Secure Hash Algorithms

1
Secure Hash Algorithms

• Kevin Casey, Adam Cohen, Ju Kim

2
Overview

• General Overview of Cryptography
• Variations of Hash Algorithms
• Differences between Secure Hash Algorithms
• Cryptanalysis of SHA
• Applications
• Conclusion

3
Cryptography Variations
4

• UNIX Crypt
• The UNIX hashing algorithm
• crypt is relatively obscure and rarely used for
  e-mail attachments nor as a file format
• crypt is considered far too cryptographically
  weak to withstand brute force attacks by modern
  computing systems
• MD4
• A one-way hash function that produces a 128-bit
  hash, or message digest.
• If as little as a single bit value in the file is
  modified, the MD4 checksum for the file will
  change.
• Forgery of a file in a way that will cause MD4 to
  generate the same result as that for the original
  file is considered extremely difficult.
• MD5
• An improved, and more complex, version of MD4
• circa 1992
• 128-bit hash
• "almost broken" by Hans Dobbertin circa 1995
• Fully broken by collision attack Wang et. al.
  2004
• Data Encryption Standard (DES)
• Symmetric, feistel cipher
• Key size (in bits) 112 or 168
• Time to crack (assume a machine could try 255
  keys per second - NIST) 4.6 billion years
• Advanced Encryption Standard (AES)

5
Flavors of SHA

• SHA-0
• SHA-1
• SHA-224
• SHA-256
• SHA-384
• SHA-512
• FIPS-approved algorithm for generating a
  condensed representation of a message (message
  digest)

6
SHA History

• 1993
• The hash function SHA-0 was issued as a federal
  standard by NIST
• 1995
• SHA-1 published as the successor to SHA-0
• 2002
• SHA-2 variants
• SHA-256, SHA-384, and SHA-512 published
• 2004
• SHA-224 published
• No known weaknesses have been found with the
  SHA-2 variants (at this time)

7
SHA-0 vs SHA-1

• 160 bit output, 160 bit internal state
• SHA-1 (as well as SHA-0) produces a 160-bit
  digest from a message with a maximum length of
  264-1 bits and is based on design principles of
  MD4
• The only difference between the two hash
  functions is the additional rotation operation in
  the message expansion of SHA-1, which is supposed
  to provide more security
• On 17 August 2005, an improvement on the SHA-1
  attack was announced on behalf of Xiaoyun Wang,
  Andrew Yao and Frances Yao at the CRYPTO 2005
  rump session, lowering the complexity required
  for finding a collision in SHA-1 to 263

8
Secure Hash Algorithm

• SHA-1, SHA-256, SHA-384, and SHA-512
• All four of the algorithms are iterative, one-way
  hash functions
• process a message to produce a condensed
  representation called a message digest
• These algorithms enable the determination of a
  messages integrity
• any change to the message will, with a very high
  probability, result in a different message digest
• This property is useful in the generation and
  verification of digital signatures and message
  authentication codes, and in the generation of
  random numbers (bits).

9
The Algorithm

• Each algorithm can be described in two stages
• preprocessing
• Preprocessing involves padding a message, parsing
  the padded message into m-bit blocks, and setting
  initialization values to be used in the hash
  computation
• hash computation
• The hash computation generates a message schedule
  from the padded message and uses that schedule,
  along with functions, constants, and word
  operations to iteratively generate a series of
  hash values
• The final hash value generated by the hash
  computation is used to determine the message
  digest.

10
Algorithm contd

• The four algorithms differ most significantly in
  the number of bits of security that are provided
  for the data being hashed this is directly
  related to the message digest length
• The four algorithms also differ in terms of the
  size of the blocks and words of data that are
  used during hashing.

10
11
Comparison between SHAs

• SHA-1 consists of 80 steps of operation
• Each step is also called a "round." Usually, more
  rounds imply more security, and hence harder to
  break.
• In this context, security refers to the fact
  that a birthday attack HAC on a message digest
  of size n produces a collision with a workfactor
  of approximately 2(n/2).

12
How Secure are SHA?
13
This depends on your view of secure
14
Cryptanalysis

• Since a brute force attack would take
  approximately 280 operations to break a secure
  hash function, the algorithm is not considered
  as secure or broken if an attack is found
  that produces collisions in less than 280
  operations.

15
Definitions

• Collisions when 2 distinctly different inputs
  produce the same hash output
• Birthday Attack if f(x) H number of outputs
  with the same p and H is sufficiently large, then
  after 1.2sqrt(H) different arguments, we expect
  a collision (x1x2 with f(x1)f(x2))

16
Brute Force Attacks
17
Question???

• Assume that you have a 4ghz processor that is
  capable of doing around 4 billion ops/sec
• How long would it take to break the SHA-1
  algorithm using the method published by Wang,
  Yin, and Yu (263 ops or less)?

18
Answer

• Using a single processor this would take approx
  237 seconds (or 4000 years) of CPU time (which
  obviously is no big deal)
• But consider a distributed attack that uses a
  large number of CPUs..

19
Applications
20
Pretty good privacy (PGP)

• PGP Encryption (Pretty Good Privacy) is a
  computer program that provides cryptographic
  privacy and authentication.
• Public key cryptography, also known as asymmetric
  cryptography, is a form of cryptography in which
  a user has a pair of cryptographic keys - a
  public key and a private key
• It was originally created by Philip Zimmermann in
  1991.

21
SSH

• Secure Shell or SSH is a set of standards and an
  associated network protocol that allows
  establishing a secure channel between a local and
  a remote computer. It uses public-key
  cryptography to authenticate the remote computer
  and to allow the remote computer to authenticate
  the user. SSH provides confidentiality and
  integrity of data exchanged between the two
  computers using encryption and message
  authentication codes .

22
TLS and SSL

• Transport Layer Security (TLS) and its
  predecessor, Secure Sockets Layer (SSL), are
  cryptographic protocols which provide secure
  communications on the Internet for such things as
  web browsing, e-mail, Internet faxing, instant
  messaging and other data transfers.

23
IPSec

• A set of protocols developed by the internet
  Engineering Task Force, the main standards
  organization for the Internet to support secure
  exchange of packets at the IP layer. IPsec has
  been deployed widely to implement Virtual Private
  Networks (VPNs).

24
IPSec

• IPsec supports two encryption modes Transport
  and Tunnel. Transport mode encrypts only the data
  portion (payload) of each packet, but leaves the
  header untouched. The more secure Tunnel mode
  encrypts both the header and the payload. On the
  receiving side, an IPSec-compliant device
  decrypts each packet.

25
S/MIME

• S/MIME was originally developed by RSA Data
  Security Inc
• S/MIME (Secure Multi-Purpose Internet Mail
  Extensions) is a secure method of sending e-mail
  that uses the Rivest-Shamir-Adleman encryption
  system. S/MIME is included in the latest versions
  of the Web browsers from Microsoft and Netscape
  and has also been endorsed by other vendors that
  make messaging products. RSA has proposed S/MIME
  as a standard to the Internet Engineering Task
  Force (IETF). An alternative to S/MIME is
  PGP/MIME, which has also been proposed as a
  standard.

26
Questions

• ???