ANALYSES, MITIGATION AND APPLICATIONS OF SECURE HASH ALGORITHMS A Dissertation Submitted to the Graduate Faculty of the North Dakota State University of Agriculture and Applied Science By Zeyad Abdel-Hameed Al-Odat In Partial Fulfillment of the Requirements for the Degree of DOCTOR OF PHILOSOPHY Major Department: Electrical and Computer Engineering November 2019 Fargo, North Dakota NORTH DAKOTA STATE UNIVERSITY Graduate School Title ANALYSES, MITIGATION AND APPLICATIONS OF SECURE HASH ALGORITHMS By Zeyad Abdel-Hameed Al-Odat The supervisory committee certifies that this dissertation complies with North Dakota State Uni- versity's regulations and meets the accepted standards for the degree of DOCTOR OF PHILOSOPHY SUPERVISORY COMMITTEE: Samee U. Khan Chair Jacob Glower Sudarshan Srinivasan Ying Huang Zhang Limin Approved: 1, November, 2019 Ben Braaten Date Department Chair ABSTRACT Cryptographic hash functions are one of the widely used cryptographic primitives with a purpose to ensure the integrity of the system or data. Hash functions are also utilized in conjunc- tion with digital signatures to provide authentication and non-repudiation services. Secure Hash Algorithms are developed over time by the National Institute of Standards and Technology (NIST) for security, optimal performance, and robustness. The most known hash standards are SHA-1, SHA-2, and SHA-3. The secure hash algorithms are considered weak if security requirements have been broken. The main security attacks that threaten the secure hash standards are collision and length extension attacks. The collision attack works by finding two different messages that lead to the same hash. The length extension attack extends the message payload to produce an eligible hash digest. Both attacks already broke some hash standards that follow the Merkle-Damg˚ardconstruction. This dissertation proposes methodologies to improve and strengthen weak hash standards against collision and length extension attacks. We propose collision-detection approaches that help to detect the collision attack before it takes place. Besides, a proper replacement, which is supported by a proper construction, is proposed. The collision detection methodology helps to protect weak primitives from any possible collision attack using two approaches. The first approach employs a near-collision detection mechanism that was proposed by Marc Stevens. The second approach is our proposal. Moreover, this dissertation proposes a model that protects the secure hash functions from collision and length extension attacks. The model employs the sponge structure to construct a hash function. The resulting function is strong against collision and length extension attacks. Furthermore, to keep the general structure of the Merkle-Damg˚ardfunctions, we propose a model that replaces the SHA-1 and SHA-2 hash standards using the Merkle-Damg˚ardconstruction. This model employs the compression function of the SHA-1, the function manipulators of the SHA-2, and the 10 1 padding method. In the case of big data over the cloud, this dissertation presents several ∗ schemes to ensure data security and authenticity. The schemes include secure storage, anonymous privacy-preserving, and auditing of the big data over the cloud. iii ACKNOWLEDGEMENTS All praises and thanks to Allah almighty, my Creator, my Sustainer, for giving me courage and strength to pursue my PhD and fulfill the requirements of this disquisition. My heartiest and sincere appreciation and gratitude to my mentor and adviser Dr. Samee U. Khan, who always encouraged me, and persistently conveyed the spirit and guidance required for the research. Without his kind guidance and continuous efforts, this disquisition would not have been possible. Special