DEPARTMENT OF COMPUTER SCIENCE

AND ENGINEERING

SELF STUDY ASSIGNMENT – 2

(JOURNAL PAPER READING)
20CS6102-CRYPTOGRAPHY AND NETWORK SECURITY
Name : KEERTHIVASAN S J
Register No. : 811722104074
Year / Sec : III / B

Marks Awarded:

Understanding Citations,
Critical Analysis Relevance and Total
and Summary of Formatting, and
and Evaluation Application
the Paper Presentation (20
(5 Marks) (5 Marks) Marks)
(5 Marks) (5 Marks)

BTL
Assignment Topic CO PO addressed
Level

CO3: A Comparative Analysis of SHA and MD5 PO6, PO7, PO8,

CO3 &
Algorithm PO9, PO10, PO11, BTL 4
CO4
CO4: PO12
 CO3: A Comparative Analysis of SHA and MD5 Algorithm

Introduction:

This paper focuses on analyzing two widely used cryptographic hash functions: MD5 (Message Digest
Algorithm 5) and SHA (Secure Hash Algorithm). Cryptography is the science of securing
communication and data, and hashing functions are integral to this field. Hashing is used to generate a
fixed-size output (hash) from variable-length input data, ensuring data integrity, message
authentication, and security over networks.

Hashing in Cryptography:

Hashing is a fundamental topic in cryptography. It refers to the process of transforming any given data
(a message or file) into a fixed-size string of characters, typically in a cryptographic format. Hash
functions like MD5 and SHA are designed to be fast, irreversible, and collision-resistant (i.e., it is
computationally infeasible to find two distinct inputs that produce the same output).

The paper explains how cryptographic hashing algorithms like MD5 and SHA are used to ensure data
integrity. This is particularly crucial for applications such as file transfers, where it is important to
verify that the received file has not been tampered with or corrupted.

MD5 Algorithm:

MD5 was developed by Ronald L. Rivest in 1991 at MIT. It generates a 128-bit hash value (32
hexadecimal characters) and is widely used in a variety of security applications. The algorithm operates
in the following steps:

1. Message Padding: The message is padded with a 1 followed by as many 0s as necessary to

make the total message length equal to 448 modulo 512. The original message length is then
appended as a 64-bit integer.
2. Message Block Division: The padded message is divided into 512-bit blocks.
3. Initialization of Variables: Four 32-bit variables (A, B, C, D) are initialized with fixed values.
4. Rounds and Operations: MD5 performs 4 rounds of operations on the message blocks using
logical functions like AND, OR, XOR, and NOT. Each round involves 16 steps with specific
constants and transformations.
5. Final Hash Output: After processing all blocks, the resulting values of A, B, C, and D are
combined to produce the final 128-bit hash.

Although MD5 is efficient and widely used, it has been found to be vulnerable to certain cryptographic
attacks, including collision vulnerabilities, where two different inputs can generate the same hash.

SHA Algorithm:

The Secure Hash Algorithm (SHA) family is a set of cryptographic hash functions developed by the
National Institute of Standards and Technology (NIST). The most common versions are SHA-1, SHA-
256, and SHA-512, each producing different output lengths. This paper focuses on the SHA-1
algorithm, which generates a 160-bit hash.

SHA works similarly to MD5 but differs in the following key aspects:

1. Message Padding and Length Appending: Like MD5, SHA also requires padding to make
the message length a multiple of 512 bits. Additionally, the original message length is
appended as a 64-bit integer.
2. Initialization of Variables: SHA uses five 32-bit variables (A, B, C, D, E) initialized with fixed
values.
3. Rounds and Operations: SHA performs 4 rounds of operations, with each round consisting of
20 steps. The operations involve non-linear logical functions and bitwise operations to
transform the input.
4. Final Hash Output: The output is a 160-bit hash value produced by combining the values of A,
B, C, D, and E.

