Information Security
ArfanShahzad.com
�Course Outline
ArfanShahzad.com
� Hashing
• Hashing is a cryptographic techniques used in information security to
ensure data integrity, authenticity, and non-repudiation.
• Hashing is a process of taking input data and generating a fixed-size string
of characters, known as a hash value or digest.
• The hash function takes the input data and applies a mathematical
algorithm to produce the hash value, which is unique to the input data.
ArfanShahzad.com
� Hashing cont…
• Hash functions are designed to be one-way, meaning it is
computationally infeasible to derive the original input data from the
hash value.
• Hashing is commonly used for various purposes, such as password
storage, data integrity, verification, and digital forensics.
ArfanShahzad.com
� Hashing cont…
• It allows for quick and efficient comparison of data without
revealing the original content.
• Key characteristics of hashing include:
ArfanShahzad.com
� Hashing cont…
• 1- One-Way Function: Hash functions are designed to be one-way,
meaning it is computationally infeasible to reverse-engineer the
original input data from the hash value.
• Given the same input, the hash function will always produce the same
hash value.
ArfanShahzad.com
� Hashing cont…
• 2- Fixed Output Size: Hash functions generate a fixed-length hash
value, regardless of the size of the input data.
• For example, the SHA-256 hash function produces a 256-bit (32-byte)
hash value.
ArfanShahzad.com
� Hashing cont…
• 4- Collision Resistance: A good hash function should have a low
probability of producing the same hash value for different input
data.
• This property is known as collision resistance and ensures that it is
highly unlikely (uncommon) for two different inputs to produce the
same hash value.
ArfanShahzad.com
� Hashing cont…
• 5- Wide Range of Applications: Hashing has numerous applications/
usage in information security.
• Some common uses include password storage (storing hashed
passwords instead of plaintext), data integrity checking, digital
signatures, checksums, and data fingerprinting.
ArfanShahzad.com
� Hashing cont…
• Popular hash functions include MD5 (Message Digest 5), SHA-1
(Secure Hash Algorithm 1), and SHA-256 (Secure Hash Algorithm 256-
bit).
• However, it's important to note that older hash functions like MD5
and SHA-1 are considered weak and are not recommended for
security-critical applications due to known vulnerabilities.
ArfanShahzad.com
� Hashing cont…
• Popular hash functions include MD5 (Message Digest 5), SHA-1
(Secure Hash Algorithm 1), and SHA-256 (Secure Hash Algorithm 256-
bit).
• However, it's important to note that older hash functions like MD5
and SHA-1 are considered weak and are not recommended for
security-critical applications due to known vulnerabilities.
ArfanShahzad.com
� Hashing cont…
• There are several powerful hashing algorithms used in information
security to ensure the integrity and security of data.
• Here are some notable examples:
ArfanShahzad.com
� Hashing cont…
• SHA-256 (Secure Hash Algorithm 256-bit): It is a widely used
cryptographic hash function that belongs to the SHA-2 family (SHA-
224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256).
• It generates a 256-bit hash value and is known for its resistance to
cryptographic attacks.
ArfanShahzad.com
� Hashing cont…
• SHA-512: SHA-512 is considered the strongest hashing algorithm in
terms of its cryptographic strength and resistance to brute-force
attacks, also belongs to SHA-2 family.
• It generates a 512-bit hash value, which provides a larger output size
compared to other algorithms in the SHA-2 family.
ArfanShahzad.com
� Hashing cont…
• SHA-3 (Secure Hash Algorithm 3): It is the latest member of the
Secure Hash Algorithm family.
• It includes hash functions such as SHA-3-224, SHA-3-256, SHA-3-384,
and SHA-3-512.
• SHA-3 algorithms are designed to provide better resistance against
cryptanalytic attacks.
ArfanShahzad.com
� Hashing cont…
• Argon2: It is a memory-hard hashing algorithm that won the
Password Hashing Competition in 2015.
