Malicious Hashing: Eve’s Variant of SHA-1 View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2014-11-29

AUTHORS

Ange Albertini , Jean-Philippe Aumasson , Maria Eichlseder , Florian Mendel , Martin Schläffer

ABSTRACT

We present collisions for a version of SHA-1 with modified constants, where the colliding payloads are valid binary files. Examples are given of colliding executables, archives, and images. Our malicious SHA-1 instances have round constants that differ from the original ones in only 40 bits (on average). Modified versions of cryptographic standards are typically used on closed systems (e.g., in pay-TV, media and gaming platforms) and aim to differentiate cryptographic components across customers or services. Our proof-of-concept thus demonstrates the exploitability of custom SHA-1 versions for malicious purposes, such as the injection of user surveillance features. To encourage further research on such malicious hash functions, we propose definitions of malicious hash functions and of associated security notions. More... »

PAGES

1-19

Book

TITLE

Selected Areas in Cryptography -- SAC 2014

ISBN

978-3-319-13050-7
978-3-319-13051-4

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-319-13051-4_1

DOI

http://dx.doi.org/10.1007/978-3-319-13051-4_1

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1048127163


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Corkami, Ravensburg, Germany", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "Corkami, Ravensburg, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Albertini", 
        "givenName": "Ange", 
        "id": "sg:person.011775146371.60", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011775146371.60"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Kudelski Security, Cheseaux-sur-Lausanne, Switzerland", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "Kudelski Security, Cheseaux-sur-Lausanne, Switzerland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Aumasson", 
        "givenName": "Jean-Philippe", 
        "id": "sg:person.012606440341.66", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012606440341.66"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Graz University of Technology, Graz, Austria", 
          "id": "http://www.grid.ac/institutes/grid.410413.3", 
          "name": [
            "Graz University of Technology, Graz, Austria"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Eichlseder", 
        "givenName": "Maria", 
        "id": "sg:person.014606337775.51", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014606337775.51"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Graz University of Technology, Graz, Austria", 
          "id": "http://www.grid.ac/institutes/grid.410413.3", 
          "name": [
            "Graz University of Technology, Graz, Austria"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Mendel", 
        "givenName": "Florian", 
        "id": "sg:person.013342563571.85", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013342563571.85"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Graz University of Technology, Graz, Austria", 
          "id": "http://www.grid.ac/institutes/grid.410413.3", 
          "name": [
            "Graz University of Technology, Graz, Austria"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Schl\u00e4ffer", 
        "givenName": "Martin", 
        "id": "sg:person.015166313415.52", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015166313415.52"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2014-11-29", 
    "datePublishedReg": "2014-11-29", 
    "description": "We present collisions for a version of SHA-1 with modified constants, where the colliding payloads are valid binary files. Examples\u00a0are given of colliding executables, archives, and images. Our malicious SHA-1 instances have round constants that differ from the original ones in only 40 bits (on average). Modified versions of cryptographic standards are typically used on closed systems (e.g., in pay-TV, media and gaming platforms) and aim to differentiate cryptographic components across customers or services. Our proof-of-concept thus demonstrates the exploitability of custom SHA-1 versions for malicious purposes, such as the injection of user surveillance features. To encourage further research on such malicious hash functions, we propose definitions of malicious hash functions and of associated security notions.", 
    "editor": [
      {
        "familyName": "Joux", 
        "givenName": "Antoine", 
        "type": "Person"
      }, 
      {
        "familyName": "Youssef", 
        "givenName": "Amr", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-319-13051-4_1", 
    "inLanguage": "en", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-319-13050-7", 
        "978-3-319-13051-4"
      ], 
      "name": "Selected Areas in Cryptography -- SAC 2014", 
      "type": "Book"
    }, 
    "keywords": [
      "hash function", 
      "SHA-1", 
      "malicious purposes", 
      "cryptographic components", 
      "cryptographic standards", 
      "surveillance features", 
      "security notions", 
      "binary files", 
      "round constants", 
      "original one", 
      "executables", 
      "version", 
      "files", 
      "customers", 
      "exploitability", 
      "images", 
      "bits", 
      "services", 
      "instances", 
      "payload", 
      "archives", 
      "proof", 
      "system", 
      "features", 
      "concept", 
      "example", 
      "standards", 
      "definition", 
      "variants", 
      "notion", 
      "research", 
      "one", 
      "collisions", 
      "function", 
      "further research", 
      "purpose", 
      "components", 
      "closed system", 
      "constants", 
      "injection"
    ], 
    "name": "Malicious Hashing: Eve\u2019s Variant of SHA-1", 
    "pagination": "1-19", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1048127163"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-319-13051-4_1"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-319-13051-4_1", 
      "https://app.dimensions.ai/details/publication/pub.1048127163"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-06-01T22:30", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220601/entities/gbq_results/chapter/chapter_251.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-319-13051-4_1"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-13051-4_1'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-13051-4_1'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-13051-4_1'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-13051-4_1'


 

This table displays all metadata directly associated to this object as RDF triples.

138 TRIPLES      23 PREDICATES      65 URIs      58 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-319-13051-4_1 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N26e463ed7b2249f281b7b148f4b89290
4 schema:datePublished 2014-11-29
5 schema:datePublishedReg 2014-11-29
6 schema:description We present collisions for a version of SHA-1 with modified constants, where the colliding payloads are valid binary files. Examples are given of colliding executables, archives, and images. Our malicious SHA-1 instances have round constants that differ from the original ones in only 40 bits (on average). Modified versions of cryptographic standards are typically used on closed systems (e.g., in pay-TV, media and gaming platforms) and aim to differentiate cryptographic components across customers or services. Our proof-of-concept thus demonstrates the exploitability of custom SHA-1 versions for malicious purposes, such as the injection of user surveillance features. To encourage further research on such malicious hash functions, we propose definitions of malicious hash functions and of associated security notions.
7 schema:editor N3245a3f33a504c67a70b3059364e05ff
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree true
11 schema:isPartOf Nb561957490684de6baea79f5665c4ef5
12 schema:keywords SHA-1
13 archives
14 binary files
15 bits
16 closed system
17 collisions
18 components
19 concept
20 constants
21 cryptographic components
22 cryptographic standards
23 customers
24 definition
25 example
26 executables
27 exploitability
28 features
29 files
30 function
31 further research
32 hash function
33 images
34 injection
35 instances
36 malicious purposes
37 notion
38 one
39 original one
40 payload
41 proof
42 purpose
43 research
44 round constants
45 security notions
46 services
47 standards
48 surveillance features
49 system
50 variants
51 version
52 schema:name Malicious Hashing: Eve’s Variant of SHA-1
53 schema:pagination 1-19
54 schema:productId N0d39cb109cb54a9195e7f5a5d0e7d357
55 Ne572f53105794b42abe2c703e7574895
56 schema:publisher N3eca8f5241ca48b0a3ac8a018875c04c
57 schema:sameAs https://app.dimensions.ai/details/publication/pub.1048127163
58 https://doi.org/10.1007/978-3-319-13051-4_1
59 schema:sdDatePublished 2022-06-01T22:30
60 schema:sdLicense https://scigraph.springernature.com/explorer/license/
61 schema:sdPublisher Ne0f2874dfd7d444d9d6678e5e24fd680
62 schema:url https://doi.org/10.1007/978-3-319-13051-4_1
63 sgo:license sg:explorer/license/
64 sgo:sdDataset chapters
65 rdf:type schema:Chapter
66 N0d39cb109cb54a9195e7f5a5d0e7d357 schema:name doi
67 schema:value 10.1007/978-3-319-13051-4_1
68 rdf:type schema:PropertyValue
69 N26e463ed7b2249f281b7b148f4b89290 rdf:first sg:person.011775146371.60
70 rdf:rest Ndec7144cc3fa412cb687add70132dd3f
71 N3245a3f33a504c67a70b3059364e05ff rdf:first Nd836917936114bb49a1b315bc9e51c6f
72 rdf:rest N713f73695f034cffac4ad28dde5bc135
73 N3eca8f5241ca48b0a3ac8a018875c04c schema:name Springer Nature
74 rdf:type schema:Organisation
