Professional Documents
Culture Documents
ProjectProposal 1.0
ProjectProposal 1.0
Project Members: Sim Aik Chun 4234716 Ian Chua Zhi Ying 4442416 Ng Yuet Yong 4235320 Ong Wei Liang Eugene 4235289 Weng Xian 4443822
Page 1
Table of Contents
Introduction .............................................................................................................................. 4 Definitions ................................................................................................................................ 5 Hashing .................................................................................................................................. 5 Cryptographic Hash function .................................................................................................. 5 Project Description .................................................................................................................. 6 Requirements ......................................................................................................................... 6 Functional Requirements .................................................................................................... 6 Non-Functional Requirements............................................................................................. 6 Justification of the requirements ............................................................................................. 7 Software development methodology ...................................................................................... 8 Rational unified Process (RUP) .............................................................................................. 8 Four phases ........................................................................................................................... 8 Why Rational Unified Process (RUP)?.................................................................................... 8 Currently available Hash kits .................................................................................................. 9 Market Survey ........................................................................................................................ 9 Screenshots ..........................................................................................................................10 Cryptool 2 ..........................................................................................................................10 Hash analyzer ....................................................................................................................11 Hash Collision Probability Calculator..................................................................................13 Advantages/Disadvantages ...................................................................................................14 Cryptool 2 ..........................................................................................................................14 Hash Analyzer ...................................................................................................................14 Hash Collision Probability Calculator..................................................................................14 Comparison ...........................................................................................................................15 Technical Details.......................................................................................................................15 Software coding languages ...................................................................................................15 Framework ............................................................................................................................16 Software development applications .......................................................................................16 Database ...............................................................................................................................16
Page 2
Page 3
Introduction
Our project is to produce a tool for analysing hash functions, cryptographic and otherwise. There are various tests that can be applied to test for the occurrence of collisions for example, and these should be implemented. While some properties are required for cryptographic functions, some other properties are required for other purposes. Hash functions with small enough message digests, should be possible to completely analysed, rather than just statistically analyse them. When you hash the result of a hash you continue to stay in the message digest space. Continuing this process will eventually result in a cycle in this hash chain. For hash functions with small message digests is should be possible to construct complete resolution of the cycle structures of the hash chain and to represent it in an interesting way. Our scope of this project is to provide users with an online hash kit application to do analysis of hash functions. This application is to generate informative properties such as collision rates, pre-image and second pre-image attack resistance.
Page 4
Definitions
Hashing
A transformation of a string of characters into a usually shorter fixed length value or key that represents the original string.It is used for index and retrieve items in a database because it is faster to find the item using a shorter hashed key than to find it using the original value but in our case, we will using it for our encryption [1].
Page 5
Project Description
Requirements
Functional Requirements
GUI Implementation User can input message digest into the application. User can upload a text file for processing as well Compute collision resistance Compute pre-image resistance Compute 2nd pre-image resistance Output collision rate, etc. Give User option to save output as text file. Online interactive website. The website will allow users to sign up, login in and do their relevant testing Comparison between hash functions Notifications will be sent to users once the hash functions have produced results
Non-Functional Requirements
User-friendly, consistent GUI Multi-threading Processing. Compatibility (E.g. Chrome, IE FireFox Browsers.)(Backward) Fault Tolerance (Exception Handling/memory leaks) Good Documentation for users
Page 6
For developers that require security implementation to reference and determine which are the suitable algorithms available that they can applied to their projects. Computer-security students would also benefit from clear depiction of the various hash functions and their properties.
Page 7
Four phases
Inception - to scope the system adequately as a basis for validating initial costing and budgets) Elaboration - to mitigate the key risk items identified by analysis up to the end of this phase) Construction - to build the software system) Transition - to transit the system from development to production)
Page 8
Page 9
Screenshots
Cryptool 2
When the software starts up, the cryptool 2 will display a start page which is comprised of different categories such as the wizard, news, templates and etc what we are interested in will be the example of how the collision can be detect. Hence, the next screenshot will be md5 collision detector which has already pre-built in the templates.
