SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
“We have broken SHA-1 in practice,” and “SHAttered attack” can be used to compromise anything that relies on SHA-1, says a group of researchers from the CWI Research centres in Amsterdam and Google. The information available on https://shattered.io/ also enables users to upload files & verify if the files have been designed to execute a crypt analytic collision attack against SHA-1.
The hash functions play an important role to verify the integrity of electronic data at any stage from the stage of acquisition to the presentation and till the disposal of the case in the court. In fact, it plays a vital role in computer forensics to authenticate the veracity of the outcome of the investigation. In proving the integrity of digital evidence, the hashing of the electronic evidence is done at three stages, pre acquisition, post acquisition and post forensics and consistency of hash value at these three stages establish not only integrity of evidence but also sanctity of the forensic examination process. The moment two different message inputs produce the same hash, the so-called collision can open the door to challenges the integrity of evidence that can be disastrous in deciding the authenticity of the electronic evidence in the court of law and also for security of banking transactions, software downloads, and website communications which relies on hash value for integrity.
A collision occurs when the two different files or messages produce the same cryptographic hash. The chances of collisions for SHA1 have made it unsecure to use for computer forensics, digital signatures, file integrity, and file identification purposes. Even though the probabilities of collision may be less, but the trust and assurance in the process diminishes and particularly, in legal domain, even a little less reliability may take away the evidentiary value of the process and electronic evidence.
The most well-known collision occurred in 2010 against the MD5 hash algorithm in malware known as Flame which was used to hijack the Windows Update Mechanism. By forging the hash value and digital signature used to cryptographically prove the authenticity of Microsoft Servers, Flame was able to spread from one infected computer to another inside targeted networks. The source code for performing the collision attack for SHA-1 will be published in 90 days as per Google’s security disclosure policy and therefore all the services that rely on SHA1 have three months to switch to other standards i.e. SHA-256 or SHA-512.
The hashing mechanisms which are part of computer forensic software tools need to shift to SHA 2 as MD5 & SHA -1 both are vulnerable to collision attack. In 2006, National Institute of Standard & Technology, USA, a pioneer institution, has recommended to stop using SHA-1 and switch to SHA-2. Surprisingly, in India, still Forensic Science Laboratories are using SHA-1 in their forensic analysis. There is immediate need to change these tools and equipments which still relies on SHA-1. The issue is why the forensic science laboratories in India were buying such tools which still relies MD5 & SHA-1 and matter need to be investigated as now investment of hundred of crores in these forensic labs have become outdated and need to be replaced.
The source code for collision may create a challenge as a person can manipulate the data and generate the same hash value and thus posing the risk of authenticity and reliability of existing data. Can collisions be engineered, have they been engineered, yes. There are programs available to generate two streams of data that will create a collision (for md5/sha-1) though these programs only work on small data streams. Prosecution agencies like CBI, ED, NIA etc are filing the audio/video clips of the intercepted recording by computing either the MD5/SHA-1 hash value and with the publication of the code for collision for these hashing algorithm; the duplicate files with the same hash value can be created which may pose challenge to the veracity of the evidence being filed. This would reduce the veracity of the investigation agencies claims as to the integrity of these audio or video files as the hash value generated by MD5/SHA-1 no more remains unique and as such the court may not rely these hash value to arrive at a conclusion regarding the genuineness, veracity or reliability of the data. It may not pose a challenge to the admissibility of the data under section 62 or 65B of the evidence act but it would certainly impact the probative value or the weight which could be assigned to such evidence by the trial courts.
In Europe & US, various Courts have held that just because it is remotely feasible to have hash collisions and the files could have been changed but required that the defence needs something other than a mere possibility to fabricate the evidence file, However, the same may not be applicable in Indian environment where prosecution agencies does not supply the mirror image or equal opportunity/access of electronic evidence to the accused as done in other countries. In such a situation, the defence is completely handicapped and cannot bring any such material to counter the prosecution even by preponderance of probabilities however, it can always show that the act of the prosecution agency in suppressing the original media or not providing the mirror image has prejudiced the right to the accused to defend him. This creates a big challenge to the electronic data being filed in the court particularly as in most of the cases, the prosecution agencies like CBI, are not computing pre-acquisition hash but relying on post acquisition hash using MD5 or SHA-1 in courts.
In context with digital forensic, If now onwards a forensic expert uses SHA-1 hashing algorithm for verification of integrity of the data, whether such expert would be able to give any satisfactory answer to the court why SHA-1 is being used particularly once it is proved that the SHA-1 algorithm is subject to collision and data can be fabricated. The defence may show to the court that two files with different data can have same hash value and thus creates doubt into the process adopted by the prosecution agency and prosecution may not able to give satisfactory reply to it. What if the IO or forensic expert witness not able to explain or convince the court how exactly the SHA-1 collusion is going to effect the evidence. Though some of the equipments/tools use MD5 & SHA-1 together and which makes it stronger as compared to the individual hashes but still justifying it would not be easy as to why such algorithms are being used at all particularly knowing that these can be compromised.
Technology is changing so fast as it is becoming difficult for the investigation agencies and courts to apply the old law to continuously changing technology. The new technology Solid State Drives has already made the hashing concept as obsolete and present SHA-1 ordeal, cloud computing, encryption etc. would continue to be awful for recovery, authenticity & reliability of electronic evidence.