75 N713f73695f034cffac4ad28dde5bc135 rdf:first N9f4e9df5963d4e5782fc17c351cc2645
76 rdf:rest rdf:nil
77 N9f4e9df5963d4e5782fc17c351cc2645 schema:familyName Youssef
78 schema:givenName Amr
79 rdf:type schema:Person
80 Nb561957490684de6baea79f5665c4ef5 schema:isbn 978-3-319-13050-7
81 978-3-319-13051-4
82 schema:name Selected Areas in Cryptography -- SAC 2014
83 rdf:type schema:Book
84 Nc4e2dcea7ac245429f0c332397e98037 rdf:first sg:person.015166313415.52
85 rdf:rest rdf:nil
86 Nd836917936114bb49a1b315bc9e51c6f schema:familyName Joux
87 schema:givenName Antoine
88 rdf:type schema:Person
89 Ndec7144cc3fa412cb687add70132dd3f rdf:first sg:person.012606440341.66
90 rdf:rest Nf869196e4c1249a18692a9865cfe41ac
91 Ne0f2874dfd7d444d9d6678e5e24fd680 schema:name Springer Nature - SN SciGraph project
92 rdf:type schema:Organization
93 Ne572f53105794b42abe2c703e7574895 schema:name dimensions_id
94 schema:value pub.1048127163
95 rdf:type schema:PropertyValue
96 Nead35398ae5a4eee89ac2d23a0c32934 rdf:first sg:person.013342563571.85
97 rdf:rest Nc4e2dcea7ac245429f0c332397e98037
98 Nf869196e4c1249a18692a9865cfe41ac rdf:first sg:person.014606337775.51
99 rdf:rest Nead35398ae5a4eee89ac2d23a0c32934
100 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
101 schema:name Information and Computing Sciences
102 rdf:type schema:DefinedTerm
103 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
104 schema:name Data Format
105 rdf:type schema:DefinedTerm
106 sg:person.011775146371.60 schema:affiliation grid-institutes:None
107 schema:familyName Albertini
108 schema:givenName Ange
109 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011775146371.60
110 rdf:type schema:Person
111 sg:person.012606440341.66 schema:affiliation grid-institutes:None
112 schema:familyName Aumasson
113 schema:givenName Jean-Philippe
114 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012606440341.66
115 rdf:type schema:Person
116 sg:person.013342563571.85 schema:affiliation grid-institutes:grid.410413.3
117 schema:familyName Mendel
118 schema:givenName Florian
119 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013342563571.85
120 rdf:type schema:Person
121 sg:person.014606337775.51 schema:affiliation grid-institutes:grid.410413.3
122 schema:familyName Eichlseder
123 schema:givenName Maria
124 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014606337775.51
125 rdf:type schema:Person
126 sg:person.015166313415.52 schema:affiliation grid-institutes:grid.410413.3
127 schema:familyName Schläffer
128 schema:givenName Martin
129 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015166313415.52
130 rdf:type schema:Person
131 grid-institutes:None schema:alternateName Corkami, Ravensburg, Germany
132 Kudelski Security, Cheseaux-sur-Lausanne, Switzerland
133 schema:name Corkami, Ravensburg, Germany
134 Kudelski Security, Cheseaux-sur-Lausanne, Switzerland
135 rdf:type schema:Organization
136 grid-institutes:grid.410413.3 schema:alternateName Graz University of Technology, Graz, Austria
137 schema:name Graz University of Technology, Graz, Austria
138 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...