41900 – Fundamentals of Security
Project – 2 (Week 8 – Week 12)
Fundamentals of Security代写 Compare hash from (4) to each hash value in array, if any match is found then exit and report the number of iterations used.
One-Way Property versus Collision-Free Property Fundamentals of Security代写
In this project you will investigate the difference between hash function’s two distinctive properties: one-way property and collision-free property. You are required to use the brute-force method to see how long it takes to break the hash generated using each of these properties. Instead of using openssl’s command-line tools, you are required to update the C programs provided to invoke the message digest functions in openssl’s crypto library. A sample code can be found at the following link, it would be helpful to familiarize with the sample code:
http://www.openssl.org/docs/crypto/EVP_DigestInit.html. Fundamentals of Security代写
Since most of the general hash functions are quite strong against the brute-force attack conducted on those two properties, it can take years to break them using brute-force. Hence, to make the task feasible we reduce the length of the hash value to 24 bits. You can use any one- way hash function, but only the first 24 bits of the hash value generated will be used in this task. As explained, we are using a modified one-way hash function.
“One-way” means that given a function output, you cannot find a matching input, except by trying many potential inputs and getting lucky. A collision is about finding two distinct inputs which yield the same output, without any predefined constraint on said output.
You must complete the code and run it to find out the following:
- Howmany trials it will take you to break the one-way property using the brute-force method? You should repeat your experiment for multiple times and report your average number of trials.
- How many trials it will take you to break the collision-free property using the brute-force method? Similarly, you should report the
- Based on your observation, which property is easier to break using the brute-forcemethod?
There are two skeleton programs i.e. oneway.c and collision.c provided foe this assignment. You aim is to complete the code, run it successfully and observe which property is easier to break using the brute-force method.
The character set to be used is as follows:
0123456789! \”#$%&'()*+ -/. ABCDEFGHIJKLMNOPQRSTUVWX YZabcdefghijklmnopqrstuvwxyz
1. Brute force one-way property break Fundamentals of Security代写
The program’s objective is to hit a “target” hash value by generating the hash for different strings and matching it with the target hash value.
The approach to generate strings and match them against a target is implemented as follows:
- Start with string length 1
- Generate all possible combinations of strings for current length using the character set, generate its hash and compare it with the target hash.
- If a match is found, the execution stops and reports the number of iterations used.
- Ifno match is found in all possible strings of current length, increment length by ‘1’ and go to step (2)
The brute force code is used in the one way property break program oneway.c to generate strings In a systematic manner, exhausting all possibilities for a given length (starting with 1), and incrementing the length if no match was found. You can refer to oneway.c program for 77 characters to be used for further processing in one way property.
The oneway.c should be executed a minimum of five times to find out the average number of tries required to match the target hash.
2. Bute force collision free property break
In the case of collision free property, there is no restriction on target hash. The approach followed in the collision.c program to break this property is as follows:
- Allocated an array for saving hashvalues
- Generate initial message (call itM)
- Find M’shash
- Generate random string and find itshash
- Compare hash from (4) to M’s hash, if a match is found then exit and report thenumber of iterations used. Fundamentals of Security代写
- Compare hash from (4) to each hash value in array, if any match is found then exit and report the number of iterations used.
- If no match is found, save the hash from (4) into the array and go to step(4)
To break the collision free property, you just need to find two messages with matching hash values. Matching the random string’s hash value to an initial hash as well as saved hash value (in the array) increases the probability of finding hash value with less number of iterations.
Execute the collision.c program five times to find the average number of iteration required.
Instructions for compiling and running the program: Fundamentals of Security代写
To compile:
$ gcc –o oneway oneway.c –lcrypto –ldl –std=c99
$ gcc –o collision collision.c –lcrypto –ldl –std=c99
To run the code:
$ ./oneway md5
$ ./collision md5
Marking Criteria:
Total Weightage: 20%
| Criteria | Incomplete Work | Partial Work | Full Work |
|
Program Completeness |
0 Points
Program Submitted without any changes |
4 Points
Program Modified, but missing certain components |
7 Points
Program contains all essential components. |
|
Program Functioning |
0 Points
Program does not compile / run |
3 Points
Program calculates ciphertext but can’t find a match |
5 Points
Program calculates ciphertext and finds a match |
|
Demo and Questionnaire |
0 Points
Unable to answer questions. |
4 Points
Able to partially answer the questions. |
8 Points
Able to answer all questions. |
