Deploying a New Hash Algorithm

The strength of hash functions such as MD5 and SHA-1 has been called into question as a result of recent discoveries. Regardless of whether or not it is necessary to move away from those now, it is clear that it will be necessary to do so in the not-too-distant future. This poses a number of challenges, especially for certificate-based protocols . We analyze a number of protocols, including S/MIME and TLS. All require protocol or implementation changes. We explain the necessary changes, show how the conversion can be done, and list what measures should be taken immediately.

[1]  Hans Dobbertin Cryptanalysis of MD4 , 1996, FSE.

[2]  Cheryl Madson,et al.  The Use of HMAC-MD5-96 within ESP and AH , 1998, RFC.

[3]  Cheryl Madson,et al.  The ESP DES-CBC Cipher Algorithm With Explicit IV , 1998, RFC.

[4]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[5]  Michael C. Richardson,et al.  Opportunistic Encryption using the Internet Key Exchange (IKE) , 2005, RFC.

[6]  John C. Klensin,et al.  Simple Mail Transfer Protocol , 2001, RFC.

[7]  R. Asokan,et al.  Digital signatures and electronic documents: a cautionary tale , 2002, Communications and Multimedia Security.

[8]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[9]  Paul E. Hoffman,et al.  The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE) , 2004, RFC.

[10]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[11]  Hovav Shacham,et al.  Client-side caching for TLS , 2004, TSEC.

[12]  Air Force Air Force Materiel Command Hq FIPS-PUB-180-1 , 1995 .

[13]  Eugene H. Spafford,et al.  Writing, supporting, and evaluating tripwire: a publically available security tool , 1994 .

[14]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[15]  Tim Wright,et al.  Transport Layer Security (TLS) Extensions , 2003, RFC.

[16]  Xiaoyun Wang,et al.  Colliding X.509 Certificates , 2005, IACR Cryptol. ePrint Arch..

[17]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[18]  Hugo Krawczyk,et al.  SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[19]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[20]  Eli Biham,et al.  TIGER: A Fast New Hash Function , 1996, FSE.

[21]  Charlie Kaufman,et al.  Internet Key Exchange (IKEv2) Protocol , 2005, RFC.

[22]  Tatu Ylonen,et al.  SSH: secure login connections over the internet , 1996 .

[23]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[24]  Blake Ramsdell,et al.  Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification , 2004, RFC.

[25]  Russ Housley,et al.  Cryptographic Message Syntax (CMS) , 2002, RFC.

[26]  Eugene H. Spafford,et al.  The design and implementation of tripwire: a file system integrity checker , 1994, CCS '94.

[27]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[28]  Cheryl Madson,et al.  The Use of HMAC-SHA-1-96 within ESP and AH , 1998, RFC.

[29]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.

[30]  Antoine Joux,et al.  Collisions of SHA-0 and Reduced SHA-1 , 2005, EUROCRYPT.

[31]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[32]  Eric Rescorla,et al.  HTTP Over TLS , 2000, RFC.

[33]  Jon Callas,et al.  OpenPGP Message Format , 1998, RFC.

[34]  Audun Jøsang,et al.  What You See is Not Always What You Sign , 2002 .

[35]  권태경,et al.  SSL Protocol 기반의 서버인증 , 2003 .

[36]  Hugo Krawczyk,et al.  Strengthening Digital Signatures Via Randomized Hashing , 2006, CRYPTO.

[37]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[38]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[39]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[40]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[41]  Eric Rescorla,et al.  Diffie-Hellman Key Agreement Method , 1999, RFC.

[42]  B. Hanlon DEPARTMENT OF COMMERCE , 2004 .

[43]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[44]  Eugene H. Spafford,et al.  Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection , 1994 .

[45]  Hans Dobbertin,et al.  The First Two Rounds of MD4 are Not One-Way , 1998, FSE.

[46]  Blake Ramsdell Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Certificate Handling , 2004, RFC.

[47]  David M. Kristol,et al.  HTTP State Management Mechanism , 1997, RFC.

[48]  Jakob Jonsson,et al.  Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 , 2003, RFC.