What is Secure Hash Algorithm (SHA) in Network Security

April 7, 2018 Author: munishmishra04_3od47tgp
Print Friendly, PDF & Email

Cryptographic hash functions cannot be thought of outside mathematics. Cryptographic hash functions are a valuable tool in cryptography. They are applied in many areas of information security to provide protection of the authenticity of messages; data integrity verification which prevents modification of data from going undetected, time stamping and digital signature scheme. The hash functions that are used in various security related applications are called cryptographic hash functions. Secure Hashing Algorithms, also known as SHA, are a family of cryptographic functions designed to keep data secured.



Overview of SHA

The SHA i.e. Secure Hash Algorithm is basically based on the concept of hash function. The basic idea of a hash function is that it takes a variable length message as input and produces a fixed length message as output which can also be called as hash or message-digest. The trick behind building a good, secured cryptographic hash function is to devise a good compression function in which each input bit affects as many output bits as possible.

In computer cryptography, a popular message compress standard is utilized known as Secure Hash Algorithm (SHA). Its enhanced version is called SHA-1. It has the ability to compress a fairly lengthy message and create a short message abstract in response.  The algorithm can be utilized along various protocols to ensure security of the applied algorithm, particularly for Digital Signature Standard (DSS).

Family of Secure Hash Function (SHA)

Family of SHA comprise of four SHA algorithms; SHA-0, SHA-1, SHA-2, and SHA-3. Though from same family, there are structurally different.

  • The original version is SHA-0, a 160-bit hash function, was published by the National Institute of Standards and Technology (NIST) in 1993. It had few weaknesses and did not become very popular. Later in 1995, SHA-1 was designed to correct alleged weaknesses of SHA-0.
  • SHA-1 is the most widely used of the existing SHA hash functions. It is employed in several widely used applications and protocols including Secure Socket Layer (SSL) security.
  • In 2005, a method was found for uncovering collisions for SHA-1 within practical time frame making long-term employability of SHA-1 doubtful.
  • SHA-2 family has four further SHA variants, SHA-224, SHA-256, SHA-384, and SHA-512 depending up on number of bits in their hash value. No successful attacks have yet been reported on SHA-2 hash function.
  • Though SHA-2 is a strong hash function. Though significantly different, its basic design is still follows design of SHA-1. Hence, NIST called for new competitive hash function designs.
  • In October 2012, the NIST chose the Keccak algorithm as the new SHA-3 standard. Keccak offers many benefits, such as efficient performance and good resistance for attacks




SHA-1 Algorithm Explanation

Here we are giving description using SHA-1 Algorithm.

Secure Hashing Algorithm 1, or SHA-1, was developed in 1993 by the U.S. government Standards Agency National Institute of Standards and Technology (NIST). It is widely used in security applications and protocols, including TLS, SSL, PGP, SSH, IPsec, and S/MIME.

SHA-1 works by feeding a message as a bit string of length less than bits, and producing a 160-bit hash value known as a message digest. Note that the message below is represented in hexadecimal notation for compactness.

There are two methods to encrypt messages using SHA-1. Although one of the methods saves the processing of sixty four 32-bit words, it is more complex and time consuming to execute, so the simple method is shown in the example below. At the end of the execution, the algorithm outputs blocks of 16 words, where each word is made up of 16 bits, for a total of 256 bits.

SHA 1

 
One Iteration within SHA-1 Compression Function:

A, B, C, D and E are the 32-bit words of state;

F is a non-linear function that varies;

\( <<<_n \)​Denotes left bit rotation by n places;

\( n \)​Varies for each operation;

\( W_t \)​ = is the expanded message word for round t;

\( K_t \)​ = is the round constant of round t;

Denotes addition modulo 232

 

  • It works for any input message that is less than 264 bits.
  • The output of SHA is a message digest of 160 bits in length.
  • This is designed to be computationally infeasible to:

1. Obtain the original message, given its message digest

2. Find two messages producing the same message digest.

How SHA-1 works?

Step 1: Padding of Bits

Step 2: Append Length

Step 3: Divide the input into 512-bit blocks

Step 4:  Initialize chaining variables

Step 5: Process Blocks- Now the actual algorithm begins….

  1. Copy chaining variables A-E into variables a-e.
  2. Divide current 512-bit block into 16 sub-blocks of 32-bits.
  3. SHA has 4 rounds, each consisting of 20 steps.

Each round takes 3 inputs-

a. 512-bit block,

b. The register abcde

c. A constant K[t] (where t= 0 to 79)

4. SHA has a total of 80 iterations (4 rounds X 20 -iterations). Each iteration consists of following operations:-

\[ abcde = ( e +Process P + S^5(a) + W[t] + K[t] ),a,S^{30}(b) ,c ,d \]

Where,

\( abcde \)​= The register made up of 5 variables a, b, c, d, e.

Process P = the logic operation.

\( S^t \)​= Circular-left shift of 32-bit sub-block by t bits.

\( W[t] \)​= A 32-bit derived from the current 32-bit sub-block.

\( K[t] \)​= One of the five additive constants

Process P in each SHA round

The values of W[t] are calculated as follows:

For the first 16 words of W (i.e. t=0 to 15), the contents of the input message sub-block M[t] become the contents of W[t].

For the remaining 64 values of W are derived using the equation

\[ W[t] = S^1 ( W[t-16] XOR W[t-14] XOR W[t-8] XOR W[t-3]) \]




​References

[1] Richa Purohit (Arya), Upendra Mishra and Abhay Bansal, “A Survey on Recent Cryptographic Hash Function Designs”, International Journal of Emerging Trends & Technology in Computer Scienec, Volume 2, Issue 1, January – February 2013

[2] “Exploring SHA-1 (Secure Hash Algorithm)”, Rapid7 Blog, available online at: https://blog.rapid7.com/2017/07/28/exploring-sha-1-secure-hash-algorithm/

[3] “Cryptography Hash functions”, available online at: https://www.tutorialspoint.com/cryptography/cryptography_hash_functions.htm

[4] Nathan Landman, Eli Ross, and Christopher Williams, “Secure Hashing Algorithms”, available online at:  https://brilliant.org/wiki/secure-hashing-algorithms/

[5] Vishakha Agarwal, “Secure Hash Algorithm”, available online at: https://www.slideshare.net/VishakhaAgarwal4/secure-hash-algorithm

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Insert math as
Block
Inline
Additional settings
Formula color
Text color
#333333
Type math using LaTeX
Preview
\({}\)
Nothing to preview
Insert