Christopher Gates, Director of Product Security, Velentium03.28.23
Most people who are new to cryptographic operations mistakenly believe “encryption” is the most useful tool in the cryptographic toolbox. Nothing could be further from the truth.
Cryptographic encryption is a process of converting plaintext (ordinary text or data in any format) into unreadable text (ciphertext) to prevent unauthorized exposure of the original plaintext. The process of converting the ciphertext back into the original text is called decryption. In most cases of encryption, the integrity of the encrypted data is not ensured; that is the usual role for hashes. (I will address the topic of encryption in a future column.)
So what is the most useful cryptographic operation? Hashing.
CRC—A CRC is an error-detection algorithm that uses polynomial division to detect errors in data. The main purpose of a CRC is to detect errors in data transmission or storage (such as errors introduced by noise or interference in a communication channel) or data corruption during storage. CRCs produce a resultant hash value of a fixed specific bit width (typically 16 bits and 32 bits) no matter how large the original plaintext data set is. Typically, a CRC is a relatively fast algorithm; however, it is not considered secure against malicious attacks. A close cousin to a CRC is an error correction code, which is used to restore the plaintext contents if those contents have become adulterated. This would not be a secure outcome for the plaintext.
Checksum—A checksum is similar to a CRC in that it is a non-secure hash that converts a plaintext data set into a fixed-sized value (typically 8 bits and 16 bits). Checksums are not as effective at detecting errors as CRCs, as they may not catch multiple bits errors in the plaintext; it is possible for multiple bits errors to occur and yet still return a hash value that would indicate an unadulterated data set.
These non-cryptographic hashes have their uses, such as having two hashes (both non-cryptographic and cryptographic) of a data set, which can be particularly effective in detecting both malicious and naturally occurring errors in the plaintext.
Some of the attributes that make cryptographic hashes particularly useful are:
Uses include:
Integrity checking: Including the hash value with the plaintext (at the time of creation) to be confirmed (at the time of reading) to produce the same hash value as the original.
Proxies: Creating a “stand-in” value for the original plaintext, without exposing the plaintext. One of the most common uses of cryptographic hashes is in password storage. When a user creates a password, the password is passed through a non-keyed cryptographic hash function, which generates a unique hash. This hash is then stored in a database, instead of the original password. When the user attempts to log in, the system takes the entered password and runs it through the same cryptographic hash function. If the generated hash matches the stored hash, then the user is granted access. This process ensures even if an attacker gains access to the database—they will not be able to view the original passwords.
HMAC is a message authentication code (MAC) constructed using a cryptographic hash function and a secret key. The main purpose of HMAC is to provide message integrity and authenticity protection by ensuring the message has not been altered in transit and the message came from the sender who claims to have sent it.
CMAC is a variant of the MAC algorithm that is constructed using a block cipher (e.g., AES) instead of a hash function. Like HMAC, CMAC is used to provide message integrity and authenticity protection. A typical use would be leveraging a hardware-accelerated AES-128 engine in a microcontroller to create a CMAC engine for hashing.
The input to HMAC/CMAC is the plaintext and a cryptographic key value. The output can be a variety of bit widths including 128, 160, 256, and 512 bits depending on which is utilized and the desired operation.
Message authentication codes (MACs) are keyed hash functions that provide data integrity and message authentication. A MAC is generated by combining the input data with a secret key, and the receiver can verify the integrity of the data by recomputing the MAC using the same key and comparing it with the received MAC. While HMACs and CMACs perform similar operations, they are not compatible with each other.
Uses include:
Integrity checking: Including the hash value with the plaintext (at the time of creation) to be confirmed (at the time of reading) to produce the same hash value as the original. This assumes the cryptographic key is somehow conveyed to the reading process.
Attestation: Conferring the authenticity of the source of the original plaintext.
Authentication: Keyed hashes can be used in authentication methods such as challenge-response to provide secure and efficient authentication. Challenge-response authentication is a method in which Alice sends a random value to Bob and Bob must provide a valid response to authenticate to Alice. This response is a keyed hash value of the random value sent by Alice (preventing replay attacks). This response is then compared by Alice to a keyed hash value of the random value computed by Alice. If they match, it proves to Alice that Bob is also aware of the secret cryptographic key value they both share, without ever exposing the key in the communications between Alice and Bob. This is the typical challenge-response mechanism used in a point-to-point communication topology (such as Bluetooth Low Energy) where a trusted third party cannot be leveraged to authenticate the other party.
Symmetric cryptography uses the same key for both encryption and decryption. The key must be kept secret, as it can both encrypt and decrypt messages. Keyed hashes are a form of symmetric cryptography.