• It is designed to be resistant against GPU-based attacks and offers
strong security for password hashing applications.
ArfanShahzad.com
� Digital Signatures
• Digital signatures are cryptographic mechanisms used to provide
authenticity, integrity, and non-repudiation of digital documents or
messages.
• They ensure that the sender of the message is verified, and any
alterations to the message can be detected.
• Here are some key points about digital signatures:
ArfanShahzad.com
� Digital Signatures cont...
• 1- Authentication: Digital signatures verify the identity of the sender
or signer of a digital document.
• They use public key cryptography to associate a unique digital
signature with the signer's identity.
• The recipient can use the corresponding public key to verify the
signature and confirm the authenticity of the sender.
ArfanShahzad.com
� Digital Signatures cont...
• 2- Integrity: Digital signatures ensure the integrity of the digital document
by detecting any modifications or tampering.
• The signature is calculated based on the content of the document, and
even a small change in the document will result in a different signature.
• This allows the recipient to verify that the document has not been altered
since it was signed.
ArfanShahzad.com
� Digital Signatures cont...
• 3- Non-Repudiation: Digital signatures provide non-repudiation,
meaning the signer (sender) cannot deny their involvement in signing
the document.
• The recipient (receiver) can prove the authenticity of the signature
and the document, preventing the signer from later claiming that
they did not sign it.
ArfanShahzad.com
� Digital Signatures cont...
• 4- Public Key Infrastructure (PKI): Digital signatures often rely on a
public key infrastructure, where a trusted third party, known as a
Certificate Authority (CA), issues digital certificates that bind a
person's identity to their public key.
• This enables the recipient to verify the authenticity of the signer's
public key and establish trust in the digital signature.
ArfanShahzad.com
� Digital Signatures cont...
• 5- Application in Document Signing and Authentication: Digital
signatures have various applications, including secure document
signing, authentication in online transactions, secure email
communication, and software distribution.
• They provide a means to establish trust and ensure the integrity of
digital information.
ArfanShahzad.com
� Digital Signatures cont...
• To create a digital signature, the sender uses their private key to
encrypt a hash value of the document.
• The recipient can then use the sender's public key to decrypt the
signature and compare it with a computed hash value of the received
document.
• If the two values match, the signature is considered valid.
ArfanShahzad.com
� Digital Signatures cont...
• Here are some of the top secure digital signature algorithms:
• RSA (Rivest-Shamir-Adleman): RSA is a widely used and well-
established algorithm for digital signatures.
• It offers strong security based on the difficulty of factoring large
numbers.
ArfanShahzad.com
� Digital Signatures cont...
• ECDSA (Elliptic Curve Digital Signature Algorithm): ECDSA is a widely
adopted digital signature algorithm that uses elliptic curve
cryptography.
• It offers strong security with shorter key lengths, making it efficient
for resource-constrained environments.
ArfanShahzad.com
� Digital Signatures cont...
• EdDSA (Edwards-curve Digital Signature Algorithm): EdDSA is a
modern digital signature algorithm that provides strong security and
efficient signing and verification processes.
• It is based on elliptic curve cryptography and is gaining popularity in
various applications.
ArfanShahzad.com
� Digital Signatures cont...
• Schnorr Signature: Schnorr Signature is a secure digital signature
algorithm known for its simplicity and efficiency.
• It offers strong security and has advantages in terms of key
aggregation and multisignature schemes.
ArfanShahzad.com
� Digital Signatures cont...
• DSA (Digital Signature Algorithm): DSA is a widely used digital
signature algorithm, particularly in the context of the Digital Signature
Standard (DSS).
• It provides strong security when implemented correctly.
ArfanShahzad.com
� Digital Signatures cont...
• Digital Signatures play a crucial role in ensuring the integrity and
authenticity of digital documents, providing a reliable mechanism for
verifying the identity of the sender and detecting any modifications to
the content.
ArfanShahzad.com
