Abstract
PGP public keys are relatively small binary data. Their hashes are used and also visualized for comparison and validation purposes. We pursue a direct, but previously unused approach. We produce colorful images of public keys and other binary data by generating drawing primitives from binary input. Optionally, we also include the hashes in the visualization. The visualization of raw data together with its hash provides a further security benefit. With it we can visually detect hash collisions. The primary focus of this paper is a direct visualization of public keys. We tune the transparency heuristics for better results. Our method visually detects key spoofing on real SHA1 collision data.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
SHA1 collision files were obtained from http://shattered.it/.
References
Awni, J.: Cryptographic key visualization (2017). US Patent App. 14/837,652. Publication # US20170061199 A1
BSD General Commands Manual: Manual page for ssh—OpenSSH SSH client (2017)
Cervesato, I., Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: Proceedings of the \(12^{{\rm th}}\) IEEE Computer Security Foundations Workshop, pp. 55–69 (1999). https://doi.org/10.1109/CSFW.1999.779762
Cheng, Y.M., Wang, C.M.: A high-capacity steganographic approach for 3D polygonal meshes. Vis. Comput. 22(9), 845–855 (2006). https://doi.org/10.1007/s00371-006-0069-4
Cheng, Y.M., Wang, C.M.: An adaptive steganographic algorithm for 3D polygonal meshes. Vis. Comput. 23(9), 721–732 (2007). https://doi.org/10.1007/s00371-007-0147-2
Conti, G., Grizzard, J., Ahamad, M., Owen, H.: Visual exploration of malicious network objects using semantic zoom, interactive encoding and dynamic queries. In: IEEE Workshop on Visualization for Computer Security, VizSEC ’05, pp. 83–90 (2005). https://doi.org/10.1109/VIZSEC.2005.1532069
Cox, I., Miller, M., Bloom, J., Fridrich, J., Kalker, T.: Digital Watermarking and Steganography. Morgan Kaufmann, Los Altos (2007)
Dhamija, R., Perrig, A.: Déjà vu: a user study. Using images for authentication. In: USENIX Security Symposium, vol. 9, p. 4 (2000)
Federal information processing standards: secure hash standard (SHS). Technical Report FIPS PUB 180-4, Information Technology Laboratory, National Institute of Standards and Technology (2015). https://doi.org/10.6028/NIST.FIPS.180-4
GNU Privacy Guard: Manual page for gpg2—OpenPGP encryption and signing tool (2016)
Hou, Y.C.: Visual cryptography for color images. Pattern Recognit. 36(7), 1619–1629 (2003). https://doi.org/10.1016/S0031-3203(02)00258-3
Liang, J., Lai, X.J.: Improved collision attack on hash function MD5. J. Comput. Sci. Technol. 22(1), 79–87 (2007). https://doi.org/10.1007/s11390-007-9010-1
Naor, M., Shamir, A.: Visual cryptography. EUROCRYPT ’94. Springer, pp. 1–12 (1995). https://doi.org/10.1007/BFb0053419
Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In: Proceedings of the \(8^{{\rm th}}\) International Symposium on Visualization for Cyber Security, VizSec ’11, pp. 4:1–4:7. ACM (2011). https://doi.org/10.1145/2016904.2016908
Oliva, A., Torralba, A.: Modeling the shape of the scene: a holistic representation of the spatial envelope. Int. J. Comput. Vis. 42(3), 145–175 (2001). https://doi.org/10.1023/A:1011139631724
OpenSSL: Manual page for openssl—OpenSSL command line tool (2016)
Perrig, A., Song, D.: Hash visualization: a new technique to improve real-world security. In: International Workshop on Cryptographic Techniques and E-Commerce, CrypTEC ’99, pp. 131–138 (1999)
Rescorla, E.: HTTP over TLS (2000). Request for Comments: 2818
Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley, New York (2007)
Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. http://shattered.it/static/shattered.pdf
Stevens, M.: Counter-cryptanalysis, pp. 129–146. CRYPTO ’13. Springer (2013). https://doi.org/10.1007/978-3-642-40041-4_8
Subhedar, M.S., Mankar, V.H.: Current status and key issues in image steganography: a survey. Comput. Sci. Rev. 13, 95–113 (2014). https://doi.org/10.1016/j.cosrev.2014.09.001
Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: \(21^{{\rm st}}\) Annual Computer Security Applications Conference, ACSAC ’05. IEEE (2005). https://doi.org/10.1109/CSAC.2005.27
Teoh, S.T., Jankun-Kelly, T., Ma, K.L., Wu, S.F.: Visual data analysis for detecting flaws and intruders in computer network systems. IEEE/ACM Trans. Netw. 6(5), 515–528 (1998)
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1, pp. 17–36. CRYPTO ’05. Springer (2005). https://doi.org/10.1007/11535218_2
Wang, X., Yu, H.: How to break MD5 and other hash functions, pp. 19–35. EUROCRYPT ’05. Springer (2005). https://doi.org/10.1007/11426639_2
Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)
Acknowledgements
The author thanks Dr. Andreas Kokott for the discussion of possible online banking improvements with the presented visualization.
Author information
Authors and Affiliations
Corresponding author
Additional information
Supplementary material
Supplementary material showing more visualizations is available in the Zenodo repository under https://doi.org/10.5281/zenodo.817656.
Rights and permissions
About this article
Cite this article
Lobachev, O. Direct visualization of cryptographic keys for enhanced security. Vis Comput 34, 1749–1759 (2018). https://doi.org/10.1007/s00371-017-1466-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00371-017-1466-6