<span class="text_page_counter">Trang 1</span><div class="page_container" data-page="1">

<b> ASSIGNMENT 2 FRONT SHEET</b>

</div><span class="text_page_counter">Trang 3</span><div class="page_container" data-page="3">

<b>❒</b>

<b>Summative Feedback: </b>

<b>❒</b>

<b>Resubmission Feedback:</b>

<b>Lecturer Signature:</b>

</div><span class="text_page_counter">Trang 5</span><div class="page_container" data-page="5">

III. Proposed the algorithm... 7

IV. Result and analysis... 13

1. Proof and analyze the algorithm... 13

2. Discussions... 19

V. Conclusion... 20

REFERENCES... 21

Figure 1: The three tenets (Hughes and Cybenko, 2013)... 3

Figure 2: Hashing algorithm... 6

Figure 3: Brutal-Force attack... 7

Figure 4: SHA-256 flow diagram... 8

</div><span class="text_page_counter">Trang 7</span><div class="page_container" data-page="7">

According to Philip Agre, the public's level of worry about the collection and use of personallyidentifiable information has increased as a result of the Internet's commercialization (Gandy Jr, 2000). Thetechniques in which this information is automated and normalized for collection have been shaped andreflected by the needs of the market (Gandy Jr, 2000). Consequently, a lot of hackers and cybercriminalsaim to steal that data for their own interests. Our use of your personal data, such as your ID, bankaccounts, and social media profiles, is not totally private. People must be aware of safe information andhow to protect their data in order to prevent becoming a victim of cyberattacks. When informationcomplies with the CIA trinity, often known as confidentiality, integrity, and availability, it is said to besecure (Hughes and Cybenko, 2013).

Figure 1: The three tenets (Hughes and Cybenko, 2013)

</div><span class="text_page_counter">Trang 8</span><div class="page_container" data-page="8">

Data security is not complete without confidentiality safeguards, which protect sensitive data fromunwanted access and disclosure. The major objective of putting confidentiality principles into practice isto safeguard the privacy and secrecy of confidential information, making sure that only authorized peoplewho need the information to perform their job duties can access it.

Another key aspect of data security is integrity, which focuses on avoiding any unwanted additions,deletions, or modifications to the data. It is intended to make sure that data is reliable and correct, and thatit has not been changed in any manner without the right permission. Organizations can maintain theaccuracy and dependability of their data, improving their capacity for decision-making, by adhering tointegrity standards.

</div><span class="text_page_counter">Trang 9</span><div class="page_container" data-page="9">

Another crucial element of data security is availability, which is making sure that users can always accessdata whenever they need it. This principle focuses on maintaining the operational capability andresponsiveness of support systems, including hardware, software, and network infrastructure.Organizations may increase their productivity and efficiency by ensuring that their users have access tothe data they need to make educated decisions by upholding availability rules.

<b>1. Motivations</b>

The Internet is currently being destroyed by attacks that are more modern and advanced than before. These assaults could include DDoS, malicious code (such as worms, viruses, and adware), scanning, root compromise, session high jacking, and many other types of attacks. The straightforward objective of a Denial of Service (DoS) attack is to bombard any service provider with erroneous requests, preventing it from providing its services to regular users and leading to availability loss. In a manner like this, internet worms go for a particular weakness, build up a sizable network, and then finally conduct a DoS attack. None of the vendors of intrusion detection systems (IDS) absolutely guarantees the availability of data andresources, confidentiality (also known as privacy), or integrity.

There were numerous dangers in the cyber world that directly compromised the privacy of our data. Hackers or cybercriminals can breach the security and take the data out of our hands by using a Brute-force assault and other basic and simple methodological attacks. As we previously stated, data is extremely precious today. For some people, companies, or countries, data is even more valuable, which means that if their data is stolen, their enterprises or a country's economy could collapse over time.Banks combined their customers' accounts with a digital account as part of their bank service in recent years, along with digital signatures. One of the most significant technologies used in the digital account or digital signature is the hashing algorithm and encryption algorithms. We can see those algorithms in general, and hashing algorithms, play a crucial role in today's services. These algorithms are crucial to both the owner's business and the whole economy of a nation.

