Information Security

ArfanShahzad.com
Course Outline

ArfanShahzad.com
 Hashing

• Hashing is a cryptographic techniques used in information security to

ensure data integrity, authenticity, and non-repudiation.

• Hashing is a process of taking input data and generating a fixed-size string

of characters, known as a hash value or digest.

• The hash function takes the input data and applies a mathematical
algorithm to produce the hash value, which is unique to the input data.

ArfanShahzad.com
 Hashing cont…

• Hash functions are designed to be one-way, meaning it is

computationally infeasible to derive the original input data from the
hash value.

• Hashing is commonly used for various purposes, such as password

storage, data integrity, verification, and digital forensics.

ArfanShahzad.com
 Hashing cont…

• It allows for quick and efficient comparison of data without

revealing the original content.

• Key characteristics of hashing include:

ArfanShahzad.com
 Hashing cont…

• 1- One-Way Function: Hash functions are designed to be one-way,

meaning it is computationally infeasible to reverse-engineer the
original input data from the hash value.

• Given the same input, the hash function will always produce the same
hash value.

ArfanShahzad.com
 Hashing cont…

• 2- Fixed Output Size: Hash functions generate a fixed-length hash

value, regardless of the size of the input data.

• For example, the SHA-256 hash function produces a 256-bit (32-byte)

hash value.

ArfanShahzad.com
 Hashing cont…

• 4- Collision Resistance: A good hash function should have a low

probability of producing the same hash value for different input
data.

• This property is known as collision resistance and ensures that it is

highly unlikely (uncommon) for two different inputs to produce the
same hash value.

ArfanShahzad.com
 Hashing cont…

• 5- Wide Range of Applications: Hashing has numerous applications/

usage in information security.

• Some common uses include password storage (storing hashed

passwords instead of plaintext), data integrity checking, digital
signatures, checksums, and data fingerprinting.

ArfanShahzad.com
 Hashing cont…

• Popular hash functions include MD5 (Message Digest 5), SHA-1

(Secure Hash Algorithm 1), and SHA-256 (Secure Hash Algorithm 256-
bit).

• However, it's important to note that older hash functions like MD5
and SHA-1 are considered weak and are not recommended for
security-critical applications due to known vulnerabilities.

ArfanShahzad.com
 Hashing cont…

• Popular hash functions include MD5 (Message Digest 5), SHA-1

(Secure Hash Algorithm 1), and SHA-256 (Secure Hash Algorithm 256-
bit).

• However, it's important to note that older hash functions like MD5
and SHA-1 are considered weak and are not recommended for
security-critical applications due to known vulnerabilities.

ArfanShahzad.com
 Hashing cont…

• There are several powerful hashing algorithms used in information

security to ensure the integrity and security of data.

• Here are some notable examples:

ArfanShahzad.com
 Hashing cont…

• SHA-256 (Secure Hash Algorithm 256-bit): It is a widely used

cryptographic hash function that belongs to the SHA-2 family (SHA-
224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256).

• It generates a 256-bit hash value and is known for its resistance to

cryptographic attacks.

ArfanShahzad.com
 Hashing cont…

• SHA-512: SHA-512 is considered the strongest hashing algorithm in

terms of its cryptographic strength and resistance to brute-force
attacks, also belongs to SHA-2 family.

• It generates a 512-bit hash value, which provides a larger output size

compared to other algorithms in the SHA-2 family.

ArfanShahzad.com
 Hashing cont…

• SHA-3 (Secure Hash Algorithm 3): It is the latest member of the

Secure Hash Algorithm family.

• It includes hash functions such as SHA-3-224, SHA-3-256, SHA-3-384,

and SHA-3-512.

• SHA-3 algorithms are designed to provide better resistance against

cryptanalytic attacks.

ArfanShahzad.com
 Hashing cont…

• Argon2: It is a memory-hard hashing algorithm that won the

Password Hashing Competition in 2015.

