Some thoughts on Collision Attacks in the Hash Functions MD5, SHA-0 and SHA-1

The design principle of Merkle-Damgård construction is collision resistance of the compression function implies collision resistance of the hash function. Recently multi-block collisions have been found on the hash functions MD5, SHA-0 and SHA-1 using differential cryptanalysis. These multi-block collisions raise several questions on some definitions and properties used in the hash function literature. In this report, we take a closer look at some of the literature in cryptographic hash functions and give our insights on them. We bring out some important differences between the 1989\u27s Damgård\u27s hash function and the hash functions that followed it. We conclude that these hash functions did not consider the pseudo-collision attack in their design criteria. We also doubt whether these hash functions achieve the design principle of Merkle-Damgård\u27s construction. We formalise some definitions on the properties of hash functions in the literature

3C- A Provably Secure Pseudorandom Function and Message Authentication Code.A New mode of operation for Cryptographic Hash Function

We propose a new cryptographic construction called 3C, which works as a pseudorandom function (PRF), message authentication code (MAC) and cryptographic hash function. The 3C-construction is obtained by modifying the Merkle-Damgard iterated construction used to construct iterated hash functions. We assume that the compression functions of Merkle-Damgard iterated construction realize a family of fixed-length-input pseudorandom functions (FI-PRFs). A concrete security analysis for the family of 3C- variable-length-input pseudorandom functions (VI-PRFs) is provided in a precise and quantitative manner. The 3C- VI-PRF is then used to realize the 3C- MAC construction called one-key NMAC (O-NMAC). O-NMAC is a more efficient variant of NMAC and HMAC in the applications where key changes frequently and the key cannot be cached. The 3C-construction works as a new mode of hash function operation for the hash functions based on Merkle-Damgard construction such as MD5 and SHA-1. The generic 3C- hash function is more resistant against the recent differential multi-block collision attacks than the Merkle-Damgard hash functions and the extension attacks do not work on the 3C- hash function. The 3C-X hash function is the simplest and efficient variant of the generic 3C hash function and it is the simplest modification to the Merkle-Damgard hash function that one can achieve. We provide the security analysis for the functions 3C and 3C-X against multi-block collision attacks and generic attacks on hash functions. We combine the wide-pipe hash function with the 3C hash function for even better security against some generic attacks and differential attacks. The 3C-construction has all these features at the expense of one extra iteration of the compression function over the Merkle-Damgard construction

A New Collision Differential For MD5 With Its Full Differential Path

Since the first collision differential with its full differential path was presented for MD5 function by Wang et al. in 2004, renewed interests on collision attacks for the MD family of hash functions have surged over the world of cryptology. To date, however, no cryptanalyst can give a second computationally feasible collision differential for MD5 with its full differential path, even no improved differential paths based on Wangs MD5 collision differential have appeared in literature. Firstly in this paper, a new differential cryptanalysis called signed difference is defined, and some principles or recipes on finding collision differentials and designing differential paths are proposed, the signed difference generation or elimination rules which are implicit in the auxiliary functions, are derived. Then, based on these newly found properties and rules, this paper comes up with a new computationally feasible collision differential for MD5 with its full differential path, which is simpler thus more understandable than Wangs, and a set of sufficient conditions considering carries that guarantees a full collision is derived from the full differential path. Finally, a multi-message modification-based fast collision attack algorithm for searching collision messages is specialized for the full differential path, resulting in a computational complexity of 2 to the power of 36 and 2 to the power of 32 MD5 operations, respectively for the first and second blocks. As for examples, two collision message pairs with different first blocks are obtained

D.STVL.9 - Ongoing Research Areas in Symmetric Cryptography

This report gives a brief summary of some of the research trends in symmetric cryptography at the time of writing (2008). The following aspects of symmetric cryptography are investigated in this report: • the status of work with regards to different types of symmetric algorithms, including block ciphers, stream ciphers, hash functions and MAC algorithms (Section 1); • the algebraic attacks on symmetric primitives (Section 2); • the design criteria for symmetric ciphers (Section 3); • the provable properties of symmetric primitives (Section 4); • the major industrial needs in the area of symmetric cryptography (Section 5)

