IMPLEMENTASI DIGITAL SIGNATURE ALGORITHM (DSA) MENGGUNAKAN SECURE HASH ALGORITHM-256 (SHA-256) PADA MEDIA GAMBAR

With the development of technology, documents not only produced in printed form but also produced in digital form, especially image documents. The advantage of digital documents is that they are easier and more efficient to use but digital documents are also easy to fake. To overcome this, a digital document security technique is needed, that is the document is digitally signed. This study aims to explain the process of implementing Digital Signature Algorithm by using the Secure Hash Algorithm-256 as hash function on image file and designing digital signature programs. The results of this study indicate that the Digital Signature Algorithm (DSA) using the Secure Hash Algorithm-256 hash function can’t only be implemented in text messages, but can be implemented in image file by the method of image conversion to ASCII images. DSA can also be programmed using the Python programming language to facilitate the generation and authentication of signatures

Protecting Digital Evidence Integrity and Preserving Chain of Custody

Evidence is the key to solve any crime. Evidence integrity needs to be protected in order to make it admissible in the court of law. Digital evidence is more revealing, but it is fragile; it can easily be tampered with or modified. There are different techniques available to protect the integrity of digital evidence. Different automated digital evidence acquisition tools are available in the market. In this paper, we have analyzed two automated tools (EnCase and FTK Imager) that are used for disk imaging. These tools claim to protect the integrity of digital evidence. The techniques used by these tools are analyzed in this paper. Problems with their approaches are discussed and a solution is proposed to address the problems. A prototype of an automated tool is developed with an implementation of the proposed solution

Comparison of hash function algorithms against attacks: a review

Hash functions are considered key components of nearly all cryptographic protocols, as well as of many security applications such as message authentication codes, data integrity, password storage, and random number generation. Many hash function algorithms have been proposed in order to ensure authentication and integrity of the data, including MD5, SHA-1, SHA-2, SHA-3 and RIPEMD. This paper involves an overview of these standard algorithms, and also provides a focus on their limitations against common attacks. These study shows that these standard hash function algorithms suffer collision attacks and time inefficiency. Other types of hash functions are also highlighted in comparison with the standard hash function algorithm in performing the resistance against common attacks. It shows that these algorithms are still weak to resist against collision attacks

A Meaningful MD5 Hash Collision Attack

It is now proved by Wang et al., that MD5 hash is no more secure, after they proposed an attack that would generate two different messages that gives the same MD5 sum. Many conditions need to be satisfied to attain this collision. Vlastimil Klima then proposed a more efficient and faster technique to implement this attack. We use these techniques to first create a collision attack and then use these collisions to implement meaningful collisions by creating two different packages that give identical MD5 hash, but when extracted, each gives out different files with contents specified by the atacker

Certificateless Blind Signature Based on DLP

The most widely used digital signature in the real word application such as e cash e-voting etc. is blind signature. Previously the proposed blind signature follow the foot steps of public key cryptography(PKC) but conventional public key cryptography uses an affirmation of a relationship between public key and identity for the holder of the corresponding private key to the user, so certificate management is very difficult. To overcome this problem Identity based cryptography is introduced. But Identity based cryptography is inherited with key escrow problem. Blind signature with certificateless PKC(CLBS) used widely because it eliminate the problem related to certificate management of cryptography and the key escrow problem of ID based PKC. Because of large requirement of CLBS scheme in different applications many CLBS scheme is proposed, but they were based on bilinear pairing. However, the CLBS scheme based on bilinear pairing is not very satisfiable because bilinear pairing operations are very complicated. In our proposed scheme, we designed a certificateless blind signature scheme based on the discrete logarithmic problem. The proposed scheme fulfills all the security requirements of blind signature as well as certificateless signature. We analyzed security properties such as blindness, unforgeability and unlinkability. The proposed scheme has less computational cost. The hardness of discrete logarithmic problem (DLP) is used to prove the security of the proposed scheme

Performance Evaluation of SNMPv1/2c/3 using Different Security Models on Raspberry Pi

The Simple Network Management Protocol (SNMP) is one of the dominant protocols for network monitoring and configuration. The first two versions of SNMP (v1 and v2c) use the Community-based Security Model (CSM), where the community is transferred in clear text, resulting in a low level of security. With the release of SNMPv3, the User-based Security Model (USM) and Transport Security Model (TSM) were proposed, with strong authentication and privacy at different levels. The Raspberry Pi family of Single-Board Computers (SBCs) is widely used for many applications. To help their integration into network management systems, it is essential to study the impact of the different versions and security models of SNMP on these SBCs. In this work, we carried out a performance analysis of SNMP agents running in three different Raspberry Pis (Pi Zero W, Pi 3 Model B, and Pi 3 Model B+). Our comparisons are based on the response time, defined as the time required to complete a request/response exchange between a manager and an agent. Since we did not find an adequate tool for our assessments, we developed our own benchmarking tool. We did numerous experiments, varying different parameters such as the type of requests, the number of objects involved per request, the security levels of SNMPv3/USM, the authentication and privacy protocols of SNMPv3/USM, the transport protocols, and the versions and security models of SNMP. Our experiments were executed with Net-SNMP, an open-source and comprehensive distribution of SNMP. Our tests indicate that SNMPv1 and SNMPv2c have similar performance. SNMPv3 has a longer response time, due to the overhead caused by the security services (authentication and privacy). The Pi 3 Model B and Pi 3 Model B+ have comparable performance, and significantly outperform the Pi Zero W

Reverse-Engineering of the Cryptanalytic Attack Used in the Flame Super-Malware

In May 2012, a highly advanced malware for espionage dubbed Flame was found targeting the Middle-East. As it turned out, it used a forged signature to infect Windows machines by MITM-ing Windows Update. Using counter-cryptanalysis, Stevens found that the forged signature was made possible by a chosen-prefix attack on MD5 \cite{DBLP:conf/crypto/Stevens13}. He uncovered some details that prove that this attack differs from collision attacks in the public literature, yet many questions about techniques and complexity remained unanswered. In this paper, we demonstrate that significantly more information can be deduced from the example collision. Namely, that these details are actually sufficient to reconstruct the collision attack to a great extent using some weak logical assumptions. In particular, we contribute an analysis of the differential path family for each of the four near-collision blocks, the chaining value differences elimination procedure and a complexity analysis of the near-collision block attacks and the associated birthday search for various parameter choices. Furthermore, we were able to prove a lower-bound for the attack's complexity. This reverse-engineering of a non-academic cryptanalytic attack exploited in the real world seems to be without precedent. As it allegedly was developed by some nation-state(s) \cite{WashingtonPost_Flame,kaspersky_flame,crysis_flame}, we discuss potential insights to their cryptanalytic knowledge and capabilities