<b>2. Objectives</b>

</div><span class="text_page_counter">Trang 10</span><div class="page_container" data-page="10">

In this report, the objectives are as follows:

Analyze and prove how to avoid brute-force attacks by using hashing algorithms. Implement the hashing algorithm to know how the algorithms can protect our data. Discuss the applications of hashing algorithms.

<b>3. Overview of the brute-force attacks</b>

A brute force method is used to crack passwords, iterating over each one until the real password is found.For instance, a 4-digit password that solely contains numbers can only be cracked in a maximum of10,000 different ways, which means that it can only be done in that many attempts. A password that was

</div><span class="text_page_counter">Trang 11</span><div class="page_container" data-page="11">

manually created (for instance, a non-random password that was manually set with a rule that could befollowed) can be cracked much faster by using a password dictionary (like a rainbow table) to look up afrequently used password.

The aim of password cracking is to find a lost or obscure password. A password cracker is a piece ofsoftware that can be used to recover passwords saved on a computer system as cryptographic hashes orconduct brute-force password attacks to obtain unauthorized access to a system. An algorithm known as acryptographic hash reduces a big quantity of data to a single (long) integer. An algorithm called the OAcryptographic hash reduces a big quantity of data to a single (long) number. The hash value can be used tocheck the accuracy of those data after being mathematically hashed. An attacker will use everyconceivable character combination in a brute-force password-cracking effort until the "cracked" passwordsuccessfully grants access. With today's powerful computers, it is possible to quickly try millions ofpassword combinations. Given enough time and computing power, it is theoretically conceivable to utilizethe hash value to check the accuracy of the data after it has been mathematically hashed. An attacker willuse every conceivable character combination in a brute-force password cracking attempt until the"cracked" password successfully grants access. With today's powerful computers, it is possible to quicklytry millions of password combinations. Most algorithms can be broken with enough time and computingpower.

We need cryptography to stop this attack. Instead of the secrecy of the cipher, a cryptosystem's securitytypically relies on the secrecy of the keys. A brute-force attack cannot test every possible key for apowerful cryptosystem because there are too many of them. A robust system should also generateciphertext that passes all common statistical tests as random and is impervious to all previously knowntechniques for decryption. Cryptoanalysis is the procedure for decrypting codes.

Any ciphertext can be eventually broken if an attacker has enough time and resources. Making the price ortime needed to decrypt ciphertext without the key greater than the value of the data being protected is theaim of cryptography. So, you may use a cipher that costs $500 to crack to securely safeguard informationthat is only worth $10. This idea must be understood. It offers one of the fundamental justifications for

</div><span class="text_page_counter">Trang 12</span><div class="page_container" data-page="12">

picking ciphers and cryptographic tools. A key space is the range of potential keys for a cipher. Anattacker with access to an encrypted communication and the decryption cipher could attempt every keywithout knowing the actual key in order to decode the message. A brute-force attack has been launched.You increase the cost of a brute-force attack by making the key space big enough. A larger key spacetypically equates to more security, assuming the encryption is mathematically sound.

<b>4. Summary</b>

In conclusion, we may get an overview of the state of our data privacy, the different kinds of cyberattacksthat are occurring today, their effectiveness, and how they will pose a threat to Internet users.

</div><span class="text_page_counter">Trang 13</span><div class="page_container" data-page="13">

As stated in the objectives, we will delve more into the process of protecting our data using hashingalgorithms in this report and suggest the algorithm. Additionally, we will demonstrate how algorithms cansafeguard our data and its uses.

