SHA-3 / Keccak

Ασφάλεια Πληροφοριακών Συστημάτων

ΕΛ.ΜΕ.ΠΑ.Τμήμα Ηλεκτρολόγων Μηχανικών & Μηχανικών Πληροφορικής

SHA-3 (Secure Hash Algorithm 3)

Το 2007 ξεκίνησε ο διαγωνισμός του NIST για τονSHA-3.

Ο διαγωνισμός ολοκληρώθηκε τον Οκτώβριο του2012, και ο αλγόριθμος που επιλέχθηκε ήταν οKeccak (που πλέον θα καλείται SHA-3).

Δουλεύει με λέξεις 64bit και έχει μεταβλητή έξοδο.

Δεν θα αντικαταστήσει τον SHA-2 αφού δεν έχουνακόμα εντοπιστεί προβλήματα στην ασφάλεια τουτελευταίου.

Use of Keccak for Integrity Verification (sample application)

A proposed solution could implements two main operations.

At the initialization phase, the system takes as input a directory, computes the digests of the underlying files, and stores them in a data structure.

At the processing phase, the system takes as input a directory that contains the examined files, computes their digests, and compares them against the information that is maintain in the data structure according to the application scenario specifications

Use of Keccak for integrity verification (sample application)

Use of Keccak for File Identification / Malware detection (sample application)

Another security mechanism is the file identification.

Possible applications of the mechanism include (but are not limited to):

malware detection on local disks,

network traffic monitoring (e.g. to detect malicious or flagged files on the network),

file integrity checks for pre- or post-installation audits

Use of Keccak for File Identification / Malware detection (sample application)

Keccak Speedup (e.g. via GPUs)?

As Keccak lacks the inherent parallel nature of, e.g. MD6, in order to create a parallel implementation that will exploit the potential of GPUs, one has to resort to alternative mechanisms.

This can be achieved by introducing a Merkle tree construction; a technique that can be used to parallelize any hash function

Optimization

Inner Digest Calculation

The SHA-3 CUDA implementation is based on the Merkle Tree technique1, which can parallelize any hash function

Parallelism is realized outside the hash function, by running instances (tree leaves) concurrently and then gathering the results of each instance at an upper level of the tree

Merkle Tree [Wikipedia]

1Sevestre, G.: Keccak Tree hashing on GPU, using NVIDIA Cuda API, https://sites.google.com/site/keccaktreegpu/

Performance Evaluation

Testbed

9

Intel Core i7 Processor (6MB Cache, 2.1 GHz)

8GB RAM

NVIDIA GeForce GTX 1050 GPU (640 cores, 2GB buffer, 6Gbps memory speed, 1.4 GHz clock)

Ubuntu 17.10 OS

Optimization

Inner Digest Calculation

10

Test folder’s files processing: A. Time consumed on hashing, B.Speed when hashing, and C. Time consumed in non-hashing functions (I/O etc.)

In addition to significantly improving the hashing speeditself, the overlapping techniques allowed the minimization of the performance penalties incurred by host-to-GPU and GPU-to-host transfers that are unavoidable in GPU implementations

Optimization

Inner Digest Calculation

11Total execution time comparison

The time consumed on the hashing mechanism itself was successfully minimized by exploiting the GPU to the point where hashing time is insignificant and the execution time is dominated by I/O and other processes

Optimization

Inner Digest Calculation

12A. Total speedup and B. Hash lookup times

The previously mentioned constrain limits the total speed up achieved in the specific application.

Regarding the lookup phase, the GPU implementation’s performance is a bit slower than the CPU alternatives. This is to be expected as there is the extra overhead of transferring files to and from the GPU. This could be addressed by parallelizing the hash table search, but such endeavor would only yield noticeable benefits in cases of large tables. In its current form, the developed application would not benefit in a noticeable way, as the time spent on the lookup phase is not significant compared to other, more time consuming parts of the execution.

CloudNet

Cloud & Network Anti-Malware Engine

13

CloudNet – a lightweight and efficient GPU-accelerated anti-malware engine

Utilizes GPGPU in order to implement

Malware digests are stored in the data structure so that detection checks can take place efficiently as network traffic is processed The CloudNet setting

A CUDA-optimized SHA-3 hashing mechanism

Optimized data structures for storing/processing network traffic

Anti-virus Main Operation

Anti-viruses are among the main Intrusion Detection Systems (IDS)and Intrusion Prevention Systems (IPS)

In their traditional functionality, the identification part is performed via signature-based detection

Signatures of known viruses are kept in a database

The anti-virus scans files in the hard disk or network traffic and calculates their digital footprint, e.g. their hash value

If the signature is also in the viruses’ database, the data is marked as malware. Then, it is quarantined for further analysis or deleted.

Anti-virus – Drawbacks

This functionality detects only known viruses, and provide almost no protection against new ones

Therefore, it exhibits two main problems:

Zero-days (or 0-days) vulnerabilities: an attacker can create a new type of malware and spread it through Internet. As there is no digital signature for this malware, it infects the vulnerable computers. When the problem becomes known, the anti-virus company contains the malware, analyzes it, and produces the signature.

Polymorphism: instead of creating a new malware, an attacker can make a variation of an existing one. Thus, the attacker slightly changes the original code and the hash results becomes completely different. The anti-virus company has also to analyze the new version and calculate its signature.

Frequent anti-virus updates are needed in order to keep up-to-date the local viruses’ database in your machine and be safeguarded. As long as, you do not perform the update, your anti-virus will not be able to identify and block this malware and you will be vulnerable to attacks.

Other Approaches for IDS/IPS

Attack Identification

Try to identify an attack pattern, i.e. based on the behavior

For example, if your computer is constantly sending traffic to arbitrary websites that fills your upload bandwidth (e.g. 5Mb/s), this could be a sign that your computer has been infected and performs a Denial of Service (DoS) attack to these websites

The attacker could test his/her attack tactics against these attack identification patterns.

The result will be a smoother attack, e.g. consume the half of the upload bandwidth – 2.5Mb/s

Anomaly detection

Here the defense mechanism is aware of the behavior of the normal system

If something abnormal happens, this could be a sign that the machine has been infected, e.g. high consumption of the upload bandwidth for a long period

The attacker again could analyze the defenses and try to avoid causing an anomaly

This would also result in a smoother attack, e.g. perform DoS for a shorter period of time

Other Approaches for IDS/IPS

A combinatory strategy exploits the advantages and can harden the attacker

Signature-based detection is performed in the networking traffic in order to block known types of malware and their variations

Attack identification tries to find out if a specific attack is ongoing

Anomaly detection tries to find our if there are significant variations from the normal operation

Combination

The fact that anomaly detection is recording an abnormal activity can give an indication to the attack identification mechanism in order to be more strict in its categorization

Thus, even if the attacker manages to infect the machine, the malicious effect has to be minimal in order to avoid attack identification while at the same time not cause anomaly

This would result in an even smoother attack, e.g. consume a small portion of the upload bandwidth for a small period of time

Success Metrics

The success of an IDS mechanism is measured based on the volume of correct classifications that it makes against the false alarms.

Ideally:

We want to maximize the metrics

Trust Positive – Recognize correctly as malicious traffic every malware

Trust negative – Recognize correctly as legitimate traffic all normal data

We want to minimize the metrics

False Positive – Recognize erroneously normal data as malicious traffic

False negative – Recognize erroneously malware as legitimate traffic and let it pass