ProjectProposal 1.0

CSCI321 Project Proposal Project Group

SS14/1C

Page 1

Project Topic : DSS-14-S1-12: Hash Kit

Project Members: Sim Aik Chun 4234716 [email protected] Ian Chua Zhi Ying 4442416 [email protected] Ng Yuet Yong 4235320 [email protected] Ong Wei Liang Eugene 4235289 [email protected]

Weng Xian 4443822 [email protected]


SS14/1C

Page 2

Table of Contents Introduction .............................................................................................................................. 4

Definitions ................................................................................................................................ 5

Hashing .................................................................................................................................. 5

Cryptographic Hash function .................................................................................................. 5

Project Description .................................................................................................................. 6

Requirements ......................................................................................................................... 6

Functional Requirements .................................................................................................... 6

Non-Functional Requirements ............................................................................................. 6

Justification of the requirements ............................................................................................. 7

Software development methodology ...................................................................................... 8

Rational unified Process (RUP) .............................................................................................. 8

Four phases ........................................................................................................................... 8

Why Rational Unified Process (RUP)?.................................................................................... 8

Currently available Hash kits .................................................................................................. 9

Market Survey ........................................................................................................................ 9

Screenshots ..........................................................................................................................10

Cryptool 2 ..........................................................................................................................10

Hash analyzer ....................................................................................................................11

Hash Collision Probability Calculator ..................................................................................13

Advantages/Disadvantages ...................................................................................................14

Cryptool 2 ..........................................................................................................................14

Hash Analyzer ...................................................................................................................14

Hash Collision Probability Calculator ..................................................................................14

Comparison ...........................................................................................................................15

Technical Details .......................................................................................................................15

Software coding languages ...................................................................................................15

Framework ............................................................................................................................16

Software development applications .......................................................................................16

Database ...............................................................................................................................16


SS14/1C

Page 3

Techniques ............................................................................................................................16

Project Summary ......................................................................................................................18

References ..............................................................................................................................19


SS14/1C

Page 4

Introduction

Our project is to produce a tool for analysing hash functions, cryptographic and otherwise.

There are various tests that can be applied to test for the occurrence of collisions for example,

and these should be implemented. While some properties are required for cryptographic

functions, some other properties are required for other purposes.

Hash functions with small enough message digests, should be possible to completely analysed,

rather than just statistically analyse them. When you hash the result of a hash you continue to

stay in the message digest space. Continuing this process will eventually result in a cycle in this

hash chain. For hash functions with small message digests is should be possible to construct

complete resolution of the cycle structures of the hash chain and to represent it in an interesting

way.

Our scope of this project is to provide users with an online hash kit application to do analysis of

hash functions. This application is to generate informative properties such as collision rates,

pre-image and second pre-image attack resistance.


SS14/1C

Page 5

Definitions

Hashing

A transformation of a string of characters into a usually shorter fixed length value or key that

represents the original string.It is used for index and retrieve items in a database because it is

faster to find the item using a shorter hashed key than to find it using the original value but in

our case, we will using it for our encryption [1].

Cryptographic Hash function

A hash function that takes an arbitrary block of data and return a fixed-size bit string, the

cryptographic hash value (sometimes, it is called message digest) and it should not be easily

decrypted into plain text and also to protect the integrity and confidentiality of the transmitted

message. There are variety of usable functions which can serve the same purposes but there

might be broken functions which may jeopardise the communication of both parties. Below is a

table of hash functions that interest us:


SS14/1C

Page 6

Project Description

Requirements

Functional Requirements

GUI Implementation

User can input message digest into the application.

User can upload a text file for processing as well

Compute collision resistance

Compute pre-image resistance

Compute 2nd pre-image resistance

Output collision rate, etc.

Give User option to save output as text file.

Online interactive website.

The website will allow users to sign up, login in and do their relevant testing

Comparison between hash functions

Notifications will be sent to users once the hash functions have produced results

Non-Functional Requirements

User-friendly, consistent GUI

Multi-threading Processing.

Compatibility (E.g. Chrome, IE FireFox Browsers.)(Backward)

Fault Tolerance (Exception Handling/memory leaks)

Good Documentation for users


SS14/1C

Page 7

For developers that require security implementation to reference and determine which are the

suitable algorithms available that they can applied to their projects.

Computer-security students would also benefit from clear depiction of the various hash functions

and their properties.

Justification of the requirements

The functional requirements are determined from the perspective of our target audience. Online

hash kit application would have to have a simple and clear interface for the user to derive the

results that he/she wants. Since developers and/or IT-security students could have large

amount of data to be processed for either their projects or personal learning, by including a

feature to upload a text file will be a useful feature for them. We also decided to add informative

notes about IT-security so that students can learn while using our application.

The non-functional requirements are derived to facilitate an enjoyable user experience that isnt

clunky, slow or hard to navigate.


SS14/1C

Page 8

Software development methodology

Rational unified Process (RUP)

A comprehensive process framework that provides industry-tested practices for software and

systems delivery and implementation and for effective project management.it promotes iterative

development of software and systems into four phases, each consisting of one or more

excutable iterations of the software at the stage of development.[5]

Four phases

Inception - to scope the system adequately as a basis for validating initial costing and budgets)

Elaboration - to mitigate the key risk items identified by analysis up to the end of this phase)

Construction - to build the software system)

Transition - to transit the system from development to production)

Why Rational Unified Process (RUP)?

