Advertisement

The Visual Computer

, Volume 34, Issue 12, pp 1749–1759 | Cite as

Direct visualization of cryptographic keys for enhanced security

  • Oleg Lobachev
Original Article
  • 474 Downloads

Abstract

PGP public keys are relatively small binary data. Their hashes are used and also visualized for comparison and validation purposes. We pursue a direct, but previously unused approach. We produce colorful images of public keys and other binary data by generating drawing primitives from binary input. Optionally, we also include the hashes in the visualization. The visualization of raw data together with its hash provides a further security benefit. With it we can visually detect hash collisions. The primary focus of this paper is a direct visualization of public keys. We tune the transparency heuristics for better results. Our method visually detects key spoofing on real SHA1 collision data.

Keywords

Visualization Cryptography Public key Hash Collision PGP SHA1 SHA2 

Notes

Acknowledgements

The author thanks Dr. Andreas Kokott for the discussion of possible online banking improvements with the presented visualization.

References

  1. 1.
    Awni, J.: Cryptographic key visualization (2017). US Patent App. 14/837,652. Publication # US20170061199 A1Google Scholar
  2. 2.
    BSD General Commands Manual: Manual page for ssh—OpenSSH SSH client (2017)Google Scholar
  3. 3.
    Cervesato, I., Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: Proceedings of the \(12^{{\rm th}}\) IEEE Computer Security Foundations Workshop, pp. 55–69 (1999).  https://doi.org/10.1109/CSFW.1999.779762
  4. 4.
    Cheng, Y.M., Wang, C.M.: A high-capacity steganographic approach for 3D polygonal meshes. Vis. Comput. 22(9), 845–855 (2006).  https://doi.org/10.1007/s00371-006-0069-4 CrossRefGoogle Scholar
  5. 5.
    Cheng, Y.M., Wang, C.M.: An adaptive steganographic algorithm for 3D polygonal meshes. Vis. Comput. 23(9), 721–732 (2007).  https://doi.org/10.1007/s00371-007-0147-2 CrossRefGoogle Scholar
  6. 6.
    Conti, G., Grizzard, J., Ahamad, M., Owen, H.: Visual exploration of malicious network objects using semantic zoom, interactive encoding and dynamic queries. In: IEEE Workshop on Visualization for Computer Security, VizSEC ’05, pp. 83–90 (2005).  https://doi.org/10.1109/VIZSEC.2005.1532069
  7. 7.
    Cox, I., Miller, M., Bloom, J., Fridrich, J., Kalker, T.: Digital Watermarking and Steganography. Morgan Kaufmann, Los Altos (2007)Google Scholar
  8. 8.
    Dhamija, R., Perrig, A.: Déjà vu: a user study. Using images for authentication. In: USENIX Security Symposium, vol. 9, p. 4 (2000)Google Scholar
  9. 9.
    Federal information processing standards: secure hash standard (SHS). Technical Report FIPS PUB 180-4, Information Technology Laboratory, National Institute of Standards and Technology (2015).  https://doi.org/10.6028/NIST.FIPS.180-4
  10. 10.
    GNU Privacy Guard: Manual page for gpg2—OpenPGP encryption and signing tool (2016)Google Scholar
  11. 11.
    Hou, Y.C.: Visual cryptography for color images. Pattern Recognit. 36(7), 1619–1629 (2003).  https://doi.org/10.1016/S0031-3203(02)00258-3 CrossRefGoogle Scholar
  12. 12.
    Liang, J., Lai, X.J.: Improved collision attack on hash function MD5. J. Comput. Sci. Technol. 22(1), 79–87 (2007).  https://doi.org/10.1007/s11390-007-9010-1 MathSciNetCrossRefGoogle Scholar
  13. 13.
    Naor, M., Shamir, A.: Visual cryptography. EUROCRYPT ’94. Springer, pp. 1–12 (1995).  https://doi.org/10.1007/BFb0053419 Google Scholar
  14. 14.
    Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In: Proceedings of the \(8^{{\rm th}}\) International Symposium on Visualization for Cyber Security, VizSec ’11, pp. 4:1–4:7. ACM (2011).  https://doi.org/10.1145/2016904.2016908
  15. 15.
    Oliva, A., Torralba, A.: Modeling the shape of the scene: a holistic representation of the spatial envelope. Int. J. Comput. Vis. 42(3), 145–175 (2001).  https://doi.org/10.1023/A:1011139631724 CrossRefzbMATHGoogle Scholar
  16. 16.
    OpenSSL: Manual page for openssl—OpenSSL command line tool (2016)Google Scholar
  17. 17.
    Perrig, A., Song, D.: Hash visualization: a new technique to improve real-world security. In: International Workshop on Cryptographic Techniques and E-Commerce, CrypTEC ’99, pp. 131–138 (1999)Google Scholar
  18. 18.
    Rescorla, E.: HTTP over TLS (2000). Request for Comments: 2818Google Scholar
  19. 19.
    Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley, New York (2007)zbMATHGoogle Scholar
  20. 20.
    Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. http://shattered.it/static/shattered.pdf
  21. 21.
    Stevens, M.: Counter-cryptanalysis, pp. 129–146. CRYPTO ’13. Springer (2013).  https://doi.org/10.1007/978-3-642-40041-4_8 CrossRefGoogle Scholar
  22. 22.
    Subhedar, M.S., Mankar, V.H.: Current status and key issues in image steganography: a survey. Comput. Sci. Rev. 13, 95–113 (2014).  https://doi.org/10.1016/j.cosrev.2014.09.001 CrossRefzbMATHGoogle Scholar
  23. 23.
    Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: \(21^{{\rm st}}\) Annual Computer Security Applications Conference, ACSAC ’05. IEEE (2005).  https://doi.org/10.1109/CSAC.2005.27
  24. 24.
    Teoh, S.T., Jankun-Kelly, T., Ma, K.L., Wu, S.F.: Visual data analysis for detecting flaws and intruders in computer network systems. IEEE/ACM Trans. Netw. 6(5), 515–528 (1998)CrossRefGoogle Scholar
  25. 25.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1, pp. 17–36. CRYPTO ’05. Springer (2005).  https://doi.org/10.1007/11535218_2 CrossRefGoogle Scholar
  26. 26.
    Wang, X., Yu, H.: How to break MD5 and other hash functions, pp. 19–35. EUROCRYPT ’05. Springer (2005).  https://doi.org/10.1007/11426639_2 Google Scholar
  27. 27.
    Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)Google Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2017

Authors and Affiliations

  1. 1.Visual ComputingUniversity BayreuthBayreuthGermany

Personalised recommendations