On hash functions using checksums

We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including those using non-linear or even one-way checksum functions, is not secure against the second preimage attack of Kelsey and Schneier, the herding attack of Kelsey and Kohno and the multicollision attack of Joux. Our attacks also apply to a large class of cascaded hash functions. Our second preimage attacks on the cascaded hash functions improve the results of Joux presented at Crypto’04. We also apply our attacks to the MD2 and GOST hash functions. Our second preimage attacks on the MD2 and GOST hash functions improve the previous best known short-cut second preimage attacks on these hash functions by factors of at least 226 and 254, respectively. Our herding and multicollision attacks on the hash functions based on generic checksum functions (e.g., one-way) are a special case of the attacks on the cascaded iterated hash functions previously analysed by Dunkelman and Preneel and are not better than their attacks. On hash functions with easily invertible checksums, our multicollision and herding attacks (if the hash value is short as in MD2) are more efficient than those of Dunkelman and Preneel

Securing Cloud from Tampering and Duplication

Cloud computing is the most emerging technology today which is used by most of the social media sites to store the data. The data stored on the cloud is private data of the user so it must not be tampered by other entities. The previous system has worked on reducing the storage space by copying and archiving data but on the cost of reduced performance rate. We propose a system to enhance the storage space by performing deduplication on data and shuffling the data,between the number of directories within cloud after particular interval of time to avoid the tracking of data to enhance the security. The backup of the data will be taken timely into the back up directory. The proposed system will provide ease to use the cloud

Software for efficient file elimination in computer forensics investigations

Computer forensics investigators, much more than with any other forensic discipline, must process an ever continuing increase of data. Fortunately, computer processing speed has kept pace and new processes are continuously being automated to sort through the voluminous amount of data. There exists an unfulfilled need for a simple, streamlined, standalone public tool for automating the computer forensics analysis process for files on a hard disk drive under investigation. A software tool has been developed to dramatically reduce the number of files that an investigator must individually examine. This tool utilizes the National Institute of Standards and Technology (NIST) National Software Reference Library (NSRL) database to automatically identify files by comparing hash values of files on the hard drive under investigation to known good files (e.g., unaltered application files) and known bad files (e.g., exploits). This tool then provides a much smaller list of unknown files to be closely examined

Implementation of MD5 Framework for Privacy-Preserving Support for Mobile Healthcare

The improvement of science and technology has made life so easy and fast that smartphones and other touch-screen minicomputers have become the most trusted personal storage and communication devices for individuals. Comparable to the rich enhancement in wireless body sensor networks, it is valuable to the development of medical treatment to be exceptionally adaptable and become very flexible by means of smartphones through 2G and 3G system bearers. This has made treatment simple even to the common individual in the general public with less payable cash. In this paper, we introduce privacy-preserving support for mobile healthcare using message digest where we have used an MD5 algorithm instead of AES, which can certainly achieve an efficient way and minimizes the memory consumed and the large amount of PHI data of the medical user (patient) is reduced to a fixed amount of size compared to AES which in parallel increases the speed of the data to be sent to TA without any delay which in-turn. This study implements a secure and privacy-preserving opportunistic computing framework (SPOC) for mobile-health care emergency. Utilizing smartphones and SPOC, assets like computing power and energy can be gathered to reliably to take care of intensive personal health information (PHI) of the medicinal client when he/she is in critical situation with minimal privacy disclosure. With these, the healthcare authorities can treat the patients (restorative clients) remotely, where the patients live at home or at different spots they run. This sort of a treatment can be done under mHealth (Mobile-Healthcare). In malice of the fact that in them-medicinal services administration, there are numerous security and information protection issues to be succeed. The main aim of this paper is to bring medical health to patients in remote locations by providing the basic triage of an emergency to increase the patient’s body acceptance until they can reach a proper medical facility, in addition to providing emergency care in minimal payable cash

