1. Trang chủ
  2. » Luận Văn - Báo Cáo

btec level 5 hnd diploma in computing unit 5 security 3

46 0 0
Tài liệu đã được kiểm tra trùng lặp

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 46
Dung lượng 2,98 MB

Cấu trúc

  • I. Introduction (7)
    • 1. Motivations (9)
    • 2. Objectives (9)
    • 3. Overview of the brute-force attacks (10)
    • 4. Summary (12)
  • II. Methodology (15)
  • III. Proposed the algorithm (17)
  • IV. Result and analysis (29)
    • 1. Proof and analyze the algorithm (29)
    • 2. Discussions (41)
  • V. Conclusion (43)

Nội dung

The major objective of putting confidentiality principles into practice isto safeguard the privacy and secrecy of confidential information, making sure that only authorized peoplewho nee

Introduction

Motivations

The Internet is currently being destroyed by attacks that are more modern and advanced than before These assaults could include DDoS, malicious code (such as worms, viruses, and adware), scanning, root compromise, session high jacking, and many other types of attacks The straightforward objective of a Denial of Service (DoS) attack is to bombard any service provider with erroneous requests, preventing it from providing its services to regular users and leading to availability loss In a manner like this, internet worms go for a particular weakness, build up a sizable network, and then finally conduct a DoS attack None of the vendors of intrusion detection systems (IDS) absolutely guarantees the availability of data and resources, confidentiality (also known as privacy), or integrity

There were numerous dangers in the cyber world that directly compromised the privacy of our data Hackers or cybercriminals can breach the security and take the data out of our hands by using a Brute- force assault and other basic and simple methodological attacks As we previously stated, data is extremely precious today For some people, companies, or countries, data is even more valuable, which means that if their data is stolen, their enterprises or a country's economy could collapse over time.Banks combined their customers' accounts with a digital account as part of their bank service in recent years, along with digital signatures One of the most significant technologies used in the digital account or digital signature is the hashing algorithm and encryption algorithms We can see those algorithms in general, and hashing algorithms, play a crucial role in today's services These algorithms are crucial to both the owner's business and the whole economy of a nation.

Objectives

In this report, the objectives are as follows:

Analyze and prove how to avoid brute-force attacks by using hashing algorithms

Implement the hashing algorithm to know how the algorithms can protect our data

Discuss the applications of hashing algorithms.

Overview of the brute-force attacks

A brute force method is used to crack passwords, iterating over each one until the real password is found.For instance, a 4-digit password that solely contains numbers can only be cracked in a maximum of10,000 different ways, which means that it can only be done in that many attempts A password that was manually created (for instance, a non-random password that was manually set with a rule that could be followed) can be cracked much faster by using a password dictionary (like a rainbow table) to look up a frequently used password

The aim of password cracking is to find a lost or obscure password A password cracker is a piece of software that can be used to recover passwords saved on a computer system as cryptographic hashes or conduct brute-force password attacks to obtain unauthorized access to a system An algorithm known as a cryptographic hash reduces a big quantity of data to a single (long) integer An algorithm called the OA cryptographic hash reduces a big quantity of data to a single (long) number The hash value can be used to check the accuracy of those data after being mathematically hashed An attacker will use every conceivable character combination in a brute-force password-cracking effort until the "cracked" password successfully grants access With today's powerful computers, it is possible to quickly try millions of password combinations Given enough time and computing power, it is theoretically conceivable to utilize the hash value to check the accuracy of the data after it has been mathematically hashed An attacker will use every conceivable character combination in a brute-force password cracking attempt until the

"cracked" password successfully grants access With today's powerful computers, it is possible to quickly try millions of password combinations Most algorithms can be broken with enough time and computing power.

We need cryptography to stop this attack Instead of the secrecy of the cipher, a cryptosystem's security typically relies on the secrecy of the keys A brute-force attack cannot test every possible key for a powerful cryptosystem because there are too many of them A robust system should also generate ciphertext that passes all common statistical tests as random and is impervious to all previously known techniques for decryption Cryptoanalysis is the procedure for decrypting codes.

