Cryptographic hash function SafeBK
DOI:
https://doi.org/10.18372/2225-5036.23.11822Keywords:
information security, cryptography, hash functions, digital certificates, SHA-2Abstract
The application of web technologies and forms of electronic document circulation in the process of information exchange between users though simplifies this process, however, generates a number of new threats to the confidentiality, integrity and availability of information and the appearance of previously unknown vulnerabilities. One of the most common methods of protection is the use of digital certificates that ensure the confidential exchange of data between a client and a server by encrypting and authenticating a digital certificate. A digital certificate is a public key, certified by the EDS of the certification center. However, a digital certificate is not just a public key with information, but a so-called signature of a server or web resource that is implemented using the hex functions. However, with the development of information technology and the emergence of new types of attacks, leads to an increase in the number of disadvantages of existing gash functions. Thus, in the paper a new heaching function was proposed, which was developed on the basis of the SHA-2 hex function. Improvements involved the introduction of a number of changes: increased the size of words and an increase in the message digest; At the pre-processing stage, the incoming message is supplemented by a pseudo-random sequence; the number of nonlinear functions is increased. The proposed changes allow to reduce the number of rounds in the compression function, which will guarantee at least similar stability indicators with simultaneous increase in data processing speed.References
N. Aviram, S. Schinzel, Ju. Somorovsky, «DROWN: Breaking TLS using SSLv2», Proceedings of the 25th USENIX Security Symposium, P.18, 2016.
M. Green, «Attack of the week: FREAK (or «factoring the NSA for fun and profit»)», A Few Thoughts on Cryptographic Engineering. [Online]. Available at: https://blog.cryptographyengineering.com/2015/03/03/attack-of-week-freak-or-factoring-nsa/.
B. Duncan, «Weak Diffie-Hellman and the Logjam Attack». [Online]. Available at: https://weakdh.og.
P. Karpman, T. Peyrin, M. Stevens, «Practical Free-Start Collision Attacks on 76-step SHA-1». [Online]. Available at: https://eprint.iacr.org/2015/530.
SHA-1 Certificates in Chrome. [Online]. Available at: https://security.googleblog.com/2016/11/ sha-1-certificates-in-chrome.html.
F. Kohlar, S. Schage, «On the Security of TLS-DH and TLS-RSA in the Standard Model1», р. 50, 2013.
Ch. Meyer, J. Schwenk, «Horst Gortz Institute for IT-Security», Chair for Network and Data Security Ruhr-University Bochum. Lessons Learned From Previous SSL/TLS Attacks A Brief Chronology Of Attacks And Weaknesses, р. 15.
C. Castelluccia, E. Mykletun, G. Tsudik, «Impro-ving Secure Server Performance by Re-balancing SSL/TLS Handshakes», Proceedings of ACM Symposium on Information, computer and communications security, р. 26-34, 2006.
S. Kumar Sanadhya, P. Sarkar, «22-Step Collisions for SHA-2». [Online]. Available at:: http:// arxiv.org/abs/0803.1220.
«Improving Local Collisions: New Attacks on Reduced SHA-256». [Online]. Available at: https:// eprint .iacr.org/2015/350.pdf )
Ch. Dobraunig, M. Eichlseder, F. Mendel, «Analysis of SHA-512/224 and SHA-512/256». [Online]. Available at: https://eprint.iacr.org/2016/374.pdf
