SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases

Mar 5
16:04

2017

Neeraj Aarora

Neeraj Aarora

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

SHA-1 Official Dead: Authenticity Challenge in Electronic Evidence Cases

mediaimage

"We have broken SHA-1 in practice," and "SHAttered attack" can be used to compromise anything that relies on SHA-1,SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases Articles says a group of researchers from the CWI Research centres in Amsterdam and Google. The hash functions play a vital role in proving the integrity of electronic evidence as hashing of the electronic evidence is done at three stages, pre acquisition, post acquisition and post forensics and consistency  of hash values at these three stages establish not only integrity of evidence but also sanctity of the forensic examination process. The moment two different message inputs produce the same hash, the so-called collision can open the door to challenges the integrity of evidence.

A collision occurs when the two different files or messages produce the same cryptographic hash.  . The most well-known collision occurred in 2010 against the MD5 hash algorithm in malware known as Flame which was used to hijack the Windows Update Mechanism. . Prosecution agencies like CBI, ED, NIA etc are filing the audio/video clips of the intercepted recording by computing either the MD5/SHA-1 hash value which would reduce the veracity of the investigation agencies claims as to the integrity of these audio or    video files as the hash value generated by MD5/SHA-1 no more remains unique. It may not pose a challenge to the admissibility of the data under section 62 or 65B of the evidence act but it would certainly impact the probative value or the weight which could be assigned to such evidence by the trial courts.

In context with digital forensic, If now onwards a forensic expert uses SHA -1 hashing algorithm for verification of integrity of the data, whether such expert would be able to give any satisfactory answer to the court why SHA-1 is being used particularly once it is proved that the SHA-1 algorithm is subject to collision and data can be fabricated. The new technology Solid State Drives has already made the hashing concept as obsolete and present SHA-1 ordeal, cloud computing, encryption etc. would continue to be problematic for recovery, authenticity & reliability of electronic evidence.

 

Read Full Article at – http://www.neerajaarora.com/sha-1-official-dead/

 

Neeraj Aarora

CISSP, CISA, CFCE, FCMA, CFE