Any ciphertext can be eventually broken if an attacker has enough time and resources Making the price or time needed to decrypt ciphertext without the key greater than the value of the data being protected is the aim of cryptography So, you may use a cipher that costs $500 to crack to securely safeguard information that is only worth $10 This idea must be understood It offers one of the fundamental justifications for picking ciphers and cryptographic tools A key space is the range of potential keys for a cipher An attacker with access to an encrypted communication and the decryption cipher could attempt every key without knowing the actual key in order to decode the message A brute-force attack has been launched.You increase the cost of a brute-force attack by making the key space big enough A larger key space typically equates to more security, assuming the encryption is mathematically sound.

Summary

In conclusion, we may get an overview of the state of our data privacy, the different kinds of cyberattacks that are occurring today, their effectiveness, and how they will pose a threat to Internet users.

As stated in the objectives, we will delve more into the process of protecting our data using hashing algorithms in this report and suggest the algorithm Additionally, we will demonstrate how algorithms can safeguard our data and its uses.

Methodology

In this report, we will utilize a brute-force attack in this report and keep it as straightforward as we can.

We will also use the well-known hashing technique SHA-256 for our testing We will examine how SHA-

256 can safeguard our data and how it can thwart brute-force attacks The National Security Agency (Agency, 1952) developed SHA-2 (Secure Hash Algorithm 2) in 2001 as a replacement for SHA-1 The SHA-256 algorithm is one variant of SHA-2 A 256-bit value is produced by the patented cryptographic hash algorithm SHA-256.

Proposed the algorithm

We will first go over the brute-force assault and how it is used A brute-force attack is described as a search for every potential key to break a cipher A cipher is typically regarded as secure if it can only be cracked through brute force The block cipher or key length of any encryption scheme is a factor in the assaults A typical brute force attack entails a thorough key search, like when a thief attempts every possible combination in a safe's lock

A brute force attack employs a method of systematic guessing to determine login information, credentials, and encryption keys The attacker attempts many username and password combinations before making a successful guess.

Once they are successful, the actor can enter the system as the authorized user and stay there until they are discovered They take advantage of this opportunity to move laterally, set up back doors, learn more about the system in preparation for next attacks, and, of course, steal data.

As long as there have been passwords, there have been brute force assaults Due to the transition to remote work, they are not only still popular but also becoming more common

We will thus examine the SHA-256 algorithm using the steps and reasoning of a brute-force assault to discover how effective this method is and how it can safeguard our data We shall have some mathematical proof to measure the security of this algorithm so that we can fully comprehend both its capabilities and power

A message with a length of 2 bits can be compressed using the iterative, one-way hash function SHA- 64

256 to create a message digest, which is a 256-bit condensed form As seen in figure 4, the compression process can be divided into four steps The first phase is called Pre-Processing, and it entails two steps: segmenting and padding the message into 512-bit data blocks (Mt) and setting the initial hash variables (H(0~7)) to be utilized in the hash computation Sequentially feeding these data blocks (M ) into thet

Message Schedule, the second stage, causes them to be extended into sixty-four 32-bit words (W ) Thet third stage, known as the Digest Calculation, is the next step, which is transferred onto each 32-bit word(Wt) The third stage, known as the Digest Calculation, is the next step, which is transferred onto each 32- bit word (W ) Eight 32-bit working variables (a~h) are initialized using the initial hash variables (Ht (0–7)) at this stage In each of the 64 iterations, these variables plus two 32-bit temporary variables (T1, T2) are computed and updated The values of the eight working variables are given to the Digest Update, which is the last stage, after 64 iterations The original hash values are stored in the digest variables (H(07)), which are updated in this stage by adding the new values to the working variables Message Schedule, DigestCalculation, and Digest Update often make up one data block processing activity When all the data blocks have been processed, the hash computation is finished.

SHA-256 is a cryptographic hash function with a digest length of 256 bits (secure hash algorithm, FIPS 182-2) It is an MDC (Manipulation Detection Code), or keyless hash function Blocks of 512 = 16 32 bits, each requiring 64 rounds, are used to process messages To understand this algorithm in an easy way, we will take the pseudocode to explain for this algorithm

All variables are 32-bit unsigned integers and addition is calculated modulo 2 32

For each round, there is one round constant K[i] and one entry in the message schedule array w[i],

The compression function uses 8 working variables, a through h.