Security Applications of Formal Language Theory

We present an approach to improving the security of complex, composed systems based on formal language theory, and show how this approach leads to advances in input validation, security modeling, attack surface reduction, and ultimately, software design and programming methodology. We cite examples based on real-world security flaws in common protocols representing different classes of protocol complexity. We also introduce a formalization of an exploit development technique, the parse tree differential attack, made possible by our conception of the role of formal grammars in security. These insights make possible future advances in software auditing techniques applicable to static and dynamic binary analysis, fuzzing, and general reverse-engineering and exploit development. Our work provides a foundation for verifying critical implementation components with considerably less burden to developers than is offered by the current state of the art. It additionally offers a rich basis for further exploration in the areas of offensive analysis and, conversely, automated defense tools and techniques. This report is divided into two parts. In Part I we address the formalisms and their applications; in Part II we discuss the general implications and recommendations for protocol and software design that follow from our formal analysis

Analysis Of Possible Authentication Strategies For The Automated Identification System

Automatic Identification System, commonly known as AIS, is a maritime communication system that is used to keep track of positions and activities of ships. It is widely implemented all around the world, and mandated on vessels over a certain size according to the International Maritime Organization. It is a signal broadcast over radio frequencies that contains ship characteristics, position, speed, and other information. AIS is also being implemented in aids to navigation, supplementing and in some cases replacing traditional aids such as lighthouses and buoys. The protocol standard contains no security, leaving AIS vulnerable to spoofing, hijacking, and denial of service attacks. This paper explores the possible consequences of AIS exploitation, as well as options to mitigate risk. Digital signature authentication of AIS signals is examined with particular attention paid to the feasibility and challenges of wide scale implementation. Ultimately the potential benefits of digital signature authentication are considered to be outweighed by the challenges of implementation

Towards more Secure and Efficient Password Databases

Password databases form one of the backbones of nowadays web applications. Every web application needs to store its users’ credentials (email and password) in an efficient way, and in popular applications (Google, Facebook, Twitter, etc.) these databases can grow to store millions of user credentials simultaneously. However, despite their critical nature and susceptibility to targeted attacks, the techniques used for securing password databases are still very rudimentary, opening the way to devastating attacks. Just in the year of 2016, and as far as publicly disclosed, there were more than 500 million passwords stolen in internet hacking attacks. To solve this problem we commit to study several schemes like property-preserving encryption schemes (e.g. deterministic encryption), encrypted data-structures that support operations (e.g. searchable encryption), partially homomorphic encryption schemes, and commodity trusted hardware (e.g. TPM and Intel SGX). In this thesis we propose to make a summary of the most efficient and secure techniques for password database management systems that exist today and recreating them to accommodate a new and simple universal API. We also propose SSPM(Simple Secure Password Management), a new password database scheme that simultaneously improves efficiency and security of current solutions existing in literature. SSPM is based on Searchable Symmetric Encryption techniques, more specifically ciphered data structures, that allow efficient queries with the minimum leak of access patterns. SSPM adapts these structures to work with the necessary operation of password database schemes preserving the security guarantees. Furthermore, SSPM explores the use of trusted hardware to minimize the revelation of access patterns during the execution of operations and protecting the storage of cryptographic keys. Experimental results with real password databases shows us that SSPM has a similar performance compared with the solutions used today in the industry, while simultaneous increasing the offered security conditions

Ongoing Research Areas in Symmetric Cryptography

This report is a deliverable for the ECRYPT European network of excellence in cryptology. It gives a brief summary of some of the research trends in symmetric cryptography at the time of writing. The following aspects of symmetric cryptography are investigated in this report: • the status of work with regards to different types of symmetric algorithms, including block ciphers, stream ciphers, hash functions and MAC algorithms (Section 1); • the recently proposed algebraic attacks on symmetric primitives (Section 2); • the design criteria for symmetric ciphers (Section 3); • the provable properties of symmetric primitives (Section 4); • the major industrial needs in the area of symmetric cryptography (Section 5)