Direct visualization of cryptographic keys for enhanced security

Abstract

PGP public keys are relatively small binary data. Their hashes are used and also visualized for comparison and validation purposes. We pursue a direct, but previously unused approach. We produce colorful images of public keys and other binary data by generating drawing primitives from binary input. Optionally, we also include the hashes in the visualization. The visualization of raw data together with its hash provides a further security benefit. With it we can visually detect hash collisions. The primary focus of this paper is a direct visualization of public keys. We tune the transparency heuristics for better results. Our method visually detects key spoofing on real SHA1 collision data.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Notes

  1. 1.

    SHA1 collision files were obtained from http://shattered.it/.

References

  1. 1.

    Awni, J.: Cryptographic key visualization (2017). US Patent App. 14/837,652. Publication # US20170061199 A1

  2. 2.

    BSD General Commands Manual: Manual page for ssh—OpenSSH SSH client (2017)

  3. 3.

    Cervesato, I., Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: Proceedings of the \(12^{{\rm th}}\) IEEE Computer Security Foundations Workshop, pp. 55–69 (1999). https://doi.org/10.1109/CSFW.1999.779762

  4. 4.

    Cheng, Y.M., Wang, C.M.: A high-capacity steganographic approach for 3D polygonal meshes. Vis. Comput. 22(9), 845–855 (2006). https://doi.org/10.1007/s00371-006-0069-4

    Article  Google Scholar 

  5. 5.

    Cheng, Y.M., Wang, C.M.: An adaptive steganographic algorithm for 3D polygonal meshes. Vis. Comput. 23(9), 721–732 (2007). https://doi.org/10.1007/s00371-007-0147-2

    Article  Google Scholar 

  6. 6.

    Conti, G., Grizzard, J., Ahamad, M., Owen, H.: Visual exploration of malicious network objects using semantic zoom, interactive encoding and dynamic queries. In: IEEE Workshop on Visualization for Computer Security, VizSEC ’05, pp. 83–90 (2005). https://doi.org/10.1109/VIZSEC.2005.1532069

  7. 7.

    Cox, I., Miller, M., Bloom, J., Fridrich, J., Kalker, T.: Digital Watermarking and Steganography. Morgan Kaufmann, Los Altos (2007)

    Google Scholar 

  8. 8.

    Dhamija, R., Perrig, A.: Déjà vu: a user study. Using images for authentication. In: USENIX Security Symposium, vol. 9, p. 4 (2000)

  9. 9.

    Federal information processing standards: secure hash standard (SHS). Technical Report FIPS PUB 180-4, Information Technology Laboratory, National Institute of Standards and Technology (2015). https://doi.org/10.6028/NIST.FIPS.180-4

  10. 10.

    GNU Privacy Guard: Manual page for gpg2—OpenPGP encryption and signing tool (2016)

  11. 11.

    Hou, Y.C.: Visual cryptography for color images. Pattern Recognit. 36(7), 1619–1629 (2003). https://doi.org/10.1016/S0031-3203(02)00258-3

    Article  Google Scholar 

  12. 12.

    Liang, J., Lai, X.J.: Improved collision attack on hash function MD5. J. Comput. Sci. Technol. 22(1), 79–87 (2007). https://doi.org/10.1007/s11390-007-9010-1

    MathSciNet  Article  Google Scholar 

  13. 13.

    Naor, M., Shamir, A.: Visual cryptography. EUROCRYPT ’94. Springer, pp. 1–12 (1995). https://doi.org/10.1007/BFb0053419

    Google Scholar 

  14. 14.

    Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In: Proceedings of the \(8^{{\rm th}}\) International Symposium on Visualization for Cyber Security, VizSec ’11, pp. 4:1–4:7. ACM (2011). https://doi.org/10.1145/2016904.2016908

  15. 15.

    Oliva, A., Torralba, A.: Modeling the shape of the scene: a holistic representation of the spatial envelope. Int. J. Comput. Vis. 42(3), 145–175 (2001). https://doi.org/10.1023/A:1011139631724

    Article  MATH  Google Scholar 

  16. 16.

    OpenSSL: Manual page for openssl—OpenSSL command line tool (2016)

  17. 17.

    Perrig, A., Song, D.: Hash visualization: a new technique to improve real-world security. In: International Workshop on Cryptographic Techniques and E-Commerce, CrypTEC ’99, pp. 131–138 (1999)

  18. 18.

    Rescorla, E.: HTTP over TLS (2000). Request for Comments: 2818

  19. 19.

    Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley, New York (2007)

    Google Scholar 

  20. 20.

    Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. http://shattered.it/static/shattered.pdf

  21. 21.

    Stevens, M.: Counter-cryptanalysis, pp. 129–146. CRYPTO ’13. Springer (2013). https://doi.org/10.1007/978-3-642-40041-4_8

    Google Scholar 

  22. 22.

    Subhedar, M.S., Mankar, V.H.: Current status and key issues in image steganography: a survey. Comput. Sci. Rev. 13, 95–113 (2014). https://doi.org/10.1016/j.cosrev.2014.09.001

    Article  MATH  Google Scholar 

  23. 23.

    Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: \(21^{{\rm st}}\) Annual Computer Security Applications Conference, ACSAC ’05. IEEE (2005). https://doi.org/10.1109/CSAC.2005.27

  24. 24.

    Teoh, S.T., Jankun-Kelly, T., Ma, K.L., Wu, S.F.: Visual data analysis for detecting flaws and intruders in computer network systems. IEEE/ACM Trans. Netw. 6(5), 515–528 (1998)

    Article  Google Scholar 

  25. 25.

    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1, pp. 17–36. CRYPTO ’05. Springer (2005). https://doi.org/10.1007/11535218_2

    Google Scholar 

  26. 26.

    Wang, X., Yu, H.: How to break MD5 and other hash functions, pp. 19–35. EUROCRYPT ’05. Springer (2005). https://doi.org/10.1007/11426639_2

    Google Scholar 

  27. 27.

    Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)

    Google Scholar 

Download references

Acknowledgements

The author thanks Dr. Andreas Kokott for the discussion of possible online banking improvements with the presented visualization.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Oleg Lobachev.

Additional information

Supplementary material

Supplementary material showing more visualizations is available in the Zenodo repository under https://doi.org/10.5281/zenodo.817656.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Lobachev, O. Direct visualization of cryptographic keys for enhanced security. Vis Comput 34, 1749–1759 (2018). https://doi.org/10.1007/s00371-017-1466-6

Download citation

Keywords

  • Visualization
  • Cryptography
  • Public key
  • Hash
  • Collision
  • PGP
  • SHA1
  • SHA2