Big-endian convention is used when expressing the constants in this pseudocode, and when parsing message block data from bytes to words For example, the first word of the input message "abc" after padding is 0x61626380

Initialize hash values: (first 32 bits of the fractional parts of the square roots of the first 8 primes 2 19): h0 is set to 0x6a09e667 h1 is set to 0xbb67ae85 h2 is set to 0x3c6ef372 h3 is set to 0xa54ff53a h4 is set to 0x510e527f h5 is set to 0x9b05688c h6 is set to 0x1f83d9ab h7 is set to 0x5be0cd19

Initialize array of round constants: (first 32 bits of the fractional parts of the cube roots of the first 64 primes 2 311): k[0] is set to 0x428a2f98, k[1] is set to 0x71374491, k[2] is set to 0xb5c0fbcf, k[3] is set to 0xe9b5dba5, k[4] is set to 0x3956c25b, k[5] is set to 0x59f111f1, k[6] is set to 0x923f82a4, k[7] is set to 0xab1c5ed5, k[8] is set to 0xd807aa98, k[9] is set to 0x12835b01, k[10] is set to 0x243185be, k[11] is set to 0x550c7dc3, k[12] is set to 0x72be5d74, k[13] is set to 0x80deb1fe, k[14] is set to 0x9bdc06a7, k[15] is set to 0xc19bf174, k[16] is set to 0xe49b69c1, k[17] is set to 0xefbe4786, k[18] is set to 0x0fc19dc6, k[19] is set to 0x240ca1cc, k[20] is set to 0x2de92c6f, k[21] is set to 0x4a7484aa, k[22] is set to 0x5cb0a9dc, k[23] is set to 0x76f988da, k[24] is set to 0x983e5152, k[25] is set to 0xa831c66d, k[26] is set to 0xb00327c8, k[27] is set to 0xbf597fc7, k[28] is set to 0xc6e00bf3, k[29] is set to 0xd5a79147, k[30] is set to 0x06ca6351, k[31] is set to 0x14292967, k[32] is set to 0x27b70a85, k[33] is set to 0x2e1b2138, k[34] is set to 0x4d2c6dfc, k[35] is set to 0x53380d13, k[36] is set to 0x650a7354, k[37] is set to 0x766a0abb, k[38] is set to 0x81c2c92e, k[39] is set to 0x92722c85, k[40] is set to 0xa2bfe8a1, k[41] is set to 0xa81a664b, k[42] is set to 0xc24b8b70, k[43] is set to 0xc76c51a3, k[44] is set to 0xd192e819, k[45] is set to 0xd6990624, k[46] is set to 0xf40e3585,k[47] is set to 0x106aa070, k[48] is set to 0x19a4c116, k[49] is set to 0x1e376c08, k[50] is set to 0x2748774c, k[51] is set to 0x34b0bcb5, k[52] is set to 0x391c0cb3, k[53] is set to 0x4ed8aa4a, k[54] is set to 0x5b9cca4f, k[55] is set to 0x682e6ff3, k[56] is set to 0x748f82ee, k[57] is set to 0x78a5636f, k[58] is set to 0x84c87814, k[59] is set to 0x8cc70208, k[60] is set to 0x90befffa, k[61] is set to 0xa4506ceb, k[62] is set to 0xbef9a3f7, k[63] is set to 0xc67178f2.

Begin with the original message of length L bits

Append a single '1' bit Append K '0' bits, where K is the minimum number >= 0 such that L + 1 + K +

Append L as a 64-bit big-endian integer, making the total post-processed length a multiple of 512 bits Process the message in successive 512-bit chunks:

Break message into 512-bit chunks

Create a 64-entry message schedule array w[0 63] of 32-bit words (The initial values in w[0 63] don't matter, so many implementations zero them here) copy chunk into first 16 words w[0 15] of the message schedule array

Extend the first 16 words into the remaining 48 words w[16 63] of the message schedule array: For i from 16 to 63: s0 := (w[i-15] rightrotate 7) xor (w[i-15] rightrotate 18) xor (w[i-15] rightshift 3) s1 := (w[i- 2] rightrotate 17) xor (w[i- 2] rightrotate 19) xor (w[i- 2] rightshift 10) w[i] := w[i-16] + s0 + w[i-7] + s1

