HASH CODE BASED SECURITY IN CLOUD COMPUTING



Similar documents
Authentication requirement Authentication function MAC Hash function Security of

Message Authentication

A Novel Secure Hash Algorithm for Public Key Digital Signature Schemes

Cryptographic Hash Functions Message Authentication Digital Signatures

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Lecture 9: Application of Cryptography

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptography and Network Security Chapter 12

One-Way Encryption and Message Authentication

Computer Security: Principles and Practice

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

An Introduction to Cryptography as Applied to the Smart Grid

The Keyed-Hash Message Authentication Code (HMAC)

AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES

Hash Functions. Integrity checks

Public Key Cryptography Overview

Cryptography and Network Security Chapter 11. Fourth Edition by William Stallings

Cryptography and Network Security Chapter 11

Introduction to Computer Security

Designing Hash functions. Reviewing... Message Authentication Codes. and message authentication codes. We have seen how to authenticate messages:

CIS433/533 - Computer and Network Security Cryptography

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Table of Contents. Bibliografische Informationen digitalisiert durch

Chapter 7 Transport-Level Security

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Lukasz Pater CMMS Administrator and Developer

Message Authentication Codes

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOG NETWORK SECURITY

CRYPTOGRAPHY AND NETWORK SECURITY

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Recommendation for Applications Using Approved Hash Algorithms

Message Authentication Codes. Lecture Outline

TELECOMMUNICATION NETWORKS

U.S. Federal Information Processing Standard (FIPS) and Secure File Transfer

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Authentication, digital signatures, PRNG

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Cryptography Lecture 8. Digital signatures, hash functions

Monitoring Data Integrity while using TPA in Cloud Environment

Software Tool for Implementing RSA Algorithm

SHA3 WHERE WE VE BEEN WHERE WE RE GOING

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

A SOFTWARE COMPARISON OF RSA AND ECC

Announcement. Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed.

Randomized Hashing for Digital Signatures

Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor

Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University

CRIPT - Cryptography and Network Security

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

CSE/EE 461 Lecture 23

INFORMATION SECURITY A MULTIDISCIPLINARY. Stig F. Mjolsnes INTRODUCTION TO. Norwegian University ofscience & Technology. CRC Press

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

7! Cryptographic Techniques! A Brief Introduction

How To Encrypt With A 64 Bit Block Cipher

Keywords : audit, cloud, integrity, station to station protocol, SHA-2, third party auditor, XOR. GJCST-B Classification : C.2.4, H.2.

A NEW HASH ALGORITHM: Khichidi-1

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

SECURITY IN NETWORKS

One Time Pad Encryption The unbreakable encryption method

A PERFORMANCE EVALUATION OF COMMON ENCRYPTION TECHNIQUES WITH SECURE WATERMARK SYSTEM (SWS)

Hash Function JH and the NIST SHA3 Hash Competition

The Misuse of RC4 in Microsoft Word and Excel

How To Encrypt Data With Encryption

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

Split Based Encryption in Secure File Transfer

A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR

lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal

A Secure Intrusion Avoidance System Using Hybrid Cryptography

Digital Signatures. Meka N.L.Sneha. Indiana State University. October 2015

CSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

EXAM questions for the course TTM Information Security June Part 1

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Fundamentals of Computer Security

Single Sign-On Secure Authentication Password Mechanism

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

A low-cost Alternative for OAEP

Length extension attack on narrow-pipe SHA-3 candidates

Network Security Essentials Chapter 5

Security and Authentication Primer

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

Overview. SSL Cryptography Overview CHAPTER 1

Provable-Security Analysis of Authenticated Encryption in Kerberos

SE 4472a / ECE 9064a: Information Security

IT Networks & Security CERT Luncheon Series: Cryptography

HYBRID ENCRYPTION FOR CLOUD DATABASE SECURITY

A Novel Approach to combine Public-key encryption with Symmetric-key encryption

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Chapter 6 Electronic Mail Security

Network Security Part II: Standards

Strengthen RFID Tags Security Using New Data Structure

Transcription:

ABSTRACT HASH CODE BASED SECURITY IN CLOUD COMPUTING Kaleem Ur Rehman M.Tech student (CSE), College of Engineering, TMU Moradabad (India) The Hash functions describe as a phenomenon of information security and are used in numerous security applications and protocols such as: - Digital signature schemes, - Construction of MAC and - Random number generation, For correct data integrity and data origin authentication. Analysts have find out serious security flaws and vulnerabilities in most widely used MD and SHA family hash functions. As a result hash functions from FORK family with longer digest value were considered as good alternatives for MD5 and SHA-1, but recent attacks against these hash functions have highlighted their weaknesses. In this paper we propose a dedicated hash function HMACMD5= MD5 (HMAC (K,m))//32 BIT based on the design principle of HMAC and MD5. It takes 512 bit message blocks and generates 32 bit hash value. A random sequence is added as an additional input to the compression function of HMACMD5. Three branch parallel structure and secure compression function make HMACMD5 an efficient, fast and secure hash function. Various simulation results indicate that HMACMD5 is immune to common cryptanalytic attacks and faster than NewFORK-256. Keywords: Hash Function, Provable Security, Quasi-Cyclic Codes, Computer Security, Cryptography, HMAC, MAC, Message Authentication, SHA, MD5 Information Processing Standard (FIPS) I. INTRODUCTION Reliable privacy and preventing integrity of a message are the main objectives of cryptography/encryption. Cryptographic hash functions dropped most important important cryptographic primitives, and they can be used to ensure the security of many cryptographic applications and protocols such as: - Digital signature, - Random number generation, - Data source authentication, - Key update and derivation, - Message authentication code, - Integrity protection, - Malicious code recognition, - SSL, - TLS and - S/MIME. Page 37

Hash functions basically compress an input message of fixed length to an output with short fixed length, the hash code. Hash functions are categorized in to two categories: - Unkeyed hash function also known as Manipulation Detection Code (MDC) with single parameter. - A message and keyed hash function with two distinct inputs a message and secret key. Keyed hash functions are used to construct the MAC (Message Authentication Code). The MAC is widely used to provide data integrity and data origin authentication. The choice between a MAC and an MDC is application may vary. They are also classified as, namely hash functions based on block cipher, hash functions based on modular algorithm and dedicated hash functions. The push for block cipher based schemes is the minimization of the effort to design and implement the hash functions and of the complexity of the equipment. Also the trust that one has in a certain block cipher (such as DES) can be transferred to a hash function. Particularly interesting from a theoretical point of view, modular algorithm based schemes are provably secure, in the sense that their security relies on the hardness of some mathematical problems such as number theory problems. Dedicated hash functions are specially designed from the scratch for the purpose of hashing a plain text with optimized performance and without being constrained to reusing existing system components such as block ciphers and modular arithmetic. These hash functions are not based on hard problems such as factorization and discrete logarithms. The most popular method of designing compression functions of dedicated hash functions is a serial successive iteration of a small step functions. Our proposed hash function comes under the last category. - Preimage resistance, - second preimage resistance and - collision resistance are the three classical requirements for security of keyless hash functions. Properties preimage resistance, second preimage resistance and collision resistance are also known as one way, weak collision resistance and strong collision resistance respectively. First of all, it needs to be computationally infeasible to find the preimage X of H(X), when H(X) is given. This is called preimage resistance. Secondly, finding Y X with H(Y) = H(X), when X andh(x) are given, should also be infeasible. This property is called second pre image resistance. Finally, it should be computationally infeasible to find any two distinct messages X and Y with H(X) = H(Y). This is called collision resistance. Additionally, a hash function is often required to behave indistinguishably from a random function. An ideal hash function that generates an n bit hash value requires evaluating about 2n/2messages to find any pair of messages having the same hash value. This kind of brute-force search for hash functions is called a birthday attack. Also 2n hash computations are required for finding pre images. In this paper we have proposed a dedicated hash function HMACMD5 that takes a message of arbitrary length and converts it into a 32 bit hash value. It is based on the design principle of NewFORK-256. The compression function of HMACMD5 consists of three parallel branches; each branch compresses a sixteen 32 bit words to eight 32 bit words output. Each branch contains eight step operations. FORK-256 and NewFORK-256, both hash functions built on Merkle-Damgård method. Past few years ago, many attacks have been occurred for these hash functions. The compression function of the proposed hash function uses dithering design. Its padding and splitting of message is similar to Merkle-Damgård construction. Dithering construction is obtained by providing an additional input to the Merkle-Damgård construction. This design was given by Rivest. The loop structure of this design provides good Page 38

resistance against some crucial attacks such as birthday attack, meet-in-the middle attack and preimage attack. The compression function of HMACMD5 has two input parameters and one output parameter. The additional input parameter is a dither value. There are many ways to select dither value. Random numbers generated from Park Miller algorithm are used as dither value in the proposed algorithm. For each message block in the message, there is different dither value sequence. For each message block 16 different 32 bit dither value generated, out of which each branch makes the use of eight 32 bit dither value according to the ordering rule. All the modifications made to overcome the recent attacks on FORK-256 and NewFORK-256. II. PROPOSED ENCRYPTION METHOD HASHCODE (K,m) = H((K opad) H((K ipad) m)) HASHCODEMD5= MD5(HASHCODE (K,m))//32 BIT Where, H is a cryptographic hash function, K is a secret key padded to the right with extra zeros to the input block size of the hash function, or the hash of the original key if it's longer than that block size, m is the message to be authenticated, denotes concatenation, denotes exclusive or (XOR), opad is the outer padding (0x5c5c5c 5c5c, one-block-long hexadecimal constant), and ipad is the inner padding (0x363636 3636, one-block-long hexadecimal constant). III. PSEUDOCODE OF ALGO The following pseudocode demonstrates how HASHCODE may be implemented. Blocksize is 64 (bytes) when using one of the following hash functions: SHA-1, MD5, RIPEMD-128/160. function String HashCode (key, message) if (length(key) > blocksize) then key = hash(key) // keys longer than blocksize are shortened end if if (length(key) < blocksize) then key = key [0x00 * (blocksize - length(key))] // keys shorter than blocksize are zero-padded (where is concatenation) end if o_key_pad = [0x5c * blocksize] key // Where blocksize is that of the underlying hash function i_key_pad = [0x36 * blocksize] key // Where is exclusive or (XOR) return hash(o_key_pad hash(i_key_pad message)) // Where is concatenation //proposed algo apply HASH Function on Returned value with 32 bit int Variable end function String 32 VAL = md5(hashcode (key,msg))\ Page 39