Asymmetric cryptography, also known as public-key cryptography, uses two different keys for encryption and decryption. One key is made public, while the other is kept private. When a message is encrypted with the public key, it can only be decrypted with the private key. Overall, this simplifies key management and allows for secure communication between two parties who have never met, as the public key can be freely shared, while the private key must be kept secret.
Symmetric cryptography is much faster and more efficient than asymmetric cryptography, but it requires both parties to have the same key, which can be a security risk. So how can the key management benefits be realized while using hashing? The answer is “digital signatures.”
Digital signatures are used to ensure the data integrity and authenticity of a document or message by including an unkeyed hash of the plaintext contents, along with asymmetric created ciphertext.
The recipient can then use the signer's public key to decrypt the ciphertext back into plaintext and then verify the unkeyed hash value to ensure the plaintext data has not been tampered with. Using this approach, you have the key management advantages of asymmetric cryptography, yet maintain integrity checking due to the symmetric hash.
The next issue will be a less technical article as we review the latest FDA guidance document on cybersecurity and what it means for your medical device development efforts.
Christopher Gates is the director of Product Security at Velentium. He has more than 50 years of experience developing and securing medical devices and works with numerous industry-leading device manufacturers. He frequently collaborates with regulatory and standard bodies, including the CSIA, Health Sector Coordinating Council, H-ISAC, Bluetooth SIG, and FDA to present, define, and codify tools, techniques, and processes that enable the creation of secure medical devices. Gates promotes the use of a “secure development lifecycle,” the industry-leading approach that ultimately eases the burden on developers and ensures high-quality products that work as intended to save and improve lives.
Cryptographic encryption is a process of converting plaintext (ordinary text or data in any format) into unreadable text (ciphertext) to prevent unauthorized exposure of the original plaintext. The process of converting the ciphertext back into the original text is called decryption. In most cases of encryption, the integrity of the encrypted data is not ensured; that is the usual role for hashes. (I will address the topic of encryption in a future column.)
So what is the most useful cryptographic operation? Hashing.
Non-Cryptographic Hashes
Hashes can be used to ensure the integrity of data, but not all hashes are cryptographic. CRCs (cyclic redundancy checks) and checksums are not cryptographic.CRC—A CRC is an error-detection algorithm that uses polynomial division to detect errors in data. The main purpose of a CRC is to detect errors in data transmission or storage (such as errors introduced by noise or interference in a communication channel) or data corruption during storage. CRCs produce a resultant hash value of a fixed specific bit width (typically 16 bits and 32 bits) no matter how large the original plaintext data set is. Typically, a CRC is a relatively fast algorithm; however, it is not considered secure against malicious attacks. A close cousin to a CRC is an error correction code, which is used to restore the plaintext contents if those contents have become adulterated. This would not be a secure outcome for the plaintext.
Checksum—A checksum is similar to a CRC in that it is a non-secure hash that converts a plaintext data set into a fixed-sized value (typically 8 bits and 16 bits). Checksums are not as effective at detecting errors as CRCs, as they may not catch multiple bits errors in the plaintext; it is possible for multiple bits errors to occur and yet still return a hash value that would indicate an unadulterated data set.
These non-cryptographic hashes have their uses, such as having two hashes (both non-cryptographic and cryptographic) of a data set, which can be particularly effective in detecting both malicious and naturally occurring errors in the plaintext.
Some of the attributes that make cryptographic hashes particularly useful are:
- Non-reversibility (or a “one-way function”): A good hash should make it very hard to reconstruct the original plaintext from the hash value.
- Avalanche effect: A change in just one bit of the plaintext should result in a change to half the bits of its hash value. In other words, when the plaintext is changed slightly, the output of the hash should change significantly and unpredictably.
- Determinism: A given “input set” must always generate the same hash value.
- Collision resistance: It should be hard to find two different sets of plaintext that create the same hash value.
- Non-predictable: The hash value should not be predictable from the plaintext.
Non-Keyed Hashes
Non-keyed hashes include BLAKE, MD5, Whirlpool, SHA-1, and SHA-256. For almost all uses of non-keyed hashes, the default selection would be the SHA-256 (secure hash algorithm) hash. The input to the SHA-256 hash operation is the plaintext and the output will typically be a 256-bit (or 32-byte) hash value. The most common variants of SHA are SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512, which produce hash outputs of 160, 224, 256, 384, and 512 bits, respectively.Uses include:
Integrity checking: Including the hash value with the plaintext (at the time of creation) to be confirmed (at the time of reading) to produce the same hash value as the original.
Proxies: Creating a “stand-in” value for the original plaintext, without exposing the plaintext. One of the most common uses of cryptographic hashes is in password storage. When a user creates a password, the password is passed through a non-keyed cryptographic hash function, which generates a unique hash. This hash is then stored in a database, instead of the original password. When the user attempts to log in, the system takes the entered password and runs it through the same cryptographic hash function. If the generated hash matches the stored hash, then the user is granted access. This process ensures even if an attacker gains access to the database—they will not be able to view the original passwords.