SHA is more secure than MD5 due to its larger hash output and more complex operations. However,
SHA-1 has also been found vulnerable to attacks, leading to the adoption of SHA-256 and SHA-512 in
modern cryptographic applications.

Comparative Analysis of MD5 and SHA:

 Hash Length:
MD5 produces a 128-bit hash, while SHA generates a longer 160-bit hash. This makes SHA
more secure in terms of the complexity required for brute-force attacks.
 Speed:
MD5 is faster than SHA, especially on 32-bit machines, due to its simpler operations and fewer
rounds (4 rounds in MD5 vs. 4 rounds in SHA with 20 steps per round).
 Security:
MD5 is vulnerable to collision attacks, and several attacks have been demonstrated on its
hash output. In contrast, SHA-1, though more secure, is also susceptible to certain attacks. As
a result, modern applications typically avoid MD5 and SHA-1 in favor of SHA-256 or SHA-512.

Conclusion:

The analysis of MD5 and SHA algorithms reveals that while both have been foundational in the field of
cryptography, they have notable differences in terms of speed, security, and application. MD5 remains
popular due to its simplicity and fast processing, but its security flaws make it unsuitable for use in high-
security environments. On the other hand, SHA, especially its newer variants like SHA-256 and SHA-
512, provides a more secure alternative at the cost of performance.

CO4: Biometric Authentication

Introduction

Biometric authentication is gaining significant attention as a method of personal identification due to its
reliance on physiological or behavioral characteristics that are unique to each individual. Unlike
traditional systems such as passwords, PINs, or security tokens, biometrics offer an advanced and
potentially more secure method of confirming or determining an individual's identity. The paper explains
how biometric systems can be used to prevent unauthorized access to services and improve the
accuracy and reliability of identity verification.

Overview of Biometrics

The word "biometrics" originates from Greek words, meaning "life measurement." The paper explains
the use of biometrics not only in the field of security but also in biological studies. Authentication, as
defined in the paper, is the process of establishing or confirming the authenticity of a claim, particularly
for individuals. The evolution of biometric systems has been divided into three major periods:

Past

 The first known use of fingerprints for identification dates back to 14th century China.
Fingerprints were used by merchants to identify children.
 The Bertillonage system, developed in the late 19th century by Alphonse Bertillon, was a
precursor to modern biometrics, but it was eventually replaced by fingerprinting due to
accuracy issues.
 Early biometric research in the 20th century, led by figures like Karl Pearson, focused on
statistical methods and their applications to biometrics.

Present

 In the current age, biometric authentication is widely used in various sectors, though it remains
controversial due to privacy concerns. The development of biometric laws, regulations, and
standards is ongoing.
 Biometric traits are broadly categorized into physiological and behavioral:
o Physiological biometrics are related to the physical attributes of the individual (e.g.,
fingerprints, face recognition, hand geometry, iris recognition).
o Behavioral biometrics refer to traits based on the behavior of the individual (e.g.,
signature, keystroke dynamics, voice). Sometimes, voice is considered a physiological
trait as it can be unique to individuals.

Advantages of Biometric Authentication

The main advantage of biometric authentication lies in its ability to provide an unbreakable one-to-one
correspondence between an individual and their personal data. This makes it a reliable method for
personal identification in security-sensitive areas.

Usability and Comparison of Techniques

The paper also compares different biometric techniques, discussing their advantages and limitations. It
provides insights into how biometric authentication can enhance security, especially in preventing fraud
and identity theft.

Future Prospects

As technology advances, the use of biometrics is expected to grow, with a focus on making systems
more secure and efficient. However, challenges related to privacy concerns and technological
limitations remain. The future of biometric authentication is likely to include innovations that will make
the technology more widely applicable and more acceptable to the public.

Conclusion

The paper concludes by emphasizing the growing role of biometric systems in information security.
With advancements in biometric technologies, systems can provide more secure, reliable, and user-
friendly authentication methods. However, as these technologies evolve, ongoing considerations
regarding privacy and ethical concerns must be addressed to ensure their acceptance and
effectiveness in various domains.