Figure 1: A perfect hash function for the four names shown III CONCLUSION I Proposed hash function generates 32 bit hash string. Proposed a dedicated hash function HMACMD5= MD5(HMAC (K,m))//32 BIT based on the design principle of HMAC and MD5. It takes 512 bit message blocks and generates 32 bit hash value. A random sequence is added as an additional input to the compression function of HMACMD5. It has a parallel structure consist of three branches. Each branch computes eight step operations. Algorithm uses 16 constants and two nonlinear functions. Each branch makes the use of 16 message sub blocks and constants with different order. For making the whole structure complicated for the cryptanalyst and secure against known attacks compression function uses three inputs. Dither values are used as third input. These dither values are random numbers generated through Park Miller algorithm. The one way structure of the algorithm makes it strong against preimage and second preimage attack. Various tests have been performed to check the security level of hash function. The bit variance test has been performed for one bit changes. Simulation results and rigorous analysis of the hash function guarantee its security against differential and other common known attacks. Further, as future work, I will try to improve its efficiency. ACKNOWLEDGMENT I would like to give this work to my parent, who have created the author of this paper. I would like to thank Assistant to the Professor Mr.Vaibhav Sharma my advisor, for his understanding and research guidance. He has always been the one who guided me through difficulties final completion of my paper. The idea of Hash Code Based Security In Cloud Computing is in fact due to him and to the department staffs who has helped to create a computing environment that enabled us to work effectively. REFERENCES [1] Alfred M., Oorschot P., and Vanstone S., Handbook of Applied Cryptography, CRC press, 1997. [2] Bruce S., Applied Cryptography: Protocols, Algorithms and Source Code in C, John Wiley and Sons, Canada, Page 40

1996. [3] Stallings W., Cryptography and Network Security Principles and Practices, Prentice Hall Press Upper Saddle River, 2010. [4] Goldwasser S., Micali S., and Rivest R., A Digital Signature Scheme Secure Against Adaptive Chosen- Message Attacks, Journal on Computing, vol. 17, no. 2, pp. 281-308, 1988. [5] Ilya M., Hash Functions: Theory, Attacks, and Applications, in Proceedings of Microsoft Research, Silicon Valley Campus, pp. 1-22, 2012. [6] National Institute of Science and Technology, Secure Hash Standard, Federal Information Processing Standard 180-1, available at: http:/ http://www.itl.nist.gov/fipspubs/fip180-1.htm, last visited 1995. [7] National Institute of Science and Technology, Secure Hash Standard, Federal Information Processing Standard 180-2, available at: http://www.itl.nist.gov/fipspubs/fip180-1.htm, last visited 2002. [8] National Institute of Standards and Technology, Secure Hash Standard, FIPSPUB180 www.itl.nist.gov/fipspub/fips180-1.html, last visited 2003. [9] National Institute of Science and Technology, Implementing Cryptography, NIST SP 800, available at: http://csrc.nist.gov/publications/ nistpubs/800-21-1/sp800-21-1_dec2012.pdf, last visited 2012. [10] New European Schemes for Signatures, Integrity and Encryption Project, available at: http://www.cryptonessie.org, last visited 2000. [11] Phan R. and Wagner D., Security Consideration for Incremental Hash Function Based on Pair Blocking Chaining, in Proceedings of Computers and Security, USA, pp. 131-136, 2006. [12] Rivest R., Shamir A., and Adleman L., A Method for Obtaining Digital Signature and Public-Key Cryptosystems, Communication of The ACM, vol. 21, no. 2, pp. 120-126, 1978. [13] Sklavos N., Alexopoulos E., and Koufopavlou O., Networking Data Integrity: High Speed Architectures and Hardware Implementations, The International Arab Journal of Information Technology, vol. 1, no. 0, pp. 54-59, 2003. [14] United States Department of Commerce, National Bureau of Standards, Data Encryption Standard, Federal Information Processing Standards Publication, 1977. [15] William S., Cryptography and Network Security, Principles and Practice, Prentice Hall of India, 2012. Page 41

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information