Comparative Analysis of Cryptographic Hash Algorithms

Abstract

Cloud is the on-demand availability for data storage management in large-scale companies and even for government sites where the data should be highly confidential. Here, data security plays an equivalent role to data storage. Cloud security is a collection of security measures that are designed to protect cloud-based infrastructure, data, and applications. The level of cloud security differs based on the type of cloud services. Cloud security protects the cloud environment from several attacks like distributed denial of attack, and malware, and prevents unauthorized user access. A crucial component of cloud security in large-scale organizations and for the government is focused on protecting the business contents like customer details, secret design documents, financial records, etc.

Introduction

I. INTRODUCTION

Cloud computing is a group of servers that allows users to store data in servers with the help of the Internet. The main        advantages of cloud computing are users can store data without the help of separate hardware devices like SD cards, internal storage of any devices, and also users need not be in the same location while sharing data, whereas if it was internal storage physical presence of users is must for sharing or accessing the data. Apart from the advantages and goodness of cloud computing, data security becomes a bigger issue because all the data are stored in a platform that the user is not directly controlled or monitored. A cloud service is said to be secured only when it fulfills three conditions: Availability, Confidentiality, and Integrity. Availability means the user can access the data at any time and anywhere; Confidentiality means the data should be prevented from unauthorized people; Integrity means data received by the user should be in the same form as the user sends it. This paper discusses the performance analysis of the Message Digest 5 Algorithm (MD5) and Security Hash Algorithm (SHA), where both are cryptographic hash algorithms. Cloud security is done by the cryptography technique which converts data from readable form to unreadable form during the storage or transmission of data. The unreadable data is called ciphertext.

ENCRYPTION: Plain text à Ciphertext

DECRYPTION: Ciphertext à Plain text

II. MESSAGE DIGEST 5 ALGORITHM

MD5 is a cryptographic hash algorithm that creates a 128-bit string value from an arbitrary length string. An MD5 file is a checksum file used to verify cloud data integrity. The checksum value is created from an algorithm based on the number of bits in the file. The final output obtained from the Message Digest 5 algorithm is called Message Digest Data.

A. Appending Padding Bits

The process of adding extra bits to the original message at the end is called padding. In the MD5 algorithm, the data must be processed in 512-bit message blocks. So, if the length of the message is less than 512-bits, padding is done to the original message so that the length is 64 bits less than the exact multiple of 512 until its length becomes equal to 448 mod 512 and the bits are appended to the original plain text.

B. Dividing

In this process, the messages are divided into n number of 512-bit sub-blocks where the messages will be in the exact multiple of 512.

C. Initialising MD Buffers

Four chaining variables namely A, B, C, and D are initialized where the length of each chaining variable is 32 bits and a total of 128 bits. These initialized chaining variables are used to process the data and to store the Message Digest (final output).

D. Processing

All the divided 512-bit sub-blocks are processed using pre-initialized MD buffers. Next, the 512 bits sub-blocks should be divided further into 16-32 blocks, which means 16 blocks of each size are 32 bits.

Fig. 3 shows that the plain text block will initialize the buffers A, B, C, and D and was processed in four rounds. Each round has one logical function, 16 constants, and a part of a plain text block. Totally 64 steps are done for four rounds. After the fourth round, the initial values of buffers will be in addition modulo with the output of processed buffers and that is called the Message Digest. If need to proceed with the next block, the output of this block is given as input for the next block.

III. SECURITY HASH 512 ALGORITHM

Security Hash algorithm is a modified version of the Message-Digest5 algorithm where the block size in MD5 is 128bits and the block size in SHA is 160-bits because of 4 buffers and 5 buffers respectively (Each of size 32 bits). There are several forms of SHA Algorithms that are determined by the size of the output.

128-bit à SHA1 algorithm, 256-bit à SHA 256 algorithm, 512-bit à SHA 512 algorithm

A. Padding bits

The process of adding extra bits to the original message at the end is called padding. Pad the bits 1 followed by 0s (1000….) so that the length of the original plain text is 128 bits less than the multiple of 1024 bits.

