Analyses, Mitigation and Applications of Secure Hash Algorithms

Al-Odat, Zeyad Abdel-Hameed

January 2020

Cryptographic hash functions are one of the widely used cryptographic primitives with a purpose to ensure the integrity of the system or data. Hash functions are also utilized in conjunction with digital signatures to provide authentication and non-repudiation services. Secure Hash Algorithms are developed over time by the National Institute of Standards and Technology (NIST) for security, optimal performance, and robustness. The most known hash standards are SHA-1, SHA-2, and SHA-3. The secure hash algorithms are considered weak if security requirements have been broken. The main security attacks that threaten the secure hash standards are collision and length extension attacks. The collision attack works by finding two different messages that lead to the same hash. The length extension attack extends the message payload to produce an eligible hash digest. Both attacks already broke some hash standards that follow the Merkle-Damgrard construction. This dissertation proposes methodologies to improve and strengthen weak hash standards against collision and length extension attacks. We propose collision-detection approaches that help to detect the collision attack before it takes place. Besides, a proper replacement, which is supported by a proper construction, is proposed. The collision detection methodology helps to protect weak primitives from any possible collision attack using two approaches. The first approach employs a near-collision detection mechanism that was proposed by Marc Stevens. The second approach is our proposal. Moreover, this dissertation proposes a model that protects the secure hash functions from collision and length extension attacks. The model employs the sponge structure to construct a hash function. The resulting function is strong against collision and length extension attacks. Furthermore, to keep the general structure of the Merkle-Damgrard functions, we propose a model that replaces the SHA-1 and SHA-2 hash standards using the Merkle-Damgrard construction. This model employs the compression function of the SHA-1, the function manipulators of the SHA-2, and the $10*1$ padding method. In the case of big data over the cloud, this dissertation presents several schemes to ensure data security and authenticity. The schemes include secure storage, anonymous privacy-preserving, and auditing of the big data over the cloud.

authorization

big data

cloud computing

cryptography

hash algorithms

security

Σχεδίαση & υλοποίηση reconfingurable αρχιτεκτονικής των secure hash algorithms σε FPGA

Φρέσκος, Ευάγγελος

11 January 2011

Στα πλαίσια αυτής της διπλωματικής εργασίας μελετήσαμε τους Secure Hash Algorithms, σχεδιάσαμε μια υλοποίηση αυτών με Reconfigurable αρχιτεκτονική και το συνθέσαμε σε ένα FPGA board. Η εργασία ξεκίνησε με μελέτη των προτύπων του SHA-160/224/256/384/512 και ιδιαίτερα των μαθηματικών συναρτήσεων υπολογισμού και των χαρακτηριστικών μεγεθών του κάθε αλγόριθμου. Επικεντρωθήκαμε στην εύρεση των κοινών σημείων και στα χαρακτηριστικά μεγέθη και στις συναρτήσεις και στο πως θα μπορούσαμε να εκμεταλλευτούμε αυτά για να πετύχουμε μια υλοποίηση και των πέντε αλγορίθμων χωρίς να γίνονται περιττοί υπολογισμοί και επαναχρησιμοποίηση area. Η υλοποίηση μας θα έπρεπε επίσης να έχεις τέσσερα μπλοκ διαφορετικών μηνυμάτων ταυτόχρονα προς επεξεργασία χωρίζοντας την σε τέσσερα ανεξάρτητα στάδια με pipeline τεχνική για την βελτίωση της απόδοσης. Επίσης κάθε μήνυμα μπορεί να χρησιμοποιεί οποιοδήποτε από τους αλγόριθμους SHA-160/224/256/384/512. Εφόσον η αρχική υλοποίηση μας πιστοποιήθηκε ότι παράγει το σωστό αποτέλεσμα σύμφωνα με τα test vector των προτύπων χρησιμοποιήσαμε την τεχνική του partial unrolling operations για να μειώσουμε τα απαιτούμε clock για τον υπολογισμό των hash τιμών των μηνυμάτων. Τέλος, με την χρήση Modelsim και Precision Physical, υλοποιήσαμε και συνθέσαμε και τις δυο αρχιτεκτονικές μας συγκρίνοντας τα αποτελέσματα και προτείνοντας μελλοντικές βελτιώσεις και προσθήκες στο σύστημά μας. / In this thesis we studied the Secure Hash Algorithms, designed a Reconfiguble Implementation of them and synthesized it on an FPGA board. The work started with the study of the SHA-160/224/256/384/512 prototypes and especially with the mathematical equations and the algorithm sizes. We focused on finding the common points between the algorithm sizes and the mathematical equations along with how we could take advantage of them so we could achieve an implementation of the five SHA algorithms without doing any not necessary computations and area reuse. The implementation must, also, have four different blog messages at the same time for computation in the processor unit, leading to a pipeline distinction of four autonomous parts and improved performance. Moreover the message chooses the algorithm that will be used for encryption. After we validated the original reconfigurable architecture by using the test vectors of the prototypes, we used the partial unrolling of operations technique to decrease the needed number of clocks for the computation of the message digest. Finally, by using Modelsim and Precision Physical we implemented and synthesized both proposed architectures, compared the results and proposed future improvements and additions in our system.

Υλοποίηση αλγορίθμων

005.82

SHA-1

SHA-2

FPGA

VHDL

Reconfingurable implementation

Secure hash algorithms

Performance Study of Concurrent Search Trees and Hash Algorithms on Multiprocessors Systems

Demuynck, Marie-Anne

05 1900

This study examines the performance of concurrent algorithms for B-trees and linear hashing. B-trees are widely used as an access method for large, single key, database files, stored in lexicographic order on secondary storage devices. Linear hashing is a fast and reliable hash algorithm, suitable for accessing records stored unordered in buckets. This dissertation presents performance results on implementations of concurrent Bunk-tree and linear hashing algorithms, using lock-based, partitioned and distributed methods on the Sequent Symmetry shared memory multiprocessor system and on a network of distributed processors created with PVM (Parallel Virtual Machine) software. Initial experiments, which started with empty data structures, show good results for the partitioned implementations and lock-based linear hashing, but poor ones for lock-based Blink-trees. A subsequent test, which started with loaded data structures, shows similar results, but with much improved performances for locked Blink- trees. The data also highlighted the high cost of split operations, which reached up to 70% of the total insert time.

computer science

search trees

concurrent algorithms

hash algorithms

Trees (Graph theory)

Algorithms.

Data structures (Computer science)

Ribotos sumos elektroninių pinigų cirkuliacijos sistema / Limited amount electronic money circulation system

Šėža, Vygintas

13 August 2010

Sparti elektroninės komercijos plėtra ir augimas natūraliai sąlygojo modernių, online aplinkai pritaikytų atsiskaitymo, mokėjimo sistemų atsiradimą. Itin svarbu tai, kad technologijų tobulėjimo pasėkoje ne tik eksponentiškai išaugo perduodamos informacijos kiekis, tačiau pakito pačios informacijos prigimtis – ji pati savaime, per se, tapo ekonominę vertę turinčiu objektu. Vartotojų noras saugiai atsiskaityti internete įtakojo, kad „online“ aplinkoje mažėja naudojimas tokių tradicinių atsiskaitymo priemonių kaip mokėjimo kortelės. Interneto vartotojai vis rečiau pasitiki šiuo mokėjimo įrankiu, kadangi vartotojai, pateikdami pardavėjui savo mokėjimo kortelės duomenis, susiduria su neteisėta šių duomenų panaudojimo rizika. Šiame darbe pateikiamas siūlomas dalinai prijungties režime veikiančios elektroninių pinigų cirkuliacijos sistemos, skirtos mažiems ir vidutiniams mokėjimams, modelis, besiremiantis sukurta Payword mikromokėjimų sistemos koncepcija. / Fast developing and growing of e-commerce determined the coming of modern payment systems. Intention of users to pay safely on the internet impacted the decrease of use of traditional payment system such as credit cards. It’s started to look for and design alternative ways of payment, such as smart cards systems or systems using software for saving monetary value. Traditional payment systems currently used by most e-commerce sites are not suitable for high volume, tiny valued transactions. There is a need of payment system that is cost effective, secure and easy to use. The purpose of this work is to propose a model of semi-online electronic money circulation system for small and average payments, which is based on a concept of R. Rivest and A. Shamir created micropayment system called Payword. The proposed model’s architecture and protocol are explained in detail. To increase performance of the system there was done a research to find out which hash algorithm and electronic signature algorithm is most suitable for the proposed model.

Informatics Engineering

Elektroniniai pinigai

Elektroninių pinigų cirkuliacija

Elektroniniai parašai

SHA1

Maišos algoritmai

Electronic money

Electronic money circulation

Digital signatures

SHA1

Hash algorithms