</div><span class="text_page_counter">Trang 15</span><div class="page_container" data-page="15">

In this report, we will utilize a brute-force attack in this report and keep it as straightforward as we can.We will also use the well-known hashing technique SHA-256 for our testing. We will examine how SHA-256 can safeguard our data and how it can thwart brute-force attacks. The National Security Agency(Agency, 1952) developed SHA-2 (Secure Hash Algorithm 2) in 2001 as a replacement for SHA-1. TheSHA-256 algorithm is one variant of SHA-2. A 256-bit value is produced by the patented cryptographichash algorithm SHA-256.

Figure 2: Hashing algorithm

</div><span class="text_page_counter">Trang 17</span><div class="page_container" data-page="17">

<b>III.Proposed the algorithm</b>

We will first go over the brute-force assault and how it is used. A brute-force attack is described as asearch for every potential key to break a cipher. A cipher is typically regarded as secure if it can only becracked through brute force. The block cipher or key length of any encryption scheme is a factor in theassaults. A typical brute force attack entails a thorough key search, like when a thief attempts everypossible combination in a safe's lock.

</div><span class="text_page_counter">Trang 18</span><div class="page_container" data-page="18">

Figure 3: Brutal-Force attack

A brute force attack employs a method of systematic guessing to determine login information, credentials,and encryption keys. The attacker attempts many username and password combinations before making asuccessful guess.

Once they are successful, the actor can enter the system as the authorized user and stay there until they arediscovered. They take advantage of this opportunity to move laterally, set up back doors, learn more aboutthe system in preparation for next attacks, and, of course, steal data.

</div><span class="text_page_counter">Trang 19</span><div class="page_container" data-page="19">

As long as there have been passwords, there have been brute force assaults. Due to the transition to remotework, they are not only still popular but also becoming more common.

We will thus examine the SHA-256 algorithm using the steps and reasoning of a brute-force assault todiscover how effective this method is and how it can safeguard our data. We shall have somemathematical proof to measure the security of this algorithm so that we can fully comprehend both itscapabilities and power.

A message with a length of 2 bits can be compressed using the iterative, one-way hash function SHA-<small>64</small>256 to create a message digest, which is a 256-bit condensed form. As seen in figure 4, the compressionprocess can be divided into four steps. The first phase is called Pre-Processing, and it entails two steps:segmenting and padding the message into 512-bit data blocks (Mt) and setting the initial hash variables(H(0~7)) to be utilized in the hash computation. Sequentially feeding these data blocks (M ) into the<small>t</small>Message Schedule, the second stage, causes them to be extended into sixty-four 32-bit words (W ). The<small>t</small>third stage, known as the Digest Calculation, is the next step, which is transferred onto each 32-bit word(Wt). The third stage, known as the Digest Calculation, is the next step, which is transferred onto each 32-bit word (W ). Eight 32-bit working variables (a~h) are initialized using the initial hash variables (H<small>t(0–7)</small>) atthis stage. In each of the 64 iterations, these variables plus two 32-bit temporary variables (T1, T2) arecomputed and updated. The values of the eight working variables are given to the Digest Update, which isthe last stage, after 64 iterations. The original hash values are stored in the digest variables (H<small>(07)</small>), whichare updated in this stage by adding the new values to the working variables. Message Schedule, DigestCalculation, and Digest Update often make up one data block processing activity. When all the data blockshave been processed, the hash computation is finished.

</div><span class="text_page_counter">Trang 20</span><div class="page_container" data-page="20">

Figure 4: SHA-256 flow diagram

</div><span class="text_page_counter">Trang 21</span><div class="page_container" data-page="21">

SHA-256 is a cryptographic hash function with a digest length of 256 bits (secure hash algorithm, FIPS182-2). It is an MDC (Manipulation Detection Code), or keyless hash function. Blocks of 512 = 16 32 bits,each requiring 64 rounds, are used to process messages. To understand this algorithm in an easy way, wewill take the pseudocode to explain for this algorithm.

