Finding MD5 Collisions – a Toy For a Notebook

One of the major cryptographic break-through of the recent years was a discovery of collisions for a set of hash functions (MD4, MD5, HAVAL-128, RIPEMD) by the Chinese cryptographers in August 2004 [1]. Their authors (Wang et al.) kept the algorithm secret, however. We have found a way to generate the first message block of the collision about 1000 - 2000 times faster than the Chinese team - that corresponds to reaching the first colliding block in 2 minutes using a common notebook. The same computation phase took the Chinese team about an hour using an IBM P690 supercomputer. On the other hand, the Chinese team was 2 - 80 times faster when computing the second message block of their collisions. Therefore, our and the Chinese methods probably differs in both parts of the computation. Overall, our method is about 3 - 6 times faster. More specifically, finding the first (complete) collision took 8 hours using a notebook PC (Intel Pentium 1.6 GHz). That should be a warning towards persisting usage of MD5. Note that our method works for any initialization vector. In the appendix, we show new examples of collisions for a standard and chosen initialization vectors

A Symbolic Intruder Model for Hash-Collision Attacks

In the recent years, several practical methods have been published to compute collisions on some commonly used hash functions. In this paper we present a method to take into account, at the symbolic level, that an intruder actively attacking a protocol execution may use these collision algorithms in reasonable time during the attack. Our decision procedure relies on the reduction of constraint solving for an intruder exploiting the collision properties of hush functions to constraint solving for an intruder operating on words

Tunnels in Hash Functions: MD5 Collisions Within a Minute

In this paper we introduce a new idea of tunneling of hash functions. In some sense tunnels replace multi-message modification methods and exponentially accelerate collision search. We describe several tunnels in hash function MD5. Using it we find a MD5 collision roughly in one minute on a standard notebook PC (Intel Pentium, 1.6 GHz). The method works for any initializing value. Tunneling is a general idea, which can be used for finding collisions of other hash functions, such as SHA-1, 2. We show several capabilities of tunnels. A program, which source code is available on a project homepage, experimentally verified the method. Revised version of this paper contains the appendix with the description of more tunnels. These tunnels further decrease the average time of MD5 collision to 31 seconds. On PC Intel Pentium 4 (3,2 GHz) it is 17 seconds in average

Computação massivamente paralela para identificação de marcadores RFID

Mestrado em Engenharia de Computadores e TelemáticaNos dias que correm, tem-se assistido a uma grande evolução dos sistemas de identificação através de marcadores RFID, frequentemente sem se dar a devida importância à componente de privacidade nos mesmos. A presente dissertação pretende explorar um paradigma de identificação de marcadores com o intuito de colmatar esta lacuna, recorrendo à utilização de uma função dificilmente invertível, criptográfica ou de síntese, para a geração no marcador de um identificador pseudo-aleatório a partir do identificador real do mesmo, bem como de um conjunto de números aleatórios gerados pelo marcador e pelo leitor. Contudo, torna-se necessária uma pesquisa ao longo de todos os identificadores atribuídos, que por questões de desempenho é realizado de uma forma massivamente paralela. Desta forma, impede-se o seguimento de objectos ou pessoas associados ao marcador por entidades Ilegítimas, que não tenham acesso a uma base de dados de todos os identificadores atribuídos.In recent years, there has been a large evolution of identification systems through the use of RFID tags, often with some disregard for privacy concerns. In this dissertation a paradigm will be explored focusing on the use of a well known cryptographic standard or hashing function to generate a pseudo-random identifier from the real identifier as well as a set of random nonces from the tag and reader. However, a search is required along the set of assigned identifiers, which for the sake of performance shall be done resorting to a massively parallel approach. This way, it becomes unfeasible for an illegitimate reader to relate two activation sessions of the same tag without access to the database of all the assigned identifiers

Hash functions and their usage in user authentication

Práce se zabývá hashovacími funkcemi a jejich využitím při autentizaci. Obsahuje základní teorii o hashovacích funkcích a popis jejich základních konstrukčních prvků. Konkrétně se práce zaměřuje na hashovací funkce LMHash, MD4, MD5 a funkce z rodiny SHA, které porovnává z hlediska bezpečnosti. Práce obecně popisuje nejpoužívanější útoky na hashovací funkce, poukazuje na slabiny současné konstrukce a nabízí výhled do budoucnosti hashovacích funkcí. Dále práce nastiňuje problematiku autentizace a popisuje použití hashovacích funkcí v této oblasti. V praktické části je realizován obecný autentizační rámec v programovacím jazyce C#. Výsledkem realizace jsou klientská a serverová aplikace, na kterých byly úspěšně vyzkoušeny dvě vybrané autentizační metody. Při realizaci bylo dbáno na flexibilitu řešení a možné budoucí využití jiných metod autentizace.This thesis concerns with hash functions and their usage in authentication. It presents basics of hash functions theory and construction elements. In particular the thesis focuses on LMHash, MD4, MD5 and SHA family hash functions, which are compared from the security point of view. The thesis describes in general the most frequently used hash function attacks, points out the weaknesses of current construction and mentions the future perspective of hash functions. Furthermore the thesis outlines the area authentication and describes usage of hash functions in the area. Practical part of the thesis contains an implements of a general authentication framework implemented in programming language C#. The result is client and server applications, in which two selected authentication methods were successfully tested. The result implementation is flexible with respect to the possible future use of other authentication methods.

