Abstract
In this paper a new type of application layer attack against complex IoT environments is presented which is based on unsafe typecasting and loose comparisons. We describe the concept of magic hashes and explain why they are relevant in IoT platforms from a security point of view. We focus our efforts on lightweight cryptographic hash functions which can be potential candidates for future IoT applications and embedded systems. We present the first known magic hashes for lightweight cryptographic hash function families PHOTON, QUARK and SPONGENT which were designed for constrained environments such as IoT devices. With this, we aim to create a reference point not only for further scientific research but also for practical testing of the above mentioned systems. We also run through calculations on the estimated amount of computation necessary to find hashes with the required characteristics and compare these estimates with empirical results. We conclude with an assessment on the feasibility of finding additional magic hashes with our current computational possibilities.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
PHOTON-128(47736359) = 0e736288061945637780053045686224.
References
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of things: a survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutor. 17(4), 2347–2376 (2015)
Dorsemaine, B., Gaulier, J.P., Wary, J.P., Kheir, N., Urien, P.: Internet of Things: a definition & taxonomy. In: 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies, pp. 72–77. IEEE (2015)
Xu, Z., Li, X.: Secure transfer protocol between app and device of internet of things. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K.R. (eds.) SpaCCS 2017. LNCS, vol. 10658, pp. 25–34. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72395-2_3
Stellios, I., Kotzanikolaou, P., Psarakis, M., Alcaraz, C., Lopez, J.: A survey of IoT-enabled cyberattacks: assessing attack paths to critical infrastructures and services. IEEE Commun. Surv. Tutor. 20(4), 3453–3495 (2018)
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. IEEE Comput. 50(7), 80–84 (2017)
Petit, J., Shladover, S.E.: Potential cyberattacks on automated vehicles. IEEE Trans. Intell. Transp. Syst. 16(2), 546–556 (2015)
Nader, P., Honeine, P., Beauseroy, P.: Detection of cyberattacks in a water distribution system using machine learning techniques. In: Sixth International Conference on Digital Information Processing and Communications (ICDIPC), Beirut, pp. 25–30 (2016)
Tranchita, C., Hadjsaid, N., Torres, A.: Overview of the power systems security with regard to cyberattacks. In: 2009 Fourth International Conference on Critical Infrastructures, Linkoping, pp. 1–8 (2009)
Panasenko, S., Smagin, S.: Lightweight cryptography: underlying principles and approaches. Int. J. Comput. Theory Eng. 3(4), 516–520 (2011)
Schneier, B.: Cryptographic design vulnerabilities. IEEE Comput. 31(9), 29–33 (1998)
Garrin, E., Lee, S., Ayrapetyan, R., Shitov, A.: Ultra lightweight JavaScript engine for internet of things. In: SPLASH Companion: Companion Proceedings of the 2015 ACM SIGPLAN International Conference on Systems. Software for Humanity, Programming, Languages and Applications (2015)
Pradel, M., Sen, K.: The good, the bad, and the ugly: an empirical study of implicit type conversions in JavaScript. In: 29th European Conference on Object-Oriented Programming (ECOOP 2015) (2015)
Eshkevari, L., Dos Santos, F., Cordy, J.R., Antoniol, G.: Are PHP applications ready for hack? In: 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER) (2015)
Kopf, G.: Non-obvious bugs by example. In: 9th CCONFidence Conference (2011)
Cleverly, M.A.: https://twitter.com/macleverly/status/597969666598801409, May 2015 Twitter announcement
Tihanyi, N.: https://twitter.com/TihanyiNorbert/status/1138075224010833921, June 2019 Twitter announcement
Tihanyi, N.: https://twitter.com/TihanyiNorbert/status/1148586399207178241, July 2019 Twitter announcement
Mckay, K., Bassham, L., Turan, M., Mouha, N.: Report on Lightweight Cryptography NISTIR 8114 (2017)
Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hash functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_13
Aumasson, J.-P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: a lightweight hash. J. Cryptol. 26(2), 313–339 (2012). https://doi.org/10.1007/s00145-012-9125-6
Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., Verbauwhede, I.: spongent: a lightweight hash function. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312–325. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_21
Acknowledgments
The authors would like to thank Axel Poschmann for his insightful comments. We would also like to thank Eötvös Loránd University for the opportunity to use the ATLAS Super Cluster.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Tihanyi, N., Borsos, B. (2021). The Theory and Practice of Magic Hash Based Attacks on Lightweight Cryptographic Hash Functions in Complex IoT Environments. In: Wang, G., Chen, B., Li, W., Di Pietro, R., Yan, X., Han, H. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2020. Lecture Notes in Computer Science(), vol 12383. Springer, Cham. https://doi.org/10.1007/978-3-030-68884-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-68884-4_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-68883-7
Online ISBN: 978-3-030-68884-4
eBook Packages: Computer ScienceComputer Science (R0)