Page 10
MD5 Collider function GUI has time, match between both inputs and number of tries.
Hash analyzer
The website gives users to input hash(message digest) and a button to calculate and tabulate the results.
Page 11
Example: A md5 hash is inserted and Once the button is pressed, it will provide the below results:
Page 12
Page 13
Advantages/Disadvantages
Cryptool 2
Advantages Comprehensive tool for cryptographic uses Disadvantages It can be complex to navigate or to find a certain object if the user does not read the manual guide It is not a lightweight software hence requires more resources to load. It is only available on Windows (not cross platform) Offline (their online kit does not have any function.)
Free for all users. Open-source Project. Still in active development. Most current update is (23/01/2014)
Hash Analyzer
Advantages Able to identify the hash type Quick to compute the hash type Disadvantages It does not have any hash generator so it requires outside sources of hash. It does not have additional information on the the hash type. It only list the possible hash functions which can be not so accurate.
Page 14
Comparison
Hash kit
Cryptool
Hash Analyser
Cross platform Online availability Compute collision resistance Compute preimage Compute second preimage Account management Hash function comparison Educational
x x x x x x
x x
x x
x x x
Technical Details
Software coding languages
Java, PHP, JAVASCRIPT
Page 15
Framework
CakePHP
Database
MySQL
Techniques
Collision resistance techniques Birthday paradox - For a set of n randomly chosen people, with a keyspace of 365 days a year. The probability of same person having the same birthday reaches 100% when n people reaches 366(exceed n value) which means the more people, the higher the probability. This birthday paradox logic will be used to test hash function collision rate. The larger the dataset is being test which is the n value, the higher the collision percentage which helps users to determine the effectiveness of the specific hash function collision resistance. Weakness - Birthday paradox places an upper bound on collision resistance: if a hash function
produces N bits of output, an attacker who computes "only" 2 ( ) hash operations on random input is likely to find two matching outputs. If there is an easier method than this bru te force attack, it is typically considered a flaw in the hash function
N/2
Rainbow table - A huge database filled with unique words to test against a chosen hash function algorithm. The message digest output of the chosen hash function will be store in a database. A collision occur when different dataset produce the same message digest. The collision resistance percentage will be (number of collision)/(number of dataset tested). To produce a accurate collision resistance graph of a list of hash functions, the same database must be used. Strength - Easy to implement and understand. Given enough time, it is able to produce very accurate collision resistance rate. Weakness - A very huge database is needed to provided an accurate collision resistance rate.
Page 16
Page 17
Project Summary
This online application would be a different kind of product on among the available crypto/hash tool kits. From its online availability, which ensures compatibility across platforms, our hash kit would have the best combination of the current market tools that encourages students and/or developers in other industries to be able to understand the technical aspects of IT security.
Page 18
References
1. Margaret Rouse. (2005). What is hashing?. Available: http://searchsqlserver.techtarget.com/definition/hashing. Last accessed 27th January 2014 2. Cryptool portal - cryptography and cryptanalysis. Available: https://www.cryptool.org/en/. Last accessed 29th January 2014 3. Hash Analyzer. Available: http://tools.question-defense.com/hash-analyzer. Last accessed: January 29, 2014 4. What's the probability of a hash collision? David Johnstone. Available: http://davidjohnstone.net/pages/hash-collision-probability. Last accessed: January 29, 2014 5. IBM Rational Unified Process (RUP). Available: http://www-01.ibm.com/software/rational/rup/. Last accessed: January 29,2014 6.Pass, R."Lecture 21: Collision-Resistant Hash Functions and General Digital Signature Scheme". Course on
Cryptography, Cornell University, 2009. Available:
https://www.cs.cornell.edu/courses/cs6830/2009fa/scribes/lecture21.pdf
Last accessed: January 29,2014 7.W. W. Rouse Ball (1960) Other Questions on Probability, in Mathematical Recreations and Essays, Macmillan, New York, pp 45. Last accessed: January 29,2014
Page 19