thanks to my committee members, Dr. Jacob S. Glower, Dr. Sudarshan K. Srini- vasan, Dr. Ying Huang, and Dr. Zhang Limin for their support, guidance and helpful recommenda- tions. Thanks to the Electrical and Computer Engineering staff members for all the unconditional help and favor. I owe my heartiest thanks to all my friends and colleagues here in the US and Jordan, who always helped me in the time of need. Finally, I would like to thank my family, Father, Mother, Brothers (Maen, Mohammad, Ali, Zaher, Moath), and Sisters (Nisreen, Yasmeen, Haneen, Sadeen). Their continuous support is always a source of motivation and encouragement for me. I especially like to thank my mother and father, who are the only and every reason for whatever I am today and whatever I achieved in my life. I also would like to thank my loving wife Eman and my son Adam, for their patience, time, and support. iv DEDICATION I would like to dedicate this dissertation to my family, especially to my parents, my wife, and my son for all the love, support, and motivation. v TABLE OF CONTENTS ABSTRACT . iii ACKNOWLEDGEMENTS . iv DEDICATION . v LIST OF TABLES . xii LIST OF FIGURES . xiv 1. INTRODUCTION . 1 1.1. Overview . 1 1.2. Cryptographic Hash Functions . 2 1.2.1. Cryptographic Requirements of Hash Functions . 2 1.2.2. Attacks on Hash Functions . 4 1.2.3. Constructions of Hash Functions . 8 1.3. Motivation . 11 1.4. Contributions . 13 1.4.1. Collision Detection of the SHA-1 Hash Function . 13 1.4.2. Improving the Merkle-Damg˚ardHash Functions to Overcome Security Issues 13 1.4.3. Randomness Analyses of the Secure Hash Algorithms . 14 1.4.4. Big Data Applications Using Secure Hash Algorithms . 14 1.5. Thesis Outline . 15 1.6. References . 17 2. BACKGROUND . 21 2.1. Overview . 21 2.2. Secure Hash Algorithm Families . 23 2.2.1. SHA-1 . 25 2.2.2. SHA-2 . 27 vi 2.2.3. SHA-3 . 29 2.3. Hardware Implementations of the SHA Standards . 34 2.3.1. Choice of Hardware to Implement SHA . 34 2.3.2. FPGA Performance Metrics . 36 2.4. Optimization Techniques . 37 2.4.1. FPGA Implementation of the SHA-1 . 38 2.4.2. FPGA Implementations of the SHA-2 . 43 2.4.3. FPGA Implementations of the SHA-3 . 45 2.4.4. Error Detection and Correction . 51 2.5. Discussion . 55 2.6. References . 62 3. MITIGATION AND IMPROVING SHA-1 STANDARD USING COLLISION DETEC- TION APPROACH . 73 3.1. Introduction . 73 3.2. Preliminaries . 74 3.2.1. Brief Description about the SHA-1 . 74 3.2.2. SHA-1 Differential Attack . 76 3.2.3. Threat Model . 77 3.3. Literature Review . 78 3.4. Proposed Methodology . 80 3.4.1. Proposed Work . 80 3.5. Results and Discussions . 83 3.6. Conclusions . 85 3.7. References . 86 4. THE SPONGE STRUCTURE MODULATION APPLICATION TO OVERCOME THE SECURITY BREACHES FOR THE MD5 AND SHA-1 HASH FUNCTIONS . 89 4.1. Introduction . 89 vii 4.2. Background . 91 4.2.1. Brief Description of Secure Hash Algorithms . 91 4.2.2. Sponge Structure Model . 93 4.3. Related Work . 93 4.4. Proposed Methodology . 95 4.5. Results and Discussions . 99 4.5.1. Collision Attack . 99 4.5.2. Length Extension Attack . 100 4.6. Conclusions . 102 4.7. References . 102 5. A MODIFIED SECURE HASH ALGORITHM ARCHITECTURE TO CIRCUMVENT COLLISION AND LENGTH EXTENSION ATTACKS . 105 5.1. Introduction . 105 5.2. Preliminaries . 106 5.2.1. Brief Description of SHA-1 . 106 5.2.2. Brief Description of SHA-2 . 107 5.2.3. Threat Model . 109 5.2.4. Metrics . 110 5.3. Related Work . 111 5.4. Proposed Methodology . 113 5.4.1. Padding Method . 113 5.4.2. Fused Compression Function . 114 5.5. Verification of the Proposed Design . 117 5.5.1. Specifications of the Proposed Design . 117 5.5.2. Functional Specification . 120 5.6. Results and Discussions . 120 5.6.1. Test Vectors . 121 viii 5.6.2. Avalanche Effect . ..