Malicious Hashing: Eve's Variant of SHA-1

Ange Albertini; Jean-Philippe Aumasson; Maria Eichlseder; Florian Mendel; Martin Schläffer

doi:10.1007/978-3-319-13051-4_1

Malicious Hashing: Eve's Variant of SHA-1

Ange Albertini, Jean-Philippe Aumasson, Maria Eichlseder^*, Florian Mendel, Martin Schläffer

^*Korrespondierende/r Autor/-in für diese Arbeit

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

We present collisions for a version of SHA-1 with modified constants, where the colliding payloads are valid binary files. Examples are given of colliding executables, archives, and images. Our malicious SHA-1 instances have round constants that differ from the original ones in only 40 bits (on average). Modified versions of cryptographic standards are typically used on closed systems (e.g., in pay-TV, media and gaming platforms) and aim to differentiate cryptographic components across customers or services. Our proof-of-concept thus demonstrates the exploitability of custom SHA-1 versions for malicious purposes, such as the injection of user surveillance features. To encourage further research on such malicious hash functions, we propose definitions of malicious hash functions and of associated security notions.

Originalsprache	englisch
Titel	Selected Areas in Cryptography
Redakteure/-innen	Antoine Joux
Herausgeber (Verlag)	Springer
Seiten	1-19
Band	8781
DOIs	https://doi.org/10.1007/978-3-319-13051-4_1
Publikationsstatus	Veröffentlicht - 2014
Veranstaltung	21st International Workshop on Selected Areas in Cryptography: SAC 2014 - Montreal, Kanada Dauer: 14 Aug. 2014 → 15 Aug. 2014

Publikationsreihe

Name	Lecture Notes in Computer Science
Herausgeber (Verlag)	Springer
Band	8781

Konferenz

Konferenz	21st International Workshop on Selected Areas in Cryptography
Land/Gebiet	Kanada
Ort	Montreal
Zeitraum	14/08/14 → 15/08/14

Fields of Expertise

Information, Communication & Computing

Treatment code (Nähere Zuordnung)

Basic - Fundamental (Grundlagenforschung)

Zugriff auf Dokument

10.1007/978-3-319-13051-4_1

SePAG - Secure Privacy-Aware Solutions for Smart Grids
Mendel, F., Plos, T., Schmidt, J., Kirschbaum, M. & Posch, R.
1/07/12 → 30/09/14
Projekt: Forschungsprojekt
Cryptography
Schläffer, M., Oswald, M. E., Lipp, P., Dobraunig, C. E., Mendel, F., Eichlseder, M., Nad, T., Posch, R., Lamberger, M., Rijmen, V. & Rechberger, C.
1/01/95 → 31/01/19
Projekt: Arbeitsgebiet

Dieses zitieren

Albertini, A, Aumasson, J-P, Eichlseder, M, Mendel, F & Schläffer, M 2014, Malicious Hashing: Eve's Variant of SHA-1. in A Joux (Hrsg.), Selected Areas in Cryptography. Bd. 8781, Lecture Notes in Computer Science, Bd. 8781, Springer, S. 1-19, 21st International Workshop on Selected Areas in Cryptography, Montreal, Kanada, 14/08/14. https://doi.org/10.1007/978-3-319-13051-4_1

@inproceedings{c4718834464d4e26875227bff849cd39,

title = "Malicious Hashing: Eve's Variant of SHA-1",

abstract = "We present collisions for a version of SHA-1 with modified constants, where the colliding payloads are valid binary files. Examples are given of colliding executables, archives, and images. Our malicious SHA-1 instances have round constants that differ from the original ones in only 40 bits (on average). Modified versions of cryptographic standards are typically used on closed systems (e.g., in pay-TV, media and gaming platforms) and aim to differentiate cryptographic components across customers or services. Our proof-of-concept thus demonstrates the exploitability of custom SHA-1 versions for malicious purposes, such as the injection of user surveillance features. To encourage further research on such malicious hash functions, we propose definitions of malicious hash functions and of associated security notions.",

author = "Ange Albertini and Jean-Philippe Aumasson and Maria Eichlseder and Florian Mendel and Martin Schl{\"a}ffer",

year = "2014",

doi = "10.1007/978-3-319-13051-4_1",

language = "English",

volume = "8781",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "1--19",

editor = "Antoine Joux",

booktitle = "Selected Areas in Cryptography",

note = "International Workshop on Selected Areas in Cryptography : SAC 2014 ; Conference date: 14-08-2014 Through 15-08-2014",

}

TY - GEN

T1 - Malicious Hashing: Eve's Variant of SHA-1

AU - Albertini, Ange

AU - Aumasson, Jean-Philippe

AU - Eichlseder, Maria

AU - Mendel, Florian

AU - Schläffer, Martin

PY - 2014

Y1 - 2014

N2 - We present collisions for a version of SHA-1 with modified constants, where the colliding payloads are valid binary files. Examples are given of colliding executables, archives, and images. Our malicious SHA-1 instances have round constants that differ from the original ones in only 40 bits (on average). Modified versions of cryptographic standards are typically used on closed systems (e.g., in pay-TV, media and gaming platforms) and aim to differentiate cryptographic components across customers or services. Our proof-of-concept thus demonstrates the exploitability of custom SHA-1 versions for malicious purposes, such as the injection of user surveillance features. To encourage further research on such malicious hash functions, we propose definitions of malicious hash functions and of associated security notions.

AB - We present collisions for a version of SHA-1 with modified constants, where the colliding payloads are valid binary files. Examples are given of colliding executables, archives, and images. Our malicious SHA-1 instances have round constants that differ from the original ones in only 40 bits (on average). Modified versions of cryptographic standards are typically used on closed systems (e.g., in pay-TV, media and gaming platforms) and aim to differentiate cryptographic components across customers or services. Our proof-of-concept thus demonstrates the exploitability of custom SHA-1 versions for malicious purposes, such as the injection of user surveillance features. To encourage further research on such malicious hash functions, we propose definitions of malicious hash functions and of associated security notions.

U2 - 10.1007/978-3-319-13051-4_1

DO - 10.1007/978-3-319-13051-4_1

M3 - Conference paper

VL - 8781

T3 - Lecture Notes in Computer Science

SP - 1

EP - 19

BT - Selected Areas in Cryptography

A2 - Joux, Antoine

PB - Springer

T2 - International Workshop on Selected Areas in Cryptography

Y2 - 14 August 2014 through 15 August 2014

ER -

Malicious Hashing: Eve's Variant of SHA-1

Abstract

Publikationsreihe

Konferenz

Fields of Expertise

Treatment code (Nähere Zuordnung)

Zugriff auf Dokument

Fingerprint

Projekte

SePAG - Secure Privacy-Aware Solutions for Smart Grids

Cryptography

Dieses zitieren