All variables are 32-bit unsigned integers and addition is calculated modulo 2 .<small>32</small>

For each round, there is one round constant K[i] and one entry in the message schedule array w[i],0 L 63.≤ ≤

The compression function uses 8 working variables, a through h.

Big-endian convention is used when expressing the constants in this pseudocode, and when parsingmessage block data from bytes to words. For example, the first word of the input message "abc"after padding is 0x61626380.

</div><span class="text_page_counter">Trang 22</span><div class="page_container" data-page="22">

Initialize hash values: (first 32 bits of the fractional parts of the square roots of the first 8 primes2..19):

h0 is set to 0x6a09e667 h1 is set to 0xbb67ae85 h2 is set to 0x3c6ef372 h3 is set to 0xa54ff53a h4 is set to 0x510e527f h5 is set to 0x9b05688c h6 is set to 0x1f83d9ab

</div><span class="text_page_counter">Trang 23</span><div class="page_container" data-page="23">

h7 is set to 0x5be0cd19

Initialize array of round constants: (first 32 bits of the fractional parts of the cube roots of the first 64primes 2..311):

k[0] is set to 0x428a2f98, k[1] is set to 0x71374491, k[2] is set to 0xb5c0fbcf, k[3] is set to 0xe9b5dba5, k[4] is set to 0x3956c25b, k[5] is set to 0x59f111f1, k[6] is set to 0x923f82a4, k[7] is set to 0xab1c5ed5, k[8] is set to 0xd807aa98, k[9] is set to 0x12835b01, k[10] is set to 0x243185be, k[11] is set to 0x550c7dc3, k[12] is set to 0x72be5d74, k[13] is set to 0x80deb1fe, k[14] is set to 0x9bdc06a7, k[15] is set to 0xc19bf174, k[16] is set to 0xe49b69c1, k[17] is set to 0xefbe4786, k[18] is set to 0x0fc19dc6, k[19] is set to 0x240ca1cc, k[20] is set to 0x2de92c6f, k[21] is set to 0x4a7484aa, k[22] is set to 0x5cb0a9dc, k[23] is set to 0x76f988da, k[24] is set to 0x983e5152,

</div><span class="text_page_counter">Trang 24</span><div class="page_container" data-page="24">

k[25] is set to 0xa831c66d, k[26] is set to 0xb00327c8, k[27] is set to 0xbf597fc7, k[28] is set to 0xc6e00bf3, k[29] is set to 0xd5a79147, k[30] is set to 0x06ca6351, k[31] is set to 0x14292967, k[32] is set to 0x27b70a85, k[33] is set to 0x2e1b2138, k[34] is set to 0x4d2c6dfc,

</div><span class="text_page_counter">Trang 25</span><div class="page_container" data-page="25">

k[35] is set to 0x53380d13, k[36] is set to 0x650a7354, k[37] is set to 0x766a0abb, k[38] is set to 0x81c2c92e, k[39] is set to 0x92722c85, k[40] is set to 0xa2bfe8a1, k[41] is set to 0xa81a664b, k[42] is set to 0xc24b8b70, k[43] is set to 0xc76c51a3, k[44] is set to 0xd192e819, k[45] is set to 0xd6990624, k[46] is set to 0xf40e3585,k[47] is set to 0x106aa070, k[48] is set to 0x19a4c116, k[49] is set to 0x1e376c08, k[50] is set to 0x2748774c, k[51] is set to 0x34b0bcb5, k[52] is set to 0x391c0cb3, k[53] is set to 0x4ed8aa4a, k[54] is set to 0x5b9cca4f, k[55] is set to 0x682e6ff3, k[56] is set to 0x748f82ee, k[57] is set to 0x78a5636f, k[58] is set to 0x84c87814, k[59] is set to 0x8cc70208, k[60] is set to 0x90befffa, k[61] is set to 0xa4506ceb, k[62] is set to 0xbef9a3f7,

</div>