Towards Designing Energy-Efficient Secure Hashes

In computer security, cryptographic algorithms and protocols are required to ensure security of data and applications. This research investigates techniques to reduce the energy consumed by cryptographic hash functions. The specific hash functions considered are Message Digest-2 (MD2), Message Digest-5 (MD5), Secure Hash Algorithm-1 (SHA-1) and Secure Hash Algorithm-2 (SHA-2). The discussion around energy conservation in handheld devices like laptops and mobile devices is gaining momentum. Research has been done at the hardware and operating system levels to reduce the energy consumed by these devices. However, research on conserving energy at the application level is a new approach. This research is motivated by the energy consumed by anti-virus applications which use computationally intensive hash functions to ensure security. To reduce energy consumption by existing hash algorithms, the generic energy complexity model, designed by Roy et al. [Roy13], has been applied and tested. This model works by logically mapping the input across the eight available memory banks in the DDR3 architecture and accessing the data in parallel. In order to reduce the energy consumed, the data access pattern of the hash functions has been studied and the energy complexity model has been applied to hash functions to redesign the existing algorithms. These experiments have shown a reduction in the total energy consumed by hash functions with different degrees of parallelism of the input message, as the energy model predicted, thereby supporting the applicability of the energy model on the different hash functions chosen for the study. The study also compared the energy consumption by the hash functions to identify the hash function suitable for use based on required security level. Finally, statistical analysis was performed to verify the difference in energy consumption between MD5 and SHA2

Intelligent platform management interface protocol security

Master's Project (M.S.) University of Alaska Fairbanks, 2014The Intelligent Platform Management Interface (IPMI) is a protocol that allows administrators to manage servers remotely. Hardware vendors including Dell, HP, Supermicro, IBM, Lenovo, Fujitsu and Oracle support IPMI though a Baseboard Management Controller (BMC) which can either be integrated into the motherboard or purchased as a pluggable module. The BMC runs silently alongside other components of the server and provides a lower level of hardware access than the Operating System (OS). This allows support for features like power cycling the server, mounting virtual media and accessing a remote console. The failure of BMC vendors to produce a more secure product, along with the inherent flaws of the IPMI protocol, increases the need for these systems' security capabilities to be evaluated. The IPMI protocol and various vendor implementations of the BMC has been the subject of recent scrutiny, and initial investigation has raised concerns about the security properties of these components. This project focuses on evaluating specific IPMI supported hardware and software setup in an environment modeled to simulate real use, for the explicit purpose of evaluating the security of the system. This project presents: several methods by which unprivileged users can gain remote access to the system, a list of best practices for proper configuration, a guide to clearing configuration settings before decommission, and a basic Metasploit module to scan for BMC related services

Detecting Man-in-the-Middle Attacks against Transport Layer Security Connections with Timing Analysis

The Transport Layer Security (TLS) protocol is a vital component to the protection of data as it traverses across networks. From e-commerce websites to Virtual Private Networks (VPNs), TLS protects massive amounts of private information, and protecting this data from Man-in-the-Middle (MitM) attacks is imperative to keeping the information secure. This thesis illustrates how an attacker can successfully perform a MitM attack against a TLS connection without alerting the user to his activities. By deceiving the client machine into using a false certificate, an attacker takes away the only active defense mechanism a user has against a MitM. The goal for this research is to determine if a time threshold exists that can indicate the presence of a MitM in this scenario. An analysis of the completion times between TLS handshakes without a MitM, with a passive MitM, and with an active MitM is used to determine if this threshold is calculable. Any conclusive findings supporting the existence of a timing baseline can be considered the first steps toward finding the value of the threshold and creating a second layer defense to actively protect against a MitM

Algorithmic Countermeasures Against Fault Attacks and Power Analysis for RSA-CRT

In this work, we analyze all existing RSA-CRT countermeasures against the Bellcore attack that use binary self-secure exponentiation algorithms. We test their security against a powerful adversary by simulating fault injections in a fault model that includes random, zeroing, and skipping faults at all possible fault locations. We find that most of the countermeasures are vulnerable and do not provide sufficient security against all attacks in this fault model. After investigating how additional measures can be included to counter all possible fault injections, we present three countermeasures which prevent both power analysis and many kinds of fault attacks