Exploration and Validation of the Sdhash Parameter Space

Abstract

Cryptographic hashes are commonly used to aid in the examination of digital evidence by providing a method of rapidly identifying targeted content (e.g., incriminating materials) in large quantities of data. Because only exact matches can be detected, this method is easily defeated by even the smallest modification to the data. Approximate matching techniques maintain nearly the speed and space efficiency advantages of cryptographic hashes, while offering a more robust scheme for detecting similar objects. We seek to validate design choices in sdhash, the current state-of-the-art approximate matching algorithm, and suggest alternatives where appropriate. In addition, we clarify various nuances regarding the interpretation of its output so that it can be more effectively applied to forensic analysis. To this end, we provide a detailed analysis of sdhash's behavior across a variety of relevant scenarios using the FRASH testing framework, and propose strategies for extracting more relevant and granular feedback.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2013
Accession Number
ADA585898

Entities

People

  • Michael R. Mccarrin

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Ground and Sea Platforms

DTIC Thesaurus Topics

  • Algorithms
  • Asymetric Encryption
  • Collisions
  • Compression Ratio
  • Computer Programs
  • Computer Science
  • Computers
  • Data Sets
  • Detection
  • Feature Selection
  • Information Operations
  • Language
  • Materials
  • Natural Languages
  • Operating Systems
  • Sampling
  • Standards

Fields of Study

  • Computer science

Readers

  • Computational Modeling and Simulation
  • Cybersecurity.
  • Systems Analysis and Design

Technology Areas

  • Space