Fun with Cybersecurity – Weekly Blog Posts on Cybersecurity
The purpose of these weekly blog posts is to demystify Cybersecurity concepts and present them in a demonstrable way. The approach is to present what and how; allowing the reader to think about why! The demonstrations use Windows based systems, however most of these tasks can also be performed on Linux and Mac based systems. If you would like to know “what and how” on non-windows systems, please mention that in the comments.
Integrity in Cybersecurity – Files and Fingerprints
Integrity is a central concept in Cybersecurity. Cybersecurity is the ability to protect or defend the use of cyberspace from cyber-attacks. Integrity is defined as, guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.
The focus of this post is to help readers understand modification of information.
Files have Fingerprints
A file is the basic unit of information storage in cyberspace; protecting information at rest often implies protecting files. For the purposes of this post, files and information will be used interchangeably.
Algorithms (a process or set of rules) is used to generate a unique alphanumeric string for a given file based on its contents. The alphanumeric string is called the File Hash, this File Hash serves as a fingerprint of that file. SHA256 is the name of one such algorithm used to fingerprint files.
The following illustrates the use of SHA256. It is possible to spot the smallest of changes using this concept – even if a single character is modified within, the file gets a new fingerprint!
Activity 1 – Fingerprinting a file using the Get-Filehash cmdlet in Windows PowerShell
Open an instance of Windows PowerShell and navigate to the folder which has the file, as shown. (in my case it is the illustration1 folder)
Copy/create the file whose hash you want to determine. Alternatively, you can navigate to the folder that contains the file!
I am creating a file called, temp1.txt in the illustration1 folder to demonstrate the concept. You can do the same, using the Notepad program. (If you type the same text you will obtain the same Hash, providing the contents are identical!)
Use the Get-Filehash cmdlet to get the SHA-256 hash of the file.
Activity 2 – Fingerprinting the File After Changing the Contents
Change the last period (.) on the second line into an exclamation mark (!), save the file.
Note the size of the file – it is unchanged. Find the file hash.
Activity 3 – Compare the file hashes before and after the modification
It is advisable to copy the strings into a Notepad file and compare them by pasting them one below the other. To copy the strings from the PowerShell window into Notepad, select the string with the mouse, when the full string is highlighted, press CTRL+c to copy it to the clipboard; paste it into Notepad by right-clicking the mouse and selecting Paste or by using CTRL+v on the keyboard.
A visual examination of the two file hashes (before the change and after respectively) indicates that they are different. This eatablishes that different files produce different SHA-256 file hashes!
Activity 4 – Find the SHA-256 of a file using Windows Explore
It is often easier to get the SHA-256 using Windows Explorer. Navigate to the file and right click on the file. Select CRC SHA from the menu, click on the SHA-256 option.
Activity 4 – Compare the file hashes before and after the modification
Copy the file temp1.txt to temp2.txt
Find the file hashes of temp1.txt and temp2.txt using Get-FileHash. Compare the hashes of temp1.txt and temp2.txt. Since the contents are identical, the hashes are found to be the same. (Note: You can get the File Hashes of multiple files using a single call to Get-Filehash!)
Every file on a computer, irrespective of location has a unique fingerprint based on its contents. The fingerprint is an alphanumeric string generated by an algorithm. The fingerprint is based on the contents of the file. Fingerprints of two files are identical if and only if the contents of those files are identical. SHA-256 is an algorithm used to fingerprint files (There are others like MD5, SHA-1, etc). Fingerprinting with SHA-256 is used extensively to check if contents of the files have been modified (are identical). Installation programs, Antivirus programs, Backup and Restore programs are some examples of Software that use the concept of fingerprinting and SHA-256.
Stay safe by verifying file integrity when in doubt! Make a note of fingerprints of important files on your computer or reference documents in your project. You can always check, if they have been modified accidentally or intentionally.