Canonicalization is the process of mapping inputs to their canonical equivalent. It is often used for cryptographic algorithms and data that are intended to be secured from tampering, usually by hashing. In computer security, a Canonicalizations attack aims to find or compute the mapping between two different inputs which produce the same output when processed by a given system. This attack then seeks ways to manipulate input strings so they both result in an undesired output (such as “war” which can be manipulated into each other by changing just one character). With some algorithms such as MD5, even minor changes in input will result in enormous differences in hash values, making this type of attack relatively easy. A Canonicalizations attack is a type of specific-pattern attack.

Implementations:

• We implemented pure hashing algorithms in a way that essentially conflates all but one input string, which is taken to be the canonical form. For algorithms like MD5, this means that it’s easy to find two input strings that produce the same hash value, but very difficult to predict how changing any single character will transform an arbitrary input into its canonical form. 
• A hash algorithm that produces a collision for two distinct inputs to have been broken by collision.
• Research on canonicalization attacks has implications for many fields, including cryptanalysis, computer security, and hash-based data security. These attacks allow an attacker to prevent two inputs from having the same output; for a given output, we can alter one input without affecting the original. 

Key Points:

• This technique is used to steal a victim’s data from the server. 
• The attacker first creates a domain, usually at different TLDs, for example: .com, .co.uk or .info etc. Then registers a website with that domain name, and finally publishes links to the site from various social media or different blogs around the internet so that it will appear on search engines’ results pages for certain keywords searched by users. 
• The attacker then waits for users who arrive at their fake site and enter their username/password in order to complete an action (e.g., perform a payment).
• In the case of a payment operation, users would be redirected to the real website of cybercriminals, where they would complete the operation and then immediately be redirected back to the fake website through a cryptocurrency mining script.
• A user can visit any malicious site that is using this technique. Such sites may appear in search engines and social media results, but not on legitimate results pages. The only way to know if it’s safe to enter information on such websites is to check for certificate errors: If it gives one, then it’s fake.  

Countermeasures of Canonicalization attack:

• If a CA uses weak cryptography then something should be done about it, Before using that CA a company should know more about them and their security policies.
  Countermeasures against Canonicalization attack:
  In order to prevent this attack from happening, one must adopt a defense in depth strategy.
• Security policy at the infrastructure level: DDoS attacks are an aspect of the continuous escalation of security threats and are not the primary focus of most organizations now. However, they can often be prevented with simple preventive measures such as limiting data access to IP addresses that have logged in within a Pre-defined time frame or using host-based firewalls, etc.
• Penetration testing should also be done on any new server when it is installed. This can prevent non-disclosure of vulnerabilities etc.