A review of collisions in cryptographic hash function used in digital forensic tools

Abstract Digital forensic tool is a software used by digital evidence investigators to extract data and information from a digital evidence. The integrity of the digital evidence must be maintained through the chain of custody in order to be admissible in court. Most digital extraction tool use either MD5 (Message Digest) or SHA (Secured Hash Algorithm) hashing to check the integrity of digital evidence. The hashing algorithm has been found to have a weakness known as collision in which two different messages have the same hashing values. Although the probability of producing such weakness is very small, this collision can be used to deny the usage of the evidence in court of justice. After the first collision has been found, many cryptanalysts have tried to explore various methods to detect the collisions with shorter and efficient time. This paper is to review the existing methods in digital forensic tools that have been used to create a collision attacks in digital evidence.

[1]  Hans Dobbertin Cryptanalysis of MD4 , 1996, FSE.

[2]  Marc Stevens,et al.  New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis , 2013, EUROCRYPT.

[3]  Oliver Popov,et al.  Evaluation of security methods for ensuring the integrity of digital evidence , 2011, 2011 International Conference on Innovations in Information Technology.

[4]  John Black,et al.  A Study of the MD5 Attacks: Insights and Improvements , 2006, FSE.

[5]  Thomas Peyrin,et al.  Practical Free-Start Collision Attacks on 76-step SHA-1 , 2015, CRYPTO.

[6]  Vlastimil Klíma Finding MD5 Collisions - a Toy For a Notebook , 2005, IACR Cryptol. ePrint Arch..

[7]  Kyoji Shibutani,et al.  Preimage Attacks on Reduced Tiger and SHA-2 , 2009, FSE.

[8]  Yu Sasaki,et al.  Preimage Attacks on One-Block MD4, 63-Step MD5 and More , 2009, Selected Areas in Cryptography.

[9]  Xiaowen Zhang,et al.  Finding partial hash collisions by brute force parallel programming , 2017, 2017 IEEE Long Island Systems, Applications and Technology Conference (LISAT).

[10]  Nickson M. Karie,et al.  Towards a framework for enhancing potential digital evidence presentation , 2013, 2013 Information Security for South Africa.

[11]  Antoon Bosselaers,et al.  An Attack on the Last Two Rounds of MD4 , 1991, CRYPTO.

[12]  Marc Stevens Single-block collision attack on MD5 , 2012, IACR Cryptol. ePrint Arch..

[13]  Frank Damm,et al.  Requirements for cryptographic hash functions , 1992, Comput. Secur..

[14]  Florian Mendel,et al.  Improving Local Collisions: New Attacks on Reduced SHA-256 , 2013, EUROCRYPT.

[15]  Jirí Tuma,et al.  Multi-block Collisions in Hash Functions Based on 3C and 3C+ Enhancements of the Merkle-Damgård Construction , 2006, ICISC.

[16]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[17]  Antoine Joux,et al.  Differential Collisions in SHA-0 , 1998, CRYPTO.

[18]  Dengguo Feng,et al.  Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD , 2004, IACR Cryptol. ePrint Arch..

[19]  Xuejia Lai,et al.  Improved Collision Attack on Hash Function MD5 , 2007, Journal of Computer Science and Technology.

[20]  Tao Xie,et al.  Fast Collision Attack on MD5 , 2013, IACR Cryptol. ePrint Arch..

[21]  William Millan,et al.  Constructing Secure Hash Functions by Enhancing Merkle-Damgård Construction , 2006, ACISP.

[22]  Anton A. Kuznetsov An algorithm for MD5 single-block collision attack using high-performance computing cluster , 2014, IACR Cryptol. ePrint Arch..

[23]  Mitsugu Iwamoto,et al.  Meet-in-the-middle preimage attacks revisited new results on MD5 and HAVAL , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[24]  Tao Xie,et al.  Construct MD5 Collisions Using Just A Single Block Of Message , 2010, IACR Cryptol. ePrint Arch..

[25]  Marc Stevens,et al.  Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities , 2007, EUROCRYPT.