SlideShare ist ein Scribd-Unternehmen logo

Information and network security 38 birthday attacks and security of hash functions

Als PPTX, PDF herunterladen
V
Vaibhav Khanna

Birthday attack can be used in communication abusage between two or more parties. ... The mathematics behind this problem led to a well-known cryptographic attack called the birthday attack, which uses this probabilistic model to reduce the complexity of cracking a hash function

Software
1 von 14
Information and Network Security:38 Birthday Attacks and Security of Hash Functions Prof Neeraj Bhargava Vaibhav Khanna Department of Computer Science School of Engineering and Systems Sciences Maharshi Dayanand Saraswati University Ajmer
Two Simple Insecure Hash Functions • consider two simple insecure hash functions • bit-by-bit exclusive-OR (XOR) of every block • Ci = bi1 xor bi2 xor . . . xor bim • a longitudinal redundancy check • reasonably effective as data integrity check • one-bit circular shift on hash value • for each successive n-bit block • rotate current hash value to left by1bit and XOR block • good for data integrity but useless for security
Attacks on Hash Functions have brute-force attacks and cryptanalysis a preimage or second preimage attack find y s.t. H(y) equals a given hash value collision resistance find two messages x & y with same hash so H(x) = H(y) hence value 2m/2 determines strength of hash code against brute-force attacks 128-bits inadequate, 160-bits suspect
Attacks on Hash Functions • As with encryption algorithms, there are two categories of attacks on hash functions: brute-force attacks and cryptanalysis. A brute-force attack does not depend on the specific algorithm but depends only on bit length. In the case of a hash function, a brute-force attack depends only on the bit length of the hash value. A cryptanalysis, in contrast, is an attack based on weaknesses in a particular cryptographic algorithm.
Attacks on Hash Functions • For a preimage or second preimage attack, an adversary wishes to find a value y such that H(y) is equal to a given hash value h. The brute force method is to pick values of y at random and try each value until a collision occurs. For an m-bit hash value, the level of effort is proportional to 2m. Specifically, the adversary would have to try, on average, 2m–1 values of y to find one that generates a given hash value h.
Attacks on Hash Functions • For a collision resistant attack, an adversary wishes to find two messages or data blocks, x and y, that yield the same hash function: H(x) = H(y). This requires much less effort than a preimage or second preimage attack. The effort required is explained by a mathematical result referred to as the birthday paradox (next slide).
Attacks on Hash Functions • If collision resistance is required, then the value 2m/2 determines the strength of the hash code against brute-force attacks. Van Oorschot and Wiener presented a design for a $10 million collision search machine for MD5, which has a 128-bit hash length, that could find a collision in 24 days. Thus a 128-bit code may be viewed as inadequate. The next step up, if a hash code is treated as a sequence of 32 bits, is a 160-bit hash length. With a hash length of 160 bits, the same search machine would require over four thousand years to find a collision. With today's technology, the time would be much shorter, so that 160 bits now appears suspect.
Birthday Attacks • might think a 64-bit hash is secure • but by Birthday Paradox is not • birthday attack works thus: • given user prepared to sign a valid message x • opponent generates 2 m/2 variations x’ of x, all with essentially the same meaning, and saves them • opponent generates 2 m/2 variations y’ of a desired fraudulent message y • two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) • have user sign the valid message, then substitute the forgery which will have a valid signature • conclusion is that need to use larger MAC/hash
Birthday Attacks • The Birthday Attack exploits the birthday paradox – the chance that in a group of people two will share the same birthday – only 23 people are needed for a Pr>0.5 of this. Can generalize the problem to one wanting a matching pair from any two sets, and show need 2m/2 in each to get a matching m-bit hash. • Yuval proposed the strategy shown to exploit the birthday paradox in a collision resistant attack. Note that creating many message variants is relatively easy, either by rewording or just varying the amount of white-space in the message. All of which indicates that larger MACs/Hashes are needed.
Hash Function Cryptanalysis cryptanalytic attacks exploit some property of alg so faster than exhaustive search hash functions use iterative structure process message in blocks (incl length) attacks focus on collisions in function f
• A number of proposals have been made for hash functions based on using a cipher block chaining technique, but without the secret key (instead using the message blocks as keys). • One of the first such proposals was that of Rabin, which divided a message M into fixed-size blocks, and usde a symmetric encryption system such as DES to compute the hash code G as shown. • This is similar to the CBC technique, but in this case there is no secret key. As with any hash code, this scheme is subject to the birthday attack, and if the encryption algorithm is DES and only a 64-bit hash code is produced, then the system is vulnerable.
• Furthermore, another version of the birthday attack can be used even if the opponent has access to only one message and its valid signature and cannot obtain multiple signings, known as a “meet-in- the-middle” attack (see text). • It can be shown that some form of birthday attack will succeed against any hash scheme involving the use of cipher block chaining without a secret key provided that either the resulting hash code is small enough (e.g., 64 bits or less) or that a larger hash code can be decomposed into independent subcodes. • Thus, attention has been directed at finding other approaches to hashing.
Block Ciphers as Hash Functions • can use block ciphers as hash functions • using H0=0 and zero-pad of final block • compute: Hi = EMi [Hi-1] • and use final block as the hash value • similar to CBC but without a key • resulting hash is too small (64-bit) • both due to direct birthday attack • and to “meet-in-the-middle” attack • other variants also susceptible to attack
Assignment • Discuss the security issues of Hash Functions and Explain Birthday Attacks

