Cryptography Reference
In-Depth Information
2. A hash function can be used to provide stronger data integrity if combined
with other security mechanisms. This can happen if, in particular, the hash
itself is protected by another security mechanism. In our above example the
security of the website might provide this assurance. Alternatively, the hash
could be sent over a secure channel to anyone requiring stronger data integrity
assurance.
To see what the most important security property is for this application, we
need to consider what type of attack we are trying to prevent. Our main concern
here is to prevent an attacker replacing the legitimate file with a corrupted file
(perhaps malware). While this could be prevented by thorough security checks
and processes on the file download site, it is reasonable to assume that these
preventative measures might not be possible in some application environments.
In order to successfully replace the file without being detected, an attacker must
attempt to find another file whose hash matches the one on the download site and
try to replace the link from Installer.exe to the corrupt code. One way of doing
this would be if the attacker supplied the download site with some genuine code
but then provided a link to the corrupt code for the site to point to. This would be
a process failure by the download site, but it could certainly happen. In this case
the attacker has some code and its hash, and tries to find a different piece of code
with the same hash. Thus the security property we need in order to prevent this is
second preimage resistance .
Neither of the other security properties are particularly relevant:
Preimage resistance . Since the executable code is not a secret, we are not
concerned about preimage resistance. In fact we want the preimage of a hash
to be known since the application requires this.
Collision resistance . Collisions are not meaningful in this application unless we
can find two pieces of codewith the same hash, one of which is potentially useful
and one of which is malicious. This seems very unlikely. It is really collisions
with respect to an already known piece of code that we are concerned with.
Such collisions are second preimages.
APPLICATION REQUIRING COLLISION RESISTANCE
The third application that we describe relates to the use of hash functions to
generate cryptographic commitments . These can be thought of as a type of 'binding
promise'. The example scenario that we consider involves two suppliers, Alice and
Bob, who wish to bid for a contract between their respective companies. Since they
are both internal bidders, they decide to negotiate between themselves and not
use a third party. In the physical world this situation could be resolved by sealing
bids in an envelope and simultaneously exchanging them. However, we need to
do this electronically and cannot assume that the messages are simultaneously
exchanged.
Clearly if Alice states, 'We can do the job for 7000 euros', she then hands the
initiative to Bob who could then undercut her and choose to bid 6999 euros.
 
Search WWH ::




Custom Search