Abstract
PGP public keys are relatively small binary data. Their hashes are used and also visualized for comparison and validation purposes. We pursue a direct, but previously unused approach. We produce colorful images of public keys and other binary data by generating drawing primitives from binary input. Optionally, we also include the hashes in the visualization. The visualization of raw data together with its hash provides a further security benefit. With it we can visually detect hash collisions. The primary focus of this paper is a direct visualization of public keys. We tune the transparency heuristics for better results. Our method visually detects key spoofing on real SHA1 collision data.
This is a preview of subscription content, access via your institution.
Notes
- 1.
SHA1 collision files were obtained from http://shattered.it/.
References
- 1.
Awni, J.: Cryptographic key visualization (2017). US Patent App. 14/837,652. Publication # US20170061199 A1
- 2.
BSD General Commands Manual: Manual page for ssh—OpenSSH SSH client (2017)
- 3.
Cervesato, I., Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: Proceedings of the \(12^{{\rm th}}\) IEEE Computer Security Foundations Workshop, pp. 55–69 (1999). https://doi.org/10.1109/CSFW.1999.779762
- 4.
Cheng, Y.M., Wang, C.M.: A high-capacity steganographic approach for 3D polygonal meshes. Vis. Comput. 22(9), 845–855 (2006). https://doi.org/10.1007/s00371-006-0069-4
- 5.
Cheng, Y.M., Wang, C.M.: An adaptive steganographic algorithm for 3D polygonal meshes. Vis. Comput. 23(9), 721–732 (2007). https://doi.org/10.1007/s00371-007-0147-2
- 6.
Conti, G., Grizzard, J., Ahamad, M., Owen, H.: Visual exploration of malicious network objects using semantic zoom, interactive encoding and dynamic queries. In: IEEE Workshop on Visualization for Computer Security, VizSEC ’05, pp. 83–90 (2005). https://doi.org/10.1109/VIZSEC.2005.1532069
- 7.
Cox, I., Miller, M., Bloom, J., Fridrich, J., Kalker, T.: Digital Watermarking and Steganography. Morgan Kaufmann, Los Altos (2007)
- 8.
Dhamija, R., Perrig, A.: Déjà vu: a user study. Using images for authentication. In: USENIX Security Symposium, vol. 9, p. 4 (2000)
- 9.
Federal information processing standards: secure hash standard (SHS). Technical Report FIPS PUB 180-4, Information Technology Laboratory, National Institute of Standards and Technology (2015). https://doi.org/10.6028/NIST.FIPS.180-4
- 10.
GNU Privacy Guard: Manual page for gpg2—OpenPGP encryption and signing tool (2016)
- 11.
Hou, Y.C.: Visual cryptography for color images. Pattern Recognit. 36(7), 1619–1629 (2003). https://doi.org/10.1016/S0031-3203(02)00258-3
- 12.
Liang, J., Lai, X.J.: Improved collision attack on hash function MD5. J. Comput. Sci. Technol. 22(1), 79–87 (2007). https://doi.org/10.1007/s11390-007-9010-1
- 13.
Naor, M., Shamir, A.: Visual cryptography. EUROCRYPT ’94. Springer, pp. 1–12 (1995). https://doi.org/10.1007/BFb0053419
- 14.
Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In: Proceedings of the \(8^{{\rm th}}\) International Symposium on Visualization for Cyber Security, VizSec ’11, pp. 4:1–4:7. ACM (2011). https://doi.org/10.1145/2016904.2016908
- 15.
Oliva, A., Torralba, A.: Modeling the shape of the scene: a holistic representation of the spatial envelope. Int. J. Comput. Vis. 42(3), 145–175 (2001). https://doi.org/10.1023/A:1011139631724
- 16.
OpenSSL: Manual page for openssl—OpenSSL command line tool (2016)
- 17.
Perrig, A., Song, D.: Hash visualization: a new technique to improve real-world security. In: International Workshop on Cryptographic Techniques and E-Commerce, CrypTEC ’99, pp. 131–138 (1999)
- 18.
Rescorla, E.: HTTP over TLS (2000). Request for Comments: 2818
- 19.
Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley, New York (2007)
- 20.
Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. http://shattered.it/static/shattered.pdf
- 21.
Stevens, M.: Counter-cryptanalysis, pp. 129–146. CRYPTO ’13. Springer (2013). https://doi.org/10.1007/978-3-642-40041-4_8
- 22.
Subhedar, M.S., Mankar, V.H.: Current status and key issues in image steganography: a survey. Comput. Sci. Rev. 13, 95–113 (2014). https://doi.org/10.1016/j.cosrev.2014.09.001
- 23.
Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: \(21^{{\rm st}}\) Annual Computer Security Applications Conference, ACSAC ’05. IEEE (2005). https://doi.org/10.1109/CSAC.2005.27
- 24.
Teoh, S.T., Jankun-Kelly, T., Ma, K.L., Wu, S.F.: Visual data analysis for detecting flaws and intruders in computer network systems. IEEE/ACM Trans. Netw. 6(5), 515–528 (1998)
- 25.
Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1, pp. 17–36. CRYPTO ’05. Springer (2005). https://doi.org/10.1007/11535218_2
- 26.
Wang, X., Yu, H.: How to break MD5 and other hash functions, pp. 19–35. EUROCRYPT ’05. Springer (2005). https://doi.org/10.1007/11426639_2
- 27.
Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)
Acknowledgements
The author thanks Dr. Andreas Kokott for the discussion of possible online banking improvements with the presented visualization.
Author information
Affiliations
Corresponding author
Additional information
Supplementary material
Supplementary material showing more visualizations is available in the Zenodo repository under https://doi.org/10.5281/zenodo.817656.
Rights and permissions
About this article
Cite this article
Lobachev, O. Direct visualization of cryptographic keys for enhanced security. Vis Comput 34, 1749–1759 (2018). https://doi.org/10.1007/s00371-017-1466-6
Published:
Issue Date:
Keywords
- Visualization
- Cryptography
- Public key
- Hash
- Collision
- PGP
- SHA1
- SHA2