B. Appending 128 bits

Append a 128-bit representation to the original plain text, so that the length of the original plain text is equal to the exact multiple of 1024 bits.

C. Initialising Buffers

Eight buffers are initialized namely A, B, C, D, E, F, G, and H where the length of each buffer is 64 bits and a total of 512 bits. These buffers are initialized in hexadecimal format. These buffers store intermediate and final output, known as results after each step and final hash code.

D. Processing

Each block of plain text is processed in 80 rounds. In each round, there three inputs given for processing: they are, a block of plain text, eight initialized buffers, and a constant variable.

Fig.5 clearly shows that the plain text block will initialize the buffers A, B, C, D, E, F, G, and H and was processed in 80 rounds. After the last round, the initial values of buffers will be in addition modulo with the output of processed buffers and that is called the hash value.

The following formula along with its respective logical functions works using buffers and plain texts are used in each round of the process:

Once the process is done for this block, then the output of this block is sent to the next block and acts as an input for that particular block. At the end of all blocks, the received output is the final output of the SHA 512 algorithm which is known as hash code.

IV. COMPARATIVE ANALYSIS

A. Comparison between SHA algorithms

VI. FUTURE ENHANCEMENTS

Technology always grows rapidly, in both software and hardware fields. As any technology becomes outdated, it automatically gets failed to sustain in an environment. So, there should be always an update in any technology to keep overcoming the real-time problems and survive in the environment. For cloud security, the way and mode of attacks from the attackers are differing day by day which means the protection side should make their wall stronger. There are some ways to improve the protection skills of SHA algorithms which are to be discussed below:

A. Salted Hashes

Salting is the mechanism of adding random data to the input of a hash function which will produce a unique output, even when the inputs were the same. Salting hashes methods can protect our data from several types of cloud attacks like brute-force offline attacks, hash table attacks, etc…

However, there are certain limitations to protections provided by the salting method. If the attacker is hitting an online service or offline service with a credential stuffing attack, salts can able to protect data because the legitimate server is doing hashing process for offline data.

???????B. Keyed Hash Functions

Keyed hash functions are the functions that are part of cryptographic algorithms that create an authentication code based on both plain message and secret key which is to be shared between two endpoints. It is also known as HMAC – Hash Message Authentication Code. The message authentication code was keyed and hashed by using a cryptographic key and cryptographic function.

???????C. Adaptive Hash Functions

Adaptive hash functions are designed to iterations of inner workings and feed the output back as input in a manner that causes a longer time to execute. It is known for adaptive functions because it can adapt with any number of iterations. The most popular adaptive hash function is PBKDF2. Along with that, some encryption schemes are taken into consideration such as bcrypt.

???????

Conclusion

This paper is the analytical and comparative study of two cryptographic hash algorithms, namely MD5 and SHA512, which give 128bits and 160bits hash values of any input size. As the encryption process of the SHA512 algorithm involves maximum steps and buffers to encrypt data than the MD5 algorithm, the encryption of SHA512 is stronger than MD5. Also, the analytical study proved that the decryption of SHA512 becomes more difficult than MD5 which means SHA512 is secured and tough to break plain text.MD5 is no longer a secure way to store passwords and highly confidential data. Rather use SHA256 or SHA512 algorithms that provide better encryption and decryption techniques where breaking the plain text is almost impossible. If you still want to use MD5 algorithms to secure your database, just concatenate random strings such as b~/c1^12/*Nc along with the plain text where the process of concatenating random strings is called the salt method.

References

[1] Security_Analysis_of_MD5_Algorithm_in_Password_Sto.pdf [2] 23.AComparativeAnalysisofSHAandMD5Algorithm.pdf [3] jcssp.2020.1439.1450.pdf [4] https://www.synopsys.com/blogs/software-security/cryptographic-hash-functions/#:~:text=A%20cryptographic%20hash%20function%20is,used%20to%20verify%20the%20user. [5] file:///C:/Users/PARAMESH/Downloads/gowthampaper.pdf [6] https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/

Copyright

Copyright © 2022 Meena Preethi B, Parameshvar M. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.