SHA-1 Official Dead: Authenticity Challenge in Electronic Evidence Cases
"We have broken SHA-1 in practice," and "SHAttered attack" can be used to compromise anything that relies on SHA-1, says a group of researchers from the CWI Research centres in Amsterdam and Google. The hash functions play a vital role in proving the integrity of electronic evidence as hashing of the electronic evidence is done at three stages, pre acquisition, post acquisition and post forensics and consistency of hash values at these three stages establish not only integrity of evidence but also sanctity of the forensic examination process. The moment two different message inputs produce the same hash, the so-called collision can open the door to challenges the integrity of evidence.
A collision occurs when the two different files or messages produce the same cryptographic hash. . The most well-known collision occurred in 2010 against the MD5 hash algorithm in malware known as Flame which was used to hijack the Windows Update Mechanism. . Prosecution agencies like CBI, ED, NIA etc are filing the audio/video clips of the intercepted recording by computing either the MD5/SHA-1 hash value which would reduce the veracity of the investigation agencies claims as to the integrity of these audio or video files as the hash value generated by MD5/SHA-1 no more remains unique. It may not pose a challenge to the admissibility of the data under section 62 or 65B of the evidence act but it would certainly impact the probative value or the weight which could be assigned to such evidence by the trial courts.
In context with digital forensic, If now onwards a forensic expert uses SHA -1 hashing algorithm for verification of integrity of the data, whether such expert would be able to give any satisfactory answer to the court why SHA-1 is being used particularly once it is proved that the SHA-1 algorithm is subject to collision and data can be fabricated. The new technology Solid State Drives has already made the hashing concept as obsolete and present SHA-1 ordeal, cloud computing, encryption etc. would continue to be problematic for recovery, authenticity & reliability of electronic evidence.
Read Full Article at – http://www.neerajaarora.com/sha-1-official-dead/
Neeraj Aarora
CISSP, CISA, CFCE, FCMA, CFE
Right to be forgotten in Blockchain: Is GDPR redundant?
Blockchain has become pervasive in all segments and its impact is being felt across the industries. The effective date of the EU’s General Data Protection Regulation (GDPR) is fast approaching (May 25 th, 2018) and efforts are being made globally to comply with it.Intercepted Mobile Evidence on CD: Infringement of Constitutional Right of Defence
Electronic Interception of Telephonic Communication, also known as “Wiretapping” always clouded with various controversies as to illegality or breach of privacy however, an important concern as to what standard of evidence, the prosecution needs to establish the Admissibility, Authenticity, Veracity and Reliability of such recordings in the court.Every Computer Output does not require 65B Certificate-IEA, 1872
CERTIFICATE U/S 65B NOT REQUIRED TO PROVE FIR