Empfohlen

Birthday Paradox explained
Birthday Paradox explainedBirthday Paradox explained
Birthday Paradox explained
Sajith Ekanayaka
 
Web security
Web securityWeb security
Web security
Padam Banthia
 
Message authentication
Message authenticationMessage authentication
Message authentication
CAS
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream Ciphers
Sam Bowne
 
Hash cat
Hash catHash cat
Hash cat
Sreekanth Narendran
 

Empfohlen

Birthday Paradox explained
Birthday Paradox explainedBirthday Paradox explained
Birthday Paradox explained
Sajith Ekanayaka
 
Web security
Web securityWeb security
Web security
Padam Banthia
 
Message authentication
Message authenticationMessage authentication
Message authentication
CAS
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream Ciphers
Sam Bowne
 
Hash cat
Hash catHash cat
Hash cat
Sreekanth Narendran
 
Ch03
Ch03Ch03
Ch03
Joe Christensen
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacks
primeteacher32
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithm
Ruchi Maurya
 
Web security
Web securityWeb security
Web security
Jatin Grover
 
Idea
IdeaIdea
Idea
Ouissem eddine Amir BOUDOUR
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
Enrico Zimuel
 
CNIT 141: 2. Randomness
CNIT 141: 2. RandomnessCNIT 141: 2. Randomness
CNIT 141: 2. Randomness
Sam Bowne
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
Sahil Kureel
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacks
Stefan Fodor
 
SHA 1 Algorithm
SHA 1 AlgorithmSHA 1 Algorithm
SHA 1 Algorithm
Shiva RamDam
 
Cyber attack
Cyber attackCyber attack
Cyber attack
Manjushree Mashal
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
Tirthika Bandi
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Sagar Verma
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key logger
Patel Mit
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
Sanjay Kumar
 
MD5
MD5MD5
MD5
rokham khawaja
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Georgekutty Francis
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
Zoho Corporation
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
secure hash function for authentication in CNS
secure hash function for authentication in CNSsecure hash function for authentication in CNS
secure hash function for authentication in CNS
NithyasriA2
 
2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptx2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptx
Chinnu Chinnu
 

Weitere ähnliche Inhalte

Was ist angesagt?

SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithm
Ruchi Maurya
 

Was ist angesagt? (20)

Ch03
Ch03Ch03
Ch03
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacks
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithm
 
Web security
Web securityWeb security
Web security
 
Idea
IdeaIdea
Idea
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
CNIT 141: 2. Randomness
CNIT 141: 2. RandomnessCNIT 141: 2. Randomness
CNIT 141: 2. Randomness
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacks
 
SHA 1 Algorithm
SHA 1 AlgorithmSHA 1 Algorithm
SHA 1 Algorithm
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key logger
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
MD5
MD5MD5
MD5
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 

Ähnlich wie Information and network security 38 birthday attacks and security of hash functions

secure hash function for authentication in CNS
secure hash function for authentication in CNSsecure hash function for authentication in CNS
secure hash function for authentication in CNS
NithyasriA2
 
Cryptography and Network Security Principles and Practice.docx
Cryptography and Network Security Principles and Practice.docxCryptography and Network Security Principles and Practice.docx
Cryptography and Network Security Principles and Practice.docx
richardnorman90310
 
unit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptographyunit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptography
NithyasriA2
 
A Modified approach for implementation of an efficient padding scheme in a di...
A Modified approach for implementation of an efficient padding scheme in a di...A Modified approach for implementation of an efficient padding scheme in a di...
A Modified approach for implementation of an efficient padding scheme in a di...
dannyijwest
 
A Modified approach for implementation of an efficient padding scheme in a di...
A Modified approach for implementation of an efficient padding scheme in a di...A Modified approach for implementation of an efficient padding scheme in a di...
A Modified approach for implementation of an efficient padding scheme in a di...
dannyijwest
 

Ähnlich wie Information and network security 38 birthday attacks and security of hash functions (20)

secure hash function for authentication in CNS
secure hash function for authentication in CNSsecure hash function for authentication in CNS
secure hash function for authentication in CNS
 
2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptx2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptx
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security 18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Information and data security cryptanalysis method
Information and data security cryptanalysis methodInformation and data security cryptanalysis method
Information and data security cryptanalysis method
 
Public Key Encryption & Hash functions
Public Key Encryption & Hash functionsPublic Key Encryption & Hash functions
Public Key Encryption & Hash functions
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
Cryptography and Network Security Principles and Practice.docx
Cryptography and Network Security Principles and Practice.docxCryptography and Network Security Principles and Practice.docx
Cryptography and Network Security Principles and Practice.docx
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & Analysis
 
unit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptographyunit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptography
 
A Modified approach for implementation of an efficient padding scheme in a di...
A Modified approach for implementation of an efficient padding scheme in a di...A Modified approach for implementation of an efficient padding scheme in a di...
A Modified approach for implementation of an efficient padding scheme in a di...
 
A Modified approach for implementation of an efficient padding scheme in a di...
A Modified approach for implementation of an efficient padding scheme in a di...A Modified approach for implementation of an efficient padding scheme in a di...
A Modified approach for implementation of an efficient padding scheme in a di...
 
Unit 4
Unit 4Unit 4
Unit 4
 
NSC_Unit-III_final.ppt
NSC_Unit-III_final.pptNSC_Unit-III_final.ppt
NSC_Unit-III_final.ppt
 
Cns
CnsCns
Cns
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 

Mehr von Vaibhav Khanna

Mehr von Vaibhav Khanna (20)

Information and network security 47 authentication applications
Information and network security 47 authentication applicationsInformation and network security 47 authentication applications
Information and network security 47 authentication applications
 
Information and network security 46 digital signature algorithm
Information and network security 46 digital signature algorithmInformation and network security 46 digital signature algorithm
Information and network security 46 digital signature algorithm
 
Information and network security 45 digital signature standard
Information and network security 45 digital signature standardInformation and network security 45 digital signature standard
Information and network security 45 digital signature standard
 
Information and network security 44 direct digital signatures
Information and network security 44 direct digital signaturesInformation and network security 44 direct digital signatures
Information and network security 44 direct digital signatures
 