Keyed Hashes
Keyed hashes include BLAKE2, Ploy1395-AES, MD6, HMAC, and CMAC. For almost all uses of keyed hashes, the default selection would be either HMAC (hashed message authentication code) or CMAC (cipher message authentication code) hashes.HMAC is a message authentication code (MAC) constructed using a cryptographic hash function and a secret key. The main purpose of HMAC is to provide message integrity and authenticity protection by ensuring the message has not been altered in transit and the message came from the sender who claims to have sent it.
CMAC is a variant of the MAC algorithm that is constructed using a block cipher (e.g., AES) instead of a hash function. Like HMAC, CMAC is used to provide message integrity and authenticity protection. A typical use would be leveraging a hardware-accelerated AES-128 engine in a microcontroller to create a CMAC engine for hashing.
The input to HMAC/CMAC is the plaintext and a cryptographic key value. The output can be a variety of bit widths including 128, 160, 256, and 512 bits depending on which is utilized and the desired operation.
Message authentication codes (MACs) are keyed hash functions that provide data integrity and message authentication. A MAC is generated by combining the input data with a secret key, and the receiver can verify the integrity of the data by recomputing the MAC using the same key and comparing it with the received MAC. While HMACs and CMACs perform similar operations, they are not compatible with each other.
Uses include:
Integrity checking: Including the hash value with the plaintext (at the time of creation) to be confirmed (at the time of reading) to produce the same hash value as the original. This assumes the cryptographic key is somehow conveyed to the reading process.
Attestation: Conferring the authenticity of the source of the original plaintext.
Authentication: Keyed hashes can be used in authentication methods such as challenge-response to provide secure and efficient authentication. Challenge-response authentication is a method in which Alice sends a random value to Bob and Bob must provide a valid response to authenticate to Alice. This response is a keyed hash value of the random value sent by Alice (preventing replay attacks). This response is then compared by Alice to a keyed hash value of the random value computed by Alice. If they match, it proves to Alice that Bob is also aware of the secret cryptographic key value they both share, without ever exposing the key in the communications between Alice and Bob. This is the typical challenge-response mechanism used in a point-to-point communication topology (such as Bluetooth Low Energy) where a trusted third party cannot be leveraged to authenticate the other party.
Digital Signatures
So, to discuss “digital signing,” we are going to have to make a small trip into encryption. Symmetric cryptography and asymmetric cryptography are the two main branches of cryptography. The main difference between them lies in the way they use keys to encrypt and decrypt messages.Symmetric cryptography uses the same key for both encryption and decryption. The key must be kept secret, as it can both encrypt and decrypt messages. Keyed hashes are a form of symmetric cryptography.
Asymmetric cryptography, also known as public-key cryptography, uses two different keys for encryption and decryption. One key is made public, while the other is kept private. When a message is encrypted with the public key, it can only be decrypted with the private key. Overall, this simplifies key management and allows for secure communication between two parties who have never met, as the public key can be freely shared, while the private key must be kept secret.
Symmetric cryptography is much faster and more efficient than asymmetric cryptography, but it requires both parties to have the same key, which can be a security risk. So how can the key management benefits be realized while using hashing? The answer is “digital signatures.”
Digital signatures are used to ensure the data integrity and authenticity of a document or message by including an unkeyed hash of the plaintext contents, along with asymmetric created ciphertext.
The recipient can then use the signer's public key to decrypt the ciphertext back into plaintext and then verify the unkeyed hash value to ensure the plaintext data has not been tampered with. Using this approach, you have the key management advantages of asymmetric cryptography, yet maintain integrity checking due to the symmetric hash.
Conclusion
Cryptographic hashes are an extremely versatile tool in cybersecurity. They are used to ensure the integrity and authenticity of data, authentication, passwords, digital signatures, data streams, and files. Until we reach a post-quantum computing world, cryptographic hashes will continue to play a vital role in protecting our systems.The next issue will be a less technical article as we review the latest FDA guidance document on cybersecurity and what it means for your medical device development efforts.
Christopher Gates is the director of Product Security at Velentium. He has more than 50 years of experience developing and securing medical devices and works with numerous industry-leading device manufacturers. He frequently collaborates with regulatory and standard bodies, including the CSIA, Health Sector Coordinating Council, H-ISAC, Bluetooth SIG, and FDA to present, define, and codify tools, techniques, and processes that enable the creation of secure medical devices. Gates promotes the use of a “secure development lifecycle,” the industry-leading approach that ultimately eases the burden on developers and ensures high-quality products that work as intended to save and improve lives.