Introduction:
Cryptography is a method of protecting knowledge and communication by the use of codes so that it can be read and accessed only by those for whom the information is intended.
Cryptography refers to safe knowledge and communication techniques in computer science, derived from mathematical principles and a set of rule-based formulas called algorithms, to transform messages into forms that are hard to crack. For cryptographic key generation, digital signature, authentication to protect data privacy, internet browsing, and sensitive communications such as e-mail and credit card transactions, these deterministic algorithms are used.
Three ways to achieve authenticity are available:
- Encryption of messages
- Message code authentication
- Function hash
In this article, we will solely focus on the cryptographic hash function, its importance, and the legal perspective.
Meaning of Cryptographic Hash Function
Cryptographic Hash Function (CHF) is similar to Message Authentication Code (MAC) but unlike MAC key is not used for the process of authentication in Hash Function.
Hash functions are extremely useful and exist in almost all applications for information security. A hash function is a mathematical function that transforms another compressed numeric value to a numeric input value. The input is an arbitrary length for the hash function, but the output is always a fixed length. The values that a hash function returns are referred to as message digest or simply hash.
Characteristics of Hash Functions
Typical features of hash functions are:
- Production of fixed duration (hash value)
- The hash feature transforms arbitrary length data to a fixed length. This mechanism is also called data hashing.
- In general, the hash is much smaller than the input data, which is why compression functions are often called hashes.
- Since a hash is a smaller representation of a larger data piece, it is often referred to as a digest.
- The hash function is called the hash function of n bits, with an output of n bits. Values between 160 and 512 bits are created by the most common hash functions.
- Organizational effectiveness
- Generally, computing h (x) is a fast process for any hash function h with input x. There are much faster computational hash functions than symmetric cryptography.
Admissibility and Authentication
The hash value plays an important role in establishing the authenticity and integrity of data/evidence in the digital world, especially in cryptography, forensic data analysis and imaging, etc. [1][2]The hash value commonly known as a data fingerprint is the crucial factor that not only authenticates the integrity of the data but also plays a crucial role in validating the forensic processes and equipment used for forensic examination. Over the years, hash value eligibility has improved, as hashes have specific identification capabilities that confirm when two documents or files match or are different with a high degree of accuracy.
With the support of a hash function algorithm, hashing is the method of mapping a large number of data items to a smaller table. A hash algorithm transforms an arbitrarily long block of data into a large number. The most commonly used hash functions are hash functions. The fundamental principle adopted in the forensic examination of electronic evidence is that the examination is never performed on the original evidence, except in some exceptional circumstances. During the forensic test, the image is used to protect the credibility of the original evidence. A hash value of the image copy is taken before any examination and compared to the hash value of the original evidence, if the hashes are the same, the copy is treated the same as the original.
The hash value can be used to authenticate evidence in court and during the discovery process. One method of authenticating electronic evidence under rule 901 (b) (4) is to use “hash values” or mash marks “when creating documents. A hash value is an alphanumeric string used as a form of fingerprint to classify a single digital file. Although two digital files can have hashes that collide or overlap the values of two different images are unlikely to do so. United States v. Cartier, 543 F.3d 442, 446 (8th Cir 2008). In the present case, the district court ruled that files with the same hash value have a 99.99% chance of being identical.[3]
The Internationally Recognized Hash Function is also endorsed by the Information Technology Act of 2000 as the only effective way to authenticate the integrity of the data resulting from the Section 3 explanation, which provides:
Explanation:
(a) For this subsection, “hash function” means a mapping or translation of an algorithm to a sequence of bit into another generally smaller set, known as a “hash result”, so that an electronic register produces the same hash result every time the algorithm is executed with the same electronic register as its input, making it unusable from the point of computational view a to derive or reconstruct the original electronic record from the hash result produced by the algorithm.
(b) Using the algorithm, two electronic records can produce the same hash outcome.
Section 3 also states that authentication of the electronic record must be done through the use of an asymmetric encryption system and a hash function.
Rule 3, 4, and 5 of the Information Technology Rules (Certification Authority) 2000 establishes the use of the hash function in authenticating information by digital signature and in creating and verifying digital signatures, and also states that electronic has not been tampered with, which is known if the hash result calculated by the vendor is identical to the hash result extracted from the digital signature during the ventilation process. Rule 6 of the 2000 Information Technology Standards (Certificate Authority) recognizes MD5 and SHA-2 as an accepted standard digital hash function.
Commenting on the role of hash values in identifying controversial data by the detective agency on the Peer to Peer Network and its admissibility in court, it was noted that “the hash value is a reference code made up of a string of letters and numbers, which is used to identify each part of the content to be shared. This enables the crawler to recognize parts of the content file when they are shared and is intended to ensure that the content files are downloaded correctly and not modified. “[4]
The court that investigated keywords and hash values also noted that it would strictly restrict the search for digital devices and noted that “a file may be labeled incorrectly; its extension (a kind of suffix indicating the file type) can be changed; it can be converted to a different type of file (just like a chat transcript can be captured as an image file, an image can also be inserted into a word processing file and saved as such). Any of these manipulations could change the hash value of a document. And in any case, a limited hash value search wouldn’t return any chat transcripts.[5]
Conclusion
Therefore, the hash value is an internationally accepted scientifically proven means of authenticating the reliability and authenticity of electronic evidence that has also been recognized as admissible by the courts in the United States and several other digitally advanced countries. The provision of the Information Technology Act of 2000 also recognizes the hash value as unique and MD5 and SHA-2 as the standard hash function in line with international standards, but to what extent they are used in digital forensic investigation or analysis and its admissibility in Indian courts is yet to be seen and it remains a long but steep cybercrime journey that in recent years leaves almost no choice to the detective agencies and the forensic institute.
References:
[1] Neeraj Aarora, HASH VALUE: AUTHENTICATION AND ADMISSIBILITY IN INDIAN PERSPECTIVE, CYBERPANDIT.ORG, (January 10, 2021, 08:40am), https://cyberpandit.org/?article_post=hash-value-authentication-and-admissibility-in-indian-perspective
[3] United States v. Cartier, 543 F.3d 442, 446 (8th Cir 2008)
[4] Dramatico Entertainment Ltd v British Sky Broadcasting Ltd (No. 1) [2012] EWHC 268 (Ch)
[5] Lorraine v. Markel – ESI ADMISSIBILITY OPINION, NO. PWG-06-1893
0 Comments