• It is designed to be resistant against GPU-based attacks and offers

strong security for password hashing applications.

ArfanShahzad.com
 Digital Signatures

• Digital signatures are cryptographic mechanisms used to provide

authenticity, integrity, and non-repudiation of digital documents or
messages.

• They ensure that the sender of the message is verified, and any
alterations to the message can be detected.

• Here are some key points about digital signatures:

ArfanShahzad.com
 Digital Signatures cont...

• 1- Authentication: Digital signatures verify the identity of the sender

or signer of a digital document.

• They use public key cryptography to associate a unique digital

signature with the signer's identity.

• The recipient can use the corresponding public key to verify the
signature and confirm the authenticity of the sender.

ArfanShahzad.com
 Digital Signatures cont...

• 2- Integrity: Digital signatures ensure the integrity of the digital document

by detecting any modifications or tampering.

• The signature is calculated based on the content of the document, and

even a small change in the document will result in a different signature.

• This allows the recipient to verify that the document has not been altered
since it was signed.

ArfanShahzad.com
 Digital Signatures cont...

• 3- Non-Repudiation: Digital signatures provide non-repudiation,

meaning the signer (sender) cannot deny their involvement in signing
the document.

• The recipient (receiver) can prove the authenticity of the signature

and the document, preventing the signer from later claiming that
they did not sign it.

ArfanShahzad.com
 Digital Signatures cont...

• 4- Public Key Infrastructure (PKI): Digital signatures often rely on a

public key infrastructure, where a trusted third party, known as a
Certificate Authority (CA), issues digital certificates that bind a
person's identity to their public key.

• This enables the recipient to verify the authenticity of the signer's

public key and establish trust in the digital signature.

ArfanShahzad.com
 Digital Signatures cont...

• 5- Application in Document Signing and Authentication: Digital

signatures have various applications, including secure document
signing, authentication in online transactions, secure email
communication, and software distribution.

• They provide a means to establish trust and ensure the integrity of

digital information.

ArfanShahzad.com
 Digital Signatures cont...

• To create a digital signature, the sender uses their private key to

encrypt a hash value of the document.

• The recipient can then use the sender's public key to decrypt the
signature and compare it with a computed hash value of the received
document.

• If the two values match, the signature is considered valid.

ArfanShahzad.com
 Digital Signatures cont...

• Here are some of the top secure digital signature algorithms:

• RSA (Rivest-Shamir-Adleman): RSA is a widely used and well-

established algorithm for digital signatures.

• It offers strong security based on the difficulty of factoring large

numbers.

ArfanShahzad.com
 Digital Signatures cont...

• ECDSA (Elliptic Curve Digital Signature Algorithm): ECDSA is a widely

adopted digital signature algorithm that uses elliptic curve
cryptography.

• It offers strong security with shorter key lengths, making it efficient

for resource-constrained environments.

ArfanShahzad.com
 Digital Signatures cont...

• EdDSA (Edwards-curve Digital Signature Algorithm): EdDSA is a

modern digital signature algorithm that provides strong security and
efficient signing and verification processes.

• It is based on elliptic curve cryptography and is gaining popularity in

various applications.

ArfanShahzad.com
 Digital Signatures cont...

• Schnorr Signature: Schnorr Signature is a secure digital signature

algorithm known for its simplicity and efficiency.

• It offers strong security and has advantages in terms of key

aggregation and multisignature schemes.

ArfanShahzad.com
 Digital Signatures cont...

• DSA (Digital Signature Algorithm): DSA is a widely used digital

signature algorithm, particularly in the context of the Digital Signature
Standard (DSS).

• It provides strong security when implemented correctly.

ArfanShahzad.com
 Digital Signatures cont...

• Digital Signatures play a crucial role in ensuring the integrity and

authenticity of digital documents, providing a reliable mechanism for
verifying the identity of the sender and detecting any modifications to
the content.

ArfanShahzad.com