Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Duplications and Misattributions of File Fragment Hashes in Image and Compressed Files
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (DISCO)ORCID iD: 0000-0003-3461-7079
2018 (English)In: Proceedings of NTMS 2018 Conference and Workshop, New York: IEEE, 2018, p. 1-5Conference paper, Published paper (Refereed)
Abstract [en]

Hashing is used in a wide variety of security contexts. Hashes of parts of files, fragment hashes, can be used to detect remains of deleted files in cluster slack, to detect illicit files being sent over a network, to perform approximate file matching, or to quickly scan large storage devices using sector sampling. In this work we examine the fragment hash uniqueness and hash duplication characteristics of five different data sets with a focus on JPEG images and compressed file archives. We consider both block and rolling hashes and evaluate sizes of the hashed fragments ranging from 16 to 4096 bytes. During an initial hash generation phase hash metadata is created for each data set, which in total becomes several several billion hashes. During the scan phase each other data set is scanned and hashes checked for potential matches in the hash metadata. Three aspects of fragment hashes are examined: 1) the rate of duplicate hashes within each data set, 2) the rate of hash misattribution where a fragment hash from the scanned data set matches a fragment in the hash metadata although the actual file is not present in the scan set, 3) to what extent it is possible to detect fragments from files in a hashed set when those files have been compressed and embedded in a zip archive. The results obtained are useful as input to dimensioning and evaluation procedures for several application areas of fragment hashing.

Place, publisher, year, edition, pages
New York: IEEE, 2018. p. 1-5
Keywords [en]
Metadata, Transform coding, Forensics, Image coding, Security, Entropy, Focusing
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-67376DOI: 10.1109/NTMS.2018.8328690ISI: 000448864200021ISBN: 978-1-5386-3662-6 (electronic)ISBN: 978-1-5386-3663-3 (print)OAI: oai:DiVA.org:kau-67376DiVA, id: diva2:1209862
Conference
2018 9th IFIP International Conference on New Technologies, Mobility and Security, February 26-28, Paris, France
Available from: 2018-05-24 Created: 2018-05-24 Last updated: 2019-06-17Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full texthttps://ieeexplore.ieee.org/document/8328690/

Authority records

Garcia, Johan

Search in DiVA

By author/editor
Garcia, Johan
By organisation
Department of Mathematics and Computer Science (from 2013)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 178 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf