Step 4 is designed to display a generic message like “Invalid username or password” if a user enters a wrong password or name. This feature of the operating system prevents attackers from using valid usernames without knowing user passwords.
Cryptography current fulfills a vital function in a world where millions of people use the Internet to exchange personal and business information. It is imperative for companies, banks, governments, and other institutions to ensure security of the networks while providing users with speedy output of information. Confidentiality, data integrity, secrecy, and validation are provided by cryptographic algorithms. A mathematical formula scrambles plain text to produce ciphertext. The conversion achieved by a cryptographic algorithm is known as decryption.
Hash texts (also known as message digests or one-way encryptions) have no keys. A fixed-length hash value is computed based on the plaintext. The major purpose of hash functions in cryptography is message integrity. The hash value affords a digital fingerprint of a message’s contents, which ensures that the message has not been changed by an intruder, virus, or by other means.
Objective 12.1 In this chapter, we address the applications of hashing for cryptographic functions. Each section includes notable case studies. The first section discusses the MD5 (message digest 5) algorithm. The next section covers hashing applications to secure socket layers, along with hash collisions and cryptographic hash functions. The chapter concludes with explanations of hashing in block chains and digital signatures.
MD5 is a cryptographic algorithm that uses an arbitrary length input to generate a message digest 128 pieces long [12], [155]. The algorithm operates at 128 bits divided into four 32-bit words denoted U,V,W and X. These words are initialized to some fixed constants. Each input message is broken into chunks of 512 bit block (pieces) in turn to change the state (each message block consists of four similar stages, called Cycles). Each round of algorithm consists of 16 similar operations based on a nonlinear function F, a modular addition, and left rotation. There are four possible functions; a different function
The algorithms for hash functions have one-way functional behavior. The main function of a hash is to convert any length of data into a fixed-length fingerprint that cannot be reversed. If the input changes even by a tiny bit, the resulting hash is completely different. A hash is designed to protect stored passwords even if their files are compromised. A secure system must also be able to verify user passwords. The list below shows the work flow for account registraation and authentication using a hash-based algorithm.
1.User creates an account.
2.User enters a password that is hashed and stored in the database. After hashing, the password is also converted into a random fixed-length fingerprint and stored on the hard drive.
3.Next time when user attempts to log in, the hash of the password is checked against the hash of the user’s real password (retrieved from the database).
4.If the entered value matches with the stored hashes, the user is granted access. If not, the user is advised that he or she entered an invalid login.
5.Steps 3 and 4 repeat whenever a user tries to login to his or her account.
Step 4 is designed to display a generic message like “Invalid username or password” if a user enters a wrong password or name. This feature of the operating system prevents attackers from using valid usernames without knowing user passwords.
Hash functions used for password protection are different from the hash functions used in a data structure. Hash functions used to execute data structures (e.g. hash tables) are designed to be fast, not secure. The cryptographic hash functions(such as SHA256, SHA512, RipeMD and WHIRLPOOL) are only used for password hashing.
It’s easy to believe that all you need to do is run the password through a cryptographic hash function and the passwords of your users will be safe. That assumption is far from the truth. There are many ways to recover simple hash passwords very quickly. There are several easy-to-use techniques that make these attacks much less effective. There are method to retrieve data using various dictionary attacks.
12.2 Secure Socket Layers (SSLs)
The major goal of the SSL [RFC0793] protocol is to provide security between channels. An SSL is composed of two layers. Its function is encapsulation of various higher level protocols. The SSL handshake protocol provides the authentication between the server and client and then negotiates the encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data. One advantage of SSLs is that they are application protocol independent. Their reliability is maintained through message integrity checks using keyed message authentication codes (MACs) [RFC2104] [157, 156, 158].
12.2.1 Data structure of open SSL
The current data structures of open SSL library functions are published on the Internet: (https://www.openssl.org/docs/man1.0.2/ssl/ssl.html):
1.SSL_METHOD describes the internal SSL library methods and functions which implement the various protocol versions (SSLv1, SSLv2, and TLSv1). It’s needed to create an SSL_CTX.
2.SSL_CIPHER retains the information of a particular cipher which is a core part of the SSL/TLS protocol. The available ciphers are configured on an SSL_CTX basis and the used ones become part of the SSL_SESSION.
3.SSL_CTX is a global context structure created by a server or client over the lifetime. It also holds mainly default values for the SSL structures which are later created for the connections.
4.SSL_SESSION maintains current TLS/SSL session details for the connection: SSL_CIPHERs, server and client certificates, keys, etc.
5.SSL is the main connection structure of SSL/TLS. It is created by a server or client per established connection. Under run-time, the application usually deals with this structure which has links to most other system structures.
The distributed and decentralized ledger system is one of the best advancements since the invention of the WWW [159, 160, 161]. Over the years it has found many applications and one of them is “currency” In this section we explore the main data structures found in almost any cryptocurrency based on the block chain technology. A block chain, in general, is a hash pointer-based data structure composed of a block with the following features:
1.Index is the position of the block on the block chain. The first block has a 0 index.
2.The hash function applies to block components. For example, the hash function used in Bitcoin is a variant of the SHA2 with 256 bits (SHA256). In Ethereum, SHA3 is used.
3.The previousHash function links a block to its predecessor.
4.The Unix UTC timestamp shows when a block was created.
5.The nonce is a 32- to 64-bit integer used in data mining.
6.numTx indicates the number of transactions in a block.
7.The transactions feature is an array of all the transactions found in a block.
For transactions data, some implementations use Merkle trees for space optimization.
Blocks in a block chain contain valid transactions that are encoded and hashed by Merkle trees. Merkle tree is also known as hash tree, where leaf node is labeled with hash of data block and non leaf nodes are labelled with cryptographic hash. Markel tree helps in efficient and secure verification of large data structure (as illustrated in Figure 12.2). Each block has the cryptographic hash value of the previous block in the block that unites the two. The connected blocks cascade to form a chain. This iterative process confirms the integrity of the previous block to the original generation block [162]. Sometimes, the blocks can be produced at the same time, creating a temporary bifurcation. Each block has a specific algorithm to evaluate different versions of the history, so a higher value can be chosen. Blocks not selected for inclusion in the chain are called “orphans”.
Figure 12.1: MD5
Figure 12.2: Merkle tree of transactions X, Y, S, and U.
The partners that support the database have different versions of the story from time to time. They maintain the highest version of the database they know. Whenever a block receives a higher version of score it extends or overwrites its own database and retransmits the improvement to its peers. There is never an absolute guarantee that a particular item will remain forever in a story.
Block chains are generally created to add new blocks to old blocks. Built-in incentives motivate block chains to extend new blocks instead of overwriting old blocks. The probability of replacing an entry decreases exponentially as more blocks are built. For example, in a block chain using the proof-of-work system, the chain with the most cumulative proof-of-work is always considered the valid one by the network. There are a number of methods that can be used to demonstrate a sufficient level of computation. Within a block chain the computation is carried out redundantly rather than in the traditional segregated and parallel manner [163].
The unique characteristics of a hand-written signature are not easily imitated and thus allow a person to conduct business without having his or her identity questioned. Those characteristics allow a signature to be verified as genuine or identified as a forgery [165, 166].
A digital signature works like an electronic stamp or fingerprint; it is the electronic equivalent of a hand-written signature. The major difference between digital and hand-written signatures is that a digital signature changes on every use even if the signer and key pairs are the same. A digital signature authenticates data origins and protects data integrity. An example of how a hash function of a digital signature works is shown below.
1.Assume Sarah is the sender and signer of a document. She has the private and public key pair, the hash function for creating the message digest, and the document.
2.Remy is the recipient of the document. Sarah starts the digital process by generating the hash value of the message of document to be transmitted to Remy.
3.Sarah uses her private key to encrypt the message digest to produce the signature.
4.Sarah appends the digital signature to the document.
5.Finally, she encrypts the signed document with her private key and transmits it to Remy.
6.Remy receives the ciphertext and decrypts it using Sarah’s public key to access the signed document [164].
Summary 12.1 The advanced hashing techniques are covered in Chapter 2. This chapter discusses four important cryptographic applications: hashing in SSLs, hashing using the MD5 algorithm, block chain hashing, and method to hash digital signatures; a practice project is presented below.
Project 12.1 — Graphical password strategy. Assume you want to maximize password space while facilitating memorization of entered secrets. [Hint: use graphical: Use a graphical password system along with the hash function because a graphical password system is considered difficult to crack by brute force, search, dictionary, social engineering, and spyware attacks.]
Project 12.2 — File encryption using Fibonacci series. Use the Fibonacci series technique to encrypt and decrypt a file. [Hint: Start the Fibonacci series from 1 instead of 0. The element which is at the odd position in the ciphertext is forwarded by the current Fibonacci term.]
Project 12.3 — Hybrid AES DES encryption algorithm. The advanced encryption standard (AES) and the data encryption standard (DES) are used to encrypt and transfer data. Combine both algorithms in an efficient structure to create a strong encryption algorithm.
Project 12.4 — Mobile Self Encryption Project. Use a stream cipher to encrypt data on a mobile phone. The key is stored on a server, If a user loses the phone, he reports the loss to the server that then destroys the key and phone data remains confidential.