An Overview of Cryptography (Updated Version, 3 March 2016)

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations. A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998

Energy Efficient Security Framework for Wireless Local Area Networks

Wireless networks are susceptible to network attacks due to their inherentvulnerabilities. The radio signal used in wireless transmission canarbitrarily propagate through walls and windows; thus a wireless networkperimeter is not exactly known. This leads them to be more vulnerable toattacks such as eavesdropping, message interception and modifications comparedto wired-line networks. Security services have been used as countermeasures toprevent such attacks, but they are used at the expense of resources that arescarce especially, where wireless devices have a very limited power budget.Hence, there is a need to provide security services that are energy efficient.In this dissertation, we propose an energy efficient security framework. Theframework aims at providing security services that take into account energyconsumption. We suggest three approaches to reduce the energy consumption ofsecurity protocols: replacement of standard security protocol primitives thatconsume high energy while maintaining the same security level, modification ofstandard security protocols appropriately, and a totally new design ofsecurity protocol where energy efficiency is the main focus. From ourobservation and study, we hypothesize that a higher level of energy savings isachievable if security services are provided in an adjustable manner. Wepropose an example tunable security or TuneSec system, which allows areasonably fine-grained security tuning to provide security services at thewireless link level in an adjustable manner.We apply the framework to several standard security protocols in wirelesslocal area networks and also evaluate their energy consumption performance.The first and second methods show improvements of up to 70% and 57% inenergy consumption compared to plain standard security protocols,respectively. The standard protocols can only offer fixed-level securityservices, and the methods applied do not change the security level. The thirdmethod shows further improvement compared to fixed-level security by reducing(about 6% to 40%) the energy consumed. This amount of energy saving can bevaried depending on the configuration and security requirements

Identity-based cryptography from paillier cryptosystem.

Au Man Ho Allen.Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.Includes bibliographical references (leaves 60-68).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.iiiChapter 1 --- Introduction --- p.1Chapter 2 --- Preliminaries --- p.5Chapter 2.1 --- Complexity Theory --- p.5Chapter 2.2 --- Algebra and Number Theory --- p.7Chapter 2.2.1 --- Groups --- p.7Chapter 2.2.2 --- Additive Group Zn and Multiplicative Group Z*n --- p.8Chapter 2.2.3 --- The Integer Factorization Problem --- p.9Chapter 2.2.4 --- Quadratic Residuosity Problem --- p.11Chapter 2.2.5 --- Computing e-th Roots (The RSA Problem) --- p.13Chapter 2.2.6 --- Discrete Logarithm and Related Problems --- p.13Chapter 2.3 --- Public key Cryptography --- p.16Chapter 2.3.1 --- Encryption --- p.17Chapter 2.3.2 --- Digital Signature --- p.20Chapter 2.3.3 --- Identification Protocol --- p.22Chapter 2.3.4 --- Hash Function --- p.24Chapter 3 --- Paillier Cryptosystems --- p.26Chapter 3.1 --- Introduction --- p.26Chapter 3.2 --- The Paillier Cryptosystem --- p.27Chapter 4 --- Identity-based Cryptography --- p.30Chapter 4.1 --- Introduction --- p.31Chapter 4.2 --- Identity-based Encryption --- p.32Chapter 4.2.1 --- Notions of Security --- p.32Chapter 4.2.2 --- Related Results --- p.35Chapter 4.3 --- Identity-based Identification --- p.36Chapter 4.3.1 --- Security notions --- p.37Chapter 4.4 --- Identity-based Signature --- p.38Chapter 4.4.1 --- Security notions --- p.39Chapter 5 --- Identity-Based Cryptography from Paillier System --- p.41Chapter 5.1 --- Identity-based Identification schemes in Paillier setting --- p.42Chapter 5.1.1 --- Paillier-IBI --- p.42Chapter 5.1.2 --- CGGN-IBI --- p.43Chapter 5.1.3 --- GMMV-IBI --- p.44Chapter 5.1.4 --- KT-IBI --- p.45Chapter 5.1.5 --- Choice of g for Paillier-IBI --- p.46Chapter 5.2 --- Identity-based signatures from Paillier system . . --- p.47Chapter 5.3 --- Cocks ID-based Encryption in Paillier Setting . . --- p.48Chapter 6 --- Concluding Remarks --- p.51A Proof of Theorems --- p.53Chapter A.1 --- "Proof of Theorems 5.1, 5.2" --- p.53Chapter A.2 --- Proof Sketch of Remaining Theorems --- p.58Bibliography --- p.6

Security in information systems for smart cities

Com o crescimento das populações nos grandes centros urbanos, surgem cada vez mais problemas ao nível da gestão de recursos das cidades. Graças à evolução das tecnologias ligadas à internet é possível utilizar essas tecnologias para auxiliar na solução de problemas, criando assim as cidades inteligentes. Este trabalho analisa uma solução de cidade inteligente existente ao nível da segurança dos dados e aplicação e apresenta uma solução para colmatar as suas falhas e mostrar como desenvolver aplicações com uma camada de segurança adequada. É apresentada uma solução que tem em conta a criticalidade dos dados, tal como exigido no novo Regulamento de Proteção de Dados da União Europeia, e depois é executada a implementação. A implementação da solução é por fim validada por vários testes de desempenho e também funcionais o que permite avaliar o nível de sucesso do trabalho apresentado nesta dissertação.With a significant population growth in large urban centers, the problems in the management of cities’ resources are rapidly increasing. But due to the evolution of the technologies connected to the internet it is possible to use those to aid in the solution of problems, thus creating the so called Smart Cities. This dissertation examines an existing Smart City solution, and presents a solution to address its flaws and show how to develop applications with a proper security layer for the data and application layer. A solution is presented which takes into account the criticality of the data as required by the new EU Data Protection Regulation, and then implements using the appropriate technologies. The implementation of the solution is validated by several performance and functional tests, which allows to evaluate the level of success of the work presented in this dissertation.Mestrado em Engenharia de Computadores e Telemátic