HASH FUNCTIONS FOR CONFIRMING THE IDENTITY OF SOFTWARE

This paper provides an overview of the implementation of the Advanced Encryption Standard (AES) as a hash function for confirming the identity of software resident on a computer system. The Pacific Northwest National Laboratory (PNNL) Authentication team chose to use a hash function to confirm software identity on a system for situations where: (1) there is limited time to perform the confirmation and (2) access to the system is restricted to keyboard or thumbwheel input, and output can only be displayed on a monitor. PNNL reviewed three popular algorithms: the Secure Hash Algorithm (SHA-1), the Message Digest (MD-5), and the Advanced Encryption Standard (AES) and selected the AES to incorporate in software confirmation tool we developed. This paper gives a brief overview of the SHA-1, MD-5, and the AES and sites references for further detail. It then explains the overall processing steps of the AES to reduce a large amount of generic data—the plain text, such is present in memory and other data storage media in a computer system, to a small amount of data—the hash digest, which is a mathematically unique representation or signature of the former that could be displayed on a computer’s monitor. This paper starts with a simple definition and example to illustrate the use of a hash function. It concludes with a description of how the software confirmation tool uses the hash function to confirm the identity of software on a computer system.