Browsing by Subject "Cryptanalysis"

Hashing is a one-way encryption method that can be used for data integrity verification, for example, in digital signature systems. The Ssdeep algorithm is a classic context-triggered piecewise hashing function that is commonly used for similarity file check. The input is divided into separate block segments for the signature generation so that the modification of some parts only makes a difference to certain bytes of the signature. This characteristic makes it one of the most popular fuzzy hash algorithms for detecting similar information. Nevertheless, the cryptanalysis of the Ssdeep is missing in previous research. Therefore, in this thesis, we propose collision attack methods based on such vulnerabilities to test the feasibility of using two different inputs to obtain the same signature. Specifically, our objective is to let the attacker add custom comments to a code file, so that the output signature is identical to a previously acknowledge signature by the target system using Ssdeep. In our work, we identify the vulnerabilities in the traditional hash and the rolling hash in the Ssdeep calculation. We further name three useful elements, the reset string, the matching character, and the trigger string, to control the Ssdeep process. Specifically for finding the matching character, we use brute force and modular multiplicative inverse numbers, based on which we further propose two implementation versions: coarse-grained and fine-grained differed in the number of potential solution states. Additionally, we investigate the block size, a parameter which is dependent on the file content length, so that the proposed attack methods can work under various realistic scenarios. We test our work by comprehensive experiments, and the results verify the effectiveness of our methods in collision attacks on the Ssdeep algorithm. Our work gives thoughtful insights into the breaking of data integrity in other fuzzy and context-triggered piecewise hashing algorithms.