Analysing current generation cryptographic techniques in securing a tamper correcting
application
Wayne Gartner
3rd September 2010
Introductions
• Wayne Gartner– Honours Student (2010)
• AsPro. Helen Ashman– Supervisor (Security Lab)
Outline of Presentation
• Abridged Background Story• Literature Review• Research Contributions• Methodologies• Results• Future Work
Background Story
• Current hash techniques can prove tampering has occurred– But can not fix the tampering
• Principle: Re-Instate tampered documents using pre-computed hashes– Implementing Binary or Quad Trees
Re-Instating Tampered Documents using pre-computed hashes
Works by breaking document into manageable pieces
Brute Force search for correct hash
Instead of looking for hash of entire document…– Look for the hash of the piece
Implementations include a character and a byte version
The Original Question
What are potential cryptographic techniques that can be implemented to secure the hash communication channel, without imposing unjustifiable overhead to the process?
Literature Summary – Tamper Correcting • Hash Trees:
– Ashman (2000); Moss & Ashman (2002); Williams & Emin Gun (2004)
• Tamper Correcting:– Hasan & Hassan (2007); Hassine
et al. (2009); Cong et al. (2008)
Literature Summary – Cryptography • Attacks:
– Giraud (2006); Ren-Junn et al. (2005); Aboud (2009)
• Implementations:– Chi-Fend et al. (2003); Liberatori et
al. (2007)
• Performance analysis:– Nadeem & Javed (2005); Yan &
Ming (2009)
Literature Summary – Cryptography • AES:
– Sanchez-Avilia & Sanchez-Reillol (2001)
• Blowfish:– Tingyuan & Teng (2009); Moussa
(2005)
• RSA:– Burnett & Paine (2001); Aboud et
al. (2008)
Literature Summary
• However, little published work has been done in:– Baselining a series of different
techniques under set variables– Comparing that data to a practical
implementation, and measuring assumed conclusions against actual results.
Research Contributions
• Test the Tamper Correcting prototype against different test criteria to determine strengths and challenges
• Baseline various different current generation cryptographic techniques under set conditions
• Merge the two streams of research, determining performance of both [Tamper correcting and cryptography] in a ‘real world’ application
Methodology
• Break testing into smaller cases– Isolate variables
• Cryptographic Technique• Key Size• Message Length• Binary or Quad Tree
• Each test runs 1,000 times– Mean, Median, High, Low,
Standard Deviation
Example Methodology
Purpose of Test: Determine performance speeds of Binary and Quad Tree implementations
Method: Run prototypes with input of the original document at the server side and the 20% tampered document on the client side.
Variables: Length of tampered document can be either 100, 1000 or 10,000 characters in length.
Constant: Document has been 20% Tampered
Results: Binary vs Quad Tree
0
200
400
600
800
1000
1200
1400
Tamper Degree
Quad Tree Binary Tree
Quad Tree 582.4512364 818.219442 948.3383437 997.3651745
Binary Tree 658.4599317 970.4891064 1094.092296 1145.247737
20% Tampered 50% Tampered 80% Tampered 100% Tampered
Results: Cryptographic Tests
Results: Cryptographic Tests
Results: Cryptographic Tests
Results: Application in action
Results: Application in action
Future Work
• Research Papers– Baselining of current generation
cryptographic techniques– Re-Instating tampered documents
using pre-computed hashes proof– Document Tampering as a
Stenographic technique
Future Work
• Performance Optimisation– Optimised performance of
sequential code– Run the code in parallel
(Distributed and Cloud computing)
• Visualisation Tool
Questions?