‘signature’ for a nominal variable which makes multiple observations of text or a data file. These functions are mathematical the measurement variable for each value of the nominal operations run on digital data. By comparing the variable. computed "hash" (the output from execution of the algorithm) to a known and expected hash value, Material and Methods a person can determine the data's integrity. A key aspect The 19 raw images were randomly selected in this study. of cryptographic hash functions is their collision (Figure 1) A sample size calculator was used to resistance: noone should be able to find two different determine sample size needed with a fixed parameter input values that result in the same hash output.13 (95% confidence level, 5% confidence interval, SHA-256 generates an almost-unique 256-bit (32-byte) population =20). The raw files were taken from FUJINON signature for a text. See below for the source code.14 X-T10. This camera uses a 16 million mega pixels SHA-256 is novel hash function computed with photo sensor and processes image internally by 14 bits 32-bit words. It uses different shift amounts and color depth. All images are 4896x3264 in dimensions. additive Theconstants, 19 raw butimages their werestructures randomly are otherwiseselected in thisThe study size. (Figureof image 1) A iss amplebetween size 31calculator and 33 was MB. usedvirtually to identical,determine differing sample only size in the needed number with of rounds.a fixed parameterThe notebook (95 %Intel confidence core i7 3.06 level, MHz 5 %CPU, confidence Ram 8 GB, 15 interval, Analysis population of variance =20). The (ANOVA) raw files iswere the taken most from 256FUJINON GB SSD, X -T10VMware. This workstation camera uses 12.0a 16and million windows megacommonly pixels usedphoto technique sensor for andcomparing processes the meansimage of internally10 environment by 14 bits was colorused fordepth this. Allstudy. images The CentOSare groups of measurement data. There are many different 7.0 64 bit guest OS with 2 GB Ram was updated to 4896x3264 in dimensions. The size of image is between 31 and 33 MB. The notebook Intel core i7 3.06 experimental designs that can be analyzed with different the latest version. During the experiment, the use of MHz CPU, Ram 8 GB, 256 GB SSD, VMware workstation 12.0 and windows 10 environment was used kinds of ANOVA. In a one-way ANOVA (also known as external power supply prevents CPU changing to low fora thisone-factor, study. Thesingle-factor, CentOS 7 .0or 64 single-classificationbit guest OS with 2 GBpower Ram environmentwas updated automatically to the latest withversion the.