Information and network security 43 digital signatures
Information and network security 43 digital signaturesInformation and network security 43 digital signatures
Information and network security 43 digital signatures
 
Information and network security 42 security of message authentication code
Information and network security 42 security of message authentication codeInformation and network security 42 security of message authentication code
Information and network security 42 security of message authentication code
 
Information and network security 41 message authentication code
Information and network security 41 message authentication codeInformation and network security 41 message authentication code
Information and network security 41 message authentication code
 
Information and network security 40 sha3 secure hash algorithm
Information and network security 40 sha3 secure hash algorithmInformation and network security 40 sha3 secure hash algorithm
Information and network security 40 sha3 secure hash algorithm
 
Information and network security 39 secure hash algorithm
Information and network security 39 secure hash algorithmInformation and network security 39 secure hash algorithm
Information and network security 39 secure hash algorithm
 
Information and network security 37 hash functions and message authentication
Information and network security 37 hash functions and message authenticationInformation and network security 37 hash functions and message authentication
Information and network security 37 hash functions and message authentication
 
Information and network security 35 the chinese remainder theorem
Information and network security 35 the chinese remainder theoremInformation and network security 35 the chinese remainder theorem
Information and network security 35 the chinese remainder theorem
 
Information and network security 34 primality
Information and network security 34 primalityInformation and network security 34 primality
Information and network security 34 primality
 
Information and network security 33 rsa algorithm
Information and network security 33 rsa algorithmInformation and network security 33 rsa algorithm
Information and network security 33 rsa algorithm
 
Information and network security 32 principles of public key cryptosystems
Information and network security 32 principles of public key cryptosystemsInformation and network security 32 principles of public key cryptosystems
Information and network security 32 principles of public key cryptosystems
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
 
Information and network security 30 random numbers
Information and network security 30 random numbersInformation and network security 30 random numbers
Information and network security 30 random numbers
 
Information and network security 29 international data encryption algorithm
Information and network security 29 international data encryption algorithmInformation and network security 29 international data encryption algorithm
Information and network security 29 international data encryption algorithm
 
Information and network security 28 blowfish
Information and network security 28 blowfishInformation and network security 28 blowfish
Information and network security 28 blowfish
 
Information and network security 27 triple des
Information and network security 27 triple desInformation and network security 27 triple des
Information and network security 27 triple des
 
Information and network security 26 aes decryption and implementational issues
Information and network security 26 aes decryption and implementational issuesInformation and network security 26 aes decryption and implementational issues
Information and network security 26 aes decryption and implementational issues
 

Kürzlich hochgeladen

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Delhi Call girls
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Kürzlich hochgeladen (20)

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 

Information and network security 38 birthday attacks and security of hash functions