Initialize working variables to current hash value: a := h0 b := h1 c := h2 d := h3 e := h4 f := h5 g := h6 h := h7

S1 := (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25) ch := (e and f) xor ((not e) and g) temp1 := h + S1 + ch + k[i] + w[i]

S0 := (a rightrotate 2) xor (a rightrotate 13) xor (a rightrotate 22) maj := (a and b) xor (a and c) xor (b and c) temp2 := S0 + maj h := g g := f f := e e := d + temp1 d := c c := b 12 b := a a := temp1 + temp2

Add the compressed chunk to the current hash value: h0 := h0 + a h1 := h1 + b h2 := h2 + c h3 := h3 + d h4 := h4 + e h5 := h5 + f h6 := h6 + g h7 := h7 + h

Produce the final hash value (big-endian): digest := hash := h0 append h1 append h2 append h3 append h4 append h5 append h6 append h7

Result and analysis

Proof and analyze the algorithm

We will hash a string “Good morning” by using SHA-256.

Convert “Good morning” to binary:

Pad with 0's until data is multiple of 512:

Append 64 bits to the end, where the 64 bits are a big-endian integer representing the length of the original input in binary In our case is 01011000:

Now we have our input, which will always be evenly divisible by 512.

Now we create 8 hash values These are hard-coded constants that represent the first 32 bits of the fractional parts of the square roots of the first 8 primes: 2, 3, 5, 7, 11, 13, 17, 19. h0 := 0x6a09e667 h1 := 0xbb67ae85 h2 := 0x3c6ef372 h3 := 0xa54ff53a h4 := 0x510e527f h5 := 0x9b05688c h6 := 0x1f83d9ab h7 := 0x5be0cd19

Similar to step 2, we are creating some constants This time, there are 64 of them Each value (0-63) is the first 32 bits of the fractional parts of the cube roots of the first 64 primes (2 - 311).

Figure 5: Constants variables Step 4: Chunk Loop

The following steps will happen for each 512-bit "chunk" of data from our input In our case, because

"Good morning" is too short we only have one chunk At each iteration of the loop, we will be mutating the hash values h0-h7, which will be the final output.

Copy the input data from step 1 into a new array where each entry is a 32-bit word:

Add more 48 new words initialized to 0, such that we have an array w[0 63]

00000000000000000000000000000000 00000000000000000000000000000000 Modify the zero-ed indexes at the end of the array using the following algorithm: For i from w[16…63]: s0 = (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25) s1 = (a rightrotate 2) xor (a rightrotate 13) xor (a rightroate 10) w[i] = w[i-16] + s0 + w[i-7] + s1

After calculating this leaves us with 64 words in our message schedule:

Initialize variables a, b, c, d, e, f, g, h and set them equal to the current hash values respectively h0, h1, h2, h3, h4, h5, h6, h7

Run the compression loop The compression loop will mutate the value of a…h Compression loop is as follows: for i from 0 to 63

S1 = (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25) ch = (e and f) xor ((not e) and g) temp1 = h + S1 + ch + k[i] + w[i]

S0 = (a rightrotate 2) xor (a rightrotate 13) xor (a rightrotate 22) maj = (a and b) xor (a and c) xor (b and c) temp2 := S0 + maj h = g g = f f = e e = d + temp1 d = c c = b b = a a = temp1 + temp2

Calculating modulo 2^32: a = 0x6a09e667 = 00010001010101010011000100011110 b = 0xbb67ae85 = 11110101100111011101101010111110 c = 0x3c6ef372 = 11000111101001011110010111010010 d = 0xa54ff53a = 10010111010111000111000100111111 e = 0x510e527f = 01000000011011010010111011001001 f = 0x9b05688c = 10110000010000101001001110110111 g = 0x1f83d9ab = 01000111010011101011111110111111 h = 0x5be0cd19 = 01011111000101101001010111000111 e rightrotate 6:

S1 = 11001010101111101101110110111110 ch = (e and f) xor ((not e) and g) = 00000111010000101001001110110111 temp1 = h + S1 + ch + k[i] + w[i] = 00110000100011100110101011110111 a rightrotate 2:

S0 = 01011000011000011011111010101011 maj = (a and b) xor (a and c) xor (b and c) = 11010101100101011111000110011110 temp2 = S0 + maj = 00101101111101111011000001001001 h = 01000111010011101011111110111111 g = 10110000010000101001001110110111 f = 01000000011011010010111011001001 e = 11000111111010101101110000110110 d = 11000111101001011110010111010010 c = 11110101100111011101101010111110 b = 00010001010101010011000100011110 a = 01011110100001100001101101000000

After the compression loop, but still, within the chunk loop, we modify the hash values by adding their respective variables to them, a-h As usual, all addition is modulo 2^32. h0 = h0 + a = c89001a7 = 11001000100100000000000110100111 h1 = h1 + b = ccbcdf a3 = 11001100101111001101111110100011 h2 = h2 + c = 320cce30 = 00110010000011001100111000110000 h3 = h3 + d = 6cf5db0c = 01101100111101011101101100001100 h4 = h4 + e = 18f92eb5 = 00011000111110010010111010110101 h5 = h5 + f = db729755 = 11011011011100101001011101010101 h6 = h6+ g = cfc66d62 = 11001111110001100110110101100010 h7 = h7 + h = a32f8cd8 = 10100011001011111000110011011000

Last but not least, put them all together, a simple string concatenation will do digest = h0 append h1 append h2 append h3 append h4 append h5 append h6 append h7

= c89001a7ccbcdfa3320cce306cf5db0c18f92eb5db729755cfc66d62a32f8cd8

Discussions

It's an established, reliable industrial standard: Leading government agencies and prominent figures in the technological world rely on SHA-256 as an industry standard

Collisions are quite unlikely to occur: When employing SHA-256, there are 2256 potential hash values, making it nearly unlikely for two distinct documents to coincidentally have the same hash value (More on this in the following section)

The impact of an avalanche Contrary to certain older hashing algorithms, the avalanche effect causes even very small modifications to the original data to totally alter the hash result.

The main reason technology leaders use SHA-256 is that it does not have any known vulnerabilities that make it insecure and it has not been “broken” unlike some other popular hashing algorithms.

It does not mean the SHA-256 is always good It has its pros and cons, too The very last barrier of defense is a hash of the password When all other security precautions have been violated, it serves the only goal of preventing an attacker from taking complete control of a user This means that a password must always be stored with a cryptographic one-way function There is no guarantee that an attacker has not already obtained the secret key and quickly passed through all security gates if a password has been encrypted using a decryption-capable method.

Therefore, password storing methods using encryption techniques like AES and RSA are not secure It is required to employ a one-way hash function.

Additionally, a password hash must be resistant to assaults such as pre-image and collision To put it another way, it should not be able to methodically locate a value that can be computed to a given hash value This eliminates hash algorithms like MD5 and SHA-1, which have been shown to be open to such assaults.

Overall, The SHA-256 algorithm is important because it is an integral part of mining on the Bitcoin network, as well as many smaller Proof of Work blockchain networks.

Conclusion

In conclusion, we are aware that the security of our personal information is poor, making it vulnerable to theft by hackers and criminals We have demonstrated in this report how to use a hashing algorithm likeSHA-256 to ensure the integrity and privacy of our data while also making it more secure, as nothing is ever totally secure These days, the Blockchain technology uses SHA-256 and other algorithms to secure the data of the trillion-dollar market, including Bitcoin And since no hacker, computer, or other sort of attack, including brutal-force, has yet been able to crack or break this market, we may utilize the SHA-256 hashing technique, which is incredibly strong and reliable, to safeguard the security and integrity of our data.

GANDY JR, O H 2000 Exploring identity and identification in cyberspace Notre Dame JL Ethics & Pub Pol'y, 14 1085.,

HUGHES, J & CYBENKO, G 2013 Quantitative metrics and risk assessment: The three tenets model of cybersecurity Technology Innovation Management Review, 3.

Ngày đăng: 08/05/2024, 12:45