Data security: A problem in search of a mathematical theory
The need for security in electronic communications is crucial in todays world. The foundation for providing this security rests on mathematics. In particular, a certain kind of mathematical function called a “hash function” is central in the design of cryptographic systems that protect electronic communications. But recently the most secure hash function in use today was shown to be vulnerable to attack. An article in the upcoming issue of the Notices of the AMS describes these attacks and sends out a call for a new mathematical theory to undergird future communications security systems.
A hash function is an easy-to-compute compression function that takes as input any string of computer bits and distills that string down to a fixed-length output string: Whether the input is an 8-character password or a 100-page document, the hash function outputs a string of a fixed length. An important feature of hash functions is that they must be hard—or at least computationally too expensive—to invert. So, for example, it should be hard, given the hash of a password, to recover the password itself.
One researcher calls hash functions the “duct tape” of cryptography because they are used everywhere for many different purposes: to authenticate messages, to ascertain software integrity, to create one-time passwords, and to support Internet communication protocols. The very ubiquity of hash functions makes any vulnerability found in them a widespread concern.
SHA-1 is a secure hash algorithm (that is, a computer algorithm based on a hash function) that is the government standard and is very widely used; it was developed by the National Security Agency. Other older and even less secure hash algorithms are still in use in many applications. Cryptographers were already concerned about vulnerabilities that had been exposed in those older algorithms. But they were astonished when, at a cryptography meeting in 2005, researchers announced that they had found a way to attack SHA-1 in far fewer steps than was previously known.
For now, SHA-1 is still safe; the method announced by the researchers would take a huge amount of computational time and resources, and it is not clear how this would be carried out. But such attacks always grow more sophisticated, so cryptographers would like to replace SHA-1 as soon as possible. The NSA has a series of hash algorithms, beginning with SHA-256, that are secure; the issue is how to deploy them throughout the infrastructure.
In her Notices article “Find Me a Hash”, Susan Landau describes these developments and the nature of the new vulnerability of SHA-1. Her central point is that the mathematical theory of hash functions needs much more development before researchers can come up with more secure hash algorithms for tomorrows applications.
Media Contact
More Information:
http://www.ams.orgAll latest news from the category: Information Technology
Here you can find a summary of innovations in the fields of information and data processing and up-to-date developments on IT equipment and hardware.
This area covers topics such as IT services, IT architectures, IT management and telecommunications.
Newest articles
Compact LCOS Microdisplay with Fast CMOS Backplane
…for High-Speed Light Modulation. Researchers from the Fraunhofer Institute for Photonic Microsystems IPMS, in collaboration with HOLOEYE Photonics AG, have developed a compact LCOS microdisplay with high refresh rates that…
New perspectives for material detection
CRC MARIE enters third funding period: A major success for terahertz research: Scientists at the University of Duisburg-Essen and the Ruhr University Bochum have been researching mobile material detection since…
CD Laboratory at TU Graz Researches New Semiconductor Materials
Using energy- and resource-saving methods, a research team at the Institute of Inorganic Chemistry at TU Graz aims to produce high-quality doped silicon layers for the electronics and solar industries….