After much consideration, Rational Unified Process stands out the most, and is most suitable for

this project. It encourages concurrent workflows across the entire cycle and it mainly focus on

the scope thus the group will not sidetrack instead of using a project backlog after every

iteration. It is also due to time constraint that the concurrent workflow property of RUP could

help us in completing the project punctually.Rational Unified Process is also recommended for

long-term projects with medium-to-high complexity instead of scrum, quick organizations that

are not dependent on deadline.


SS14/1C

Page 9

Currently available Hash kits

Market Survey

Here are some hash kits which we found online:

Hash kit Capabilities

(Offline) Cryptool (1/2) [2] - Able to analyze different hashes *(screenshots of the software will be available below) - Informative and user-friendly user interface which allow users to drag and drop function objects to create their own hybrid hash functions/etc

(Online) hash analyzer[3]

- Determine the hash type based on the users input

(Online) Hash collision probability calculator[4]

- Compute (unknown)hash collision probability


SS14/1C

Page 10

Screenshots

Cryptool 2

When the software starts up, the cryptool 2 will display a start page which is comprised of

different categories such as the wizard, news, templates and etc

what we are interested in will be the example of how the collision can be detect. Hence, the next

screenshot will be md5 collision detector which has already pre-built in the templates.


SS14/1C

Page 11

MD5 Collider function GUI has time, match between both inputs and number of tries.

Hash analyzer

The website gives users to input hash(message digest) and a button to calculate and tabulate

the results.


SS14/1C

Page 12

Example: A md5 hash is inserted and Once the button is pressed, it will provide the below

results:


SS14/1C

Page 13

Hash Collision Probability Calculator


SS14/1C

Page 14

Advantages/Disadvantages

Cryptool 2

Advantages Disadvantages

Comprehensive tool for cryptographic uses It can be complex to navigate or to find a certain object if the user does not read the manual guide

Free for all users. Open-source Project. It is not a lightweight software hence requires more resources to load.

Still in active development. Most current update is (23/01/2014)

It is only available on Windows (not cross platform)

Offline (their online kit does not have any function.)

Hash Analyzer


Able to identify the hash type It does not have any hash generator so it requires outside sources of hash.

Quick to compute the hash type It does not have additional information on the the hash type.

It only list the possible hash functions which can be not so accurate.

Hash Collision Probability Calculator


Simple user interface Hash function it is calculating for is not clear.

Accuracy unverifiable


SS14/1C

Page 15

Not sufficient information

Comparison

Hash kit Cryptool Hash Analyser Hash collision probability calculator

Cross platform x

Online availability

x x x

Compute collision

resistance

x x

Compute pre-image

x x

Compute second pre-

image

x x

Account management

x

Hash function comparison

x

Educational x

Technical Details

Software coding languages

Java, PHP, JAVASCRIPT


SS14/1C

Page 16

Framework

CakePHP

Software development applications

Git - revisioning software

Eclipse/NetBeans - IDE environment

Apache - local webserver

Database

MySQL

Techniques

Collision resistance techniques

Birthday paradox - For a set of n randomly chosen people, with a keyspace of 365 days a year.

The probability of same person having the same birthday reaches 100% when n people reaches

366(exceed n value) which means the more people, the higher the probability. This birthday

paradox logic will be used to test hash function collision rate. The larger the dataset is being test

which is the n value, the higher the collision percentage which helps users to determine the

effectiveness of the specific hash function collision resistance.

Weakness - Birthday paradox places an upper bound on collision resistance: if a hash function

produces N bits of output, an attacker who computes "only" 2N/2

( ) hash operations on random input

is likely to find two matching outputs. If there is an easier method than this brute force attack, it is

typically considered a flaw in the hash function

Rainbow table - A huge database filled with unique words to test against a chosen hash function

algorithm. The message digest output of the chosen hash function will be store in a database. A

collision occur when different dataset produce the same message digest. The collision

resistance percentage will be (number of collision)/(number of dataset tested). To produce a

accurate collision resistance graph of a list of hash functions, the same database must be used.

Strength - Easy to implement and understand. Given enough time, it is able to produce very

accurate collision resistance rate.

Weakness - A very huge database is needed to provided an accurate collision resistance rate.


SS14/1C

Page 17


SS14/1C

Page 18

Project Summary

This online application would be a different kind of product on among the available crypto/hash

tool kits. From its online availability, which ensures compatibility across platforms, our hash kit

would have the best combination of the current market tools that encourages students and/or

developers in other industries to be able to understand the technical aspects of IT security.


SS14/1C

Page 19

References

1. Margaret Rouse. (2005). What is hashing?. Available:

http://searchsqlserver.techtarget.com/definition/hashing. Last accessed 27th January 2014

2. Cryptool portal - cryptography and cryptanalysis. Available:

https://www.cryptool.org/en/. Last accessed 29th January 2014

3. Hash Analyzer. Available:

http://tools.question-defense.com/hash-analyzer. Last accessed: January 29, 2014

4. What's the probability of a hash collision? David Johnstone. Available:

http://davidjohnstone.net/pages/hash-collision-probability. Last accessed: January 29, 2014

5. IBM Rational Unified Process (RUP). Available:

http://www-01.ibm.com/software/rational/rup/. Last accessed: January 29,2014

6.Pass, R."Lecture 21: Collision-Resistant Hash Functions and General Digital Signature Scheme". Course on

Cryptography, Cornell University, 2009. Available: https://www.cs.cornell.edu/courses/cs6830/2009fa/scribes/lecture21.pdf Last accessed: January 29,2014

7.W. W. Rouse Ball (1960) Other Questions on Probability, in Mathematical Recreations and Essays, Macmillan, New

York, pp 45. Last accessed: January 29,2014

Documents

ProjectProposal 1.0