Archive for the 'Authentification' Category Page 2 of 2

Newer Entries »
Apr 23

Broken hash function, now what ?

in Authentification, In Publications, Processing and storage, Technology and integrity. Comments Printable version Printable version

Hash function are a key component of any cryptosystem. The underlaying idea of a hash function is simple : it is a one way function used to generate a fixed length hash (signature) for a given entry. A hash function is secure if there is no mean to find a collosion for a given entry. In other word that you can’t craft a file that will have the same hash than a given file easily. Of course because hash have a fixed length, collision is unavoidable however until you can create a collision at will, hash function are “secure”. Among the numerous uses of theses signatures some typical example are file signature and binary integrity. The most well known hash function are the old md5 and the standardized SHA (SHA-1 for example).

At EUROCRYPT’05 Wand and al described a new class of attack on most hash function including MD4, M5, SHA-1, SHA-0. This attack allows an attacker to find a collision for any hash in a reasonnable amout of time. This make practical attacks against real protocol possible.

Wang message modification technique does not allow the attacker to choose the block that will collides. Hence you can’t simply switch one binary for an other. However the technique allows to have an arbitrary prefix, and the Merkel-Damgard construction allows to add a common suffix.

Putting all together it means that an attacker can choose a prefix and a suffix but have to somehow hide the collinding block. That is why real world application of this attack are not so obvious. Here is some real world application of such attack:

  • Crafting document that have the same signature but a different display. This work only if the document have the ability to mask the colliding block. For example conditional display in PS or color change in PDF. Affected file type are Word, PDF, PS, TIFF. This have been Daum and al and Extended by Gebhardt and al
  • Having two different X509 certificates for the same name but with a different RSA moduli by Lenstra and al
  • Protocol authentification handshake attack : A recent attack show how to partially recover APOP password . APOP is defined in the POP3 protocol as a secure mean to perform authentification. This was discovered independently by G. Leurent and Y. Sasaki

As one can see the impact of this attack is important but the impact is not that big. File collision is a problem but a real signature protocol requiers that the hash is signed with the private key. This is even use on Linux package that now use GPGP signature. APOP attack is nice, but POP3 protocol is a clear text protocol and APOP is not the good way to secure it.

Now what ? There is two distinct directions : New hash functions and new attacks. New attacks may be found on web application that use hash for many purposes. Rootkit can also use it to become harder to detect. Hash function is still the part of the cryptography that evolve the more quickly.

Local link:

How to Break MD5 and Other Hash Functions by Xiaoyun Wang and Hongbo Yu

A Note on the Practical Value of Single Hash Collisions for Special File Formats by Max Gebhardt, Georg Illies, Werner Schindler

On the possibility of constructing meaningful hash collisions for public keys by Arjen Lenstra and Benne de Weger

Message Freedom in MD4 and MD5 Collisions. Application to APOP by G. Leurent

Feb 20

A comparison between DVB conditional access and secure IP multicast Article Review

in Authentification, Confidentiality, Cryptography, In Publications and Technology. Comments Printable version Printable version

This article published at MWCS in 2005, by H.S. Cruickshank, M.P. Howarth, S. Iyengar and Z. Sun, propose to replace the current DVB (Digital Video Broadcasting) conditional access (CA) by an IP multicast system. DVB is the standard used for TV satellite. Conditional access is the mechanism used in satellite television to restrict the diffusion to authorized customers. Because the signal is broadcasted to everyone with no control, it rely on cryptographic means to do so. There is many CA systems available such as Viaccess, Connax or Nagravision.

I was interested in this article because it provides a concret and overview of how DVB work and in particular how CA is enforced. As far as I know this is one of the only paper that present DVB scheme in great details. It is far more usable that the Wikipedia page for instance. If you are curious of DVB and satellite in general this is a nice introduction article.

Concerning the multicast protocol replacement, I am not convinced because the strength of DVB is its ability to work without decoder feedback. If this introduce security problems on the other hand it makes it usable everywhere in the world.

Please note that some information about the cryptographic algorithm are inaccurate. For instance Viaccess used AES or RC6 for encryption and not triple DES. EMM are also cycled very often on some CA systems, TPS cycle at least two time by hour for instance, to prevents rogue cards.

Two under looked security gaps of DVB are:

  1. The ability to performs replay attacks on Smart card
  2. The card sharing technique that use Internet to share EMM faster that they cycle. (look for Gbox in Google if your are interested in practical uses)

In conclusion this work is valuable as it provides a reference paper about DVB system that can be used as starting point.

Detailed information (5W-H report)

  • What: It is as a paper about DVB system conditional access
  • Why: DVB CA is problematic because it requires that the receiver does not answer. This leads to security problems. This paper is valuable as it provides a reference on how DVB work. There is very few documentation about the subject.
  • Who: H.S. Cruickshank, M.P. Howarth, S. Iyengar and Z. Sun from the Networks Research Group in the Centre for Communication Systems Research, part of the Department of Electronic Engineering at the University of Surrey
  • Where: The paper was publish in the 14th IST Mobile and Wireless Communications Summit in Germany
  • When: June 2005
  • How: The DVB system is depicted by a textual explanation along with nice diagrams.

Additional resources

the paper Local version

Dr. Michael Howarth page

Newer Entries »