  • 1. Information and Network Security:38 Birthday Attacks and Security of Hash Functions Prof Neeraj Bhargava Vaibhav Khanna Department of Computer Science School of Engineering and Systems Sciences Maharshi Dayanand Saraswati University Ajmer
  • 2. Two Simple Insecure Hash Functions • consider two simple insecure hash functions • bit-by-bit exclusive-OR (XOR) of every block • Ci = bi1 xor bi2 xor . . . xor bim • a longitudinal redundancy check • reasonably effective as data integrity check • one-bit circular shift on hash value • for each successive n-bit block • rotate current hash value to left by1bit and XOR block • good for data integrity but useless for security
  • 3. Attacks on Hash Functions have brute-force attacks and cryptanalysis a preimage or second preimage attack find y s.t. H(y) equals a given hash value collision resistance find two messages x & y with same hash so H(x) = H(y) hence value 2m/2 determines strength of hash code against brute-force attacks 128-bits inadequate, 160-bits suspect
  • 4. Attacks on Hash Functions • As with encryption algorithms, there are two categories of attacks on hash functions: brute-force attacks and cryptanalysis. A brute-force attack does not depend on the specific algorithm but depends only on bit length. In the case of a hash function, a brute-force attack depends only on the bit length of the hash value. A cryptanalysis, in contrast, is an attack based on weaknesses in a particular cryptographic algorithm.
  • 5. Attacks on Hash Functions • For a preimage or second preimage attack, an adversary wishes to find a value y such that H(y) is equal to a given hash value h. The brute force method is to pick values of y at random and try each value until a collision occurs. For an m-bit hash value, the level of effort is proportional to 2m. Specifically, the adversary would have to try, on average, 2m–1 values of y to find one that generates a given hash value h.
  • 6. Attacks on Hash Functions • For a collision resistant attack, an adversary wishes to find two messages or data blocks, x and y, that yield the same hash function: H(x) = H(y). This requires much less effort than a preimage or second preimage attack. The effort required is explained by a mathematical result referred to as the birthday paradox (next slide).
  • 7. Attacks on Hash Functions • If collision resistance is required, then the value 2m/2 determines the strength of the hash code against brute-force attacks. Van Oorschot and Wiener presented a design for a $10 million collision search machine for MD5, which has a 128-bit hash length, that could find a collision in 24 days. Thus a 128-bit code may be viewed as inadequate. The next step up, if a hash code is treated as a sequence of 32 bits, is a 160-bit hash length. With a hash length of 160 bits, the same search machine would require over four thousand years to find a collision. With today's technology, the time would be much shorter, so that 160 bits now appears suspect.
  • 8. Birthday Attacks • might think a 64-bit hash is secure • but by Birthday Paradox is not • birthday attack works thus: • given user prepared to sign a valid message x • opponent generates 2 m/2 variations x’ of x, all with essentially the same meaning, and saves them • opponent generates 2 m/2 variations y’ of a desired fraudulent message y • two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) • have user sign the valid message, then substitute the forgery which will have a valid signature • conclusion is that need to use larger MAC/hash
  • 9. Birthday Attacks • The Birthday Attack exploits the birthday paradox – the chance that in a group of people two will share the same birthday – only 23 people are needed for a Pr>0.5 of this. Can generalize the problem to one wanting a matching pair from any two sets, and show need 2m/2 in each to get a matching m-bit hash. • Yuval proposed the strategy shown to exploit the birthday paradox in a collision resistant attack. Note that creating many message variants is relatively easy, either by rewording or just varying the amount of white-space in the message. All of which indicates that larger MACs/Hashes are needed.
  • 10. Hash Function Cryptanalysis cryptanalytic attacks exploit some property of alg so faster than exhaustive search hash functions use iterative structure process message in blocks (incl length) attacks focus on collisions in function f
  • 11. • A number of proposals have been made for hash functions based on using a cipher block chaining technique, but without the secret key (instead using the message blocks as keys). • One of the first such proposals was that of Rabin, which divided a message M into fixed-size blocks, and usde a symmetric encryption system such as DES to compute the hash code G as shown. • This is similar to the CBC technique, but in this case there is no secret key. As with any hash code, this scheme is subject to the birthday attack, and if the encryption algorithm is DES and only a 64-bit hash code is produced, then the system is vulnerable.
  • 12. • Furthermore, another version of the birthday attack can be used even if the opponent has access to only one message and its valid signature and cannot obtain multiple signings, known as a “meet-in- the-middle” attack (see text). • It can be shown that some form of birthday attack will succeed against any hash scheme involving the use of cipher block chaining without a secret key provided that either the resulting hash code is small enough (e.g., 64 bits or less) or that a larger hash code can be decomposed into independent subcodes. • Thus, attention has been directed at finding other approaches to hashing.
  • 13. Block Ciphers as Hash Functions • can use block ciphers as hash functions • using H0=0 and zero-pad of final block • compute: Hi = EMi [Hi-1] • and use final block as the hash value • similar to CBC but without a key • resulting hash is too small (64-bit) • both due to direct birthday attack • and to “meet-in-the-middle” attack • other variants also susceptible to attack
  • 14. Assignment • Discuss the security issues of Hash Functions and Explain Birthday Attacks