Sweta Mishra

Bio: Sweta Mishra is an academic researcher from National Institute of Standards and Technology. The author has contributed to research in topics: Password & Hash function. The author has an hindex of 6, co-authored 13 publications receiving 58 citations. Previous affiliations of Sweta Mishra include Indraprastha Institute of Information Technology.

Cancelable Multi-Biometric Approach Using Fuzzy Extractor and Novel Bit-Wise Encryption

Abstract: The widespread deployment of multi-biometrics to authenticate users prompts the need for biometric systems with high recognition performance. Further, the biometric data, once leaked or stolen, remains compromised forever. Hence biometric security is of utmost importance. Existing biometric template protection schemes either degrade the recognition performance or they have issues with security and speed. We propose a cancelable multi-biometric authentication approach where a novel bit-wise encryption scheme transforms a biometric template to a protected template using a secret key generated from another biometric template. It fully preserves the number of bit-errors in the original and the protected template to ensure recognition performance equivalent to the performance of the unprotected systems. We introduce Algorithm I and Algorithm II for bit-wise encryption; both are defined over cryptographic-primitives- block cipher based encryption and keyed-hash function. We profile these algorithms on various hardware architectures to calculate the efficiency in terms of the time taken during enrolment and authentication phase. For Algorithm II , we observe that a 3.3 GHz desktop architecture takes about 18 milliseconds on an average of over 200 runs to authenticate a user. Additionally, we provide mathematical proof to show that the proposed scheme guarantees secrecy and irreversibility. The results of comparisons with the existing biometric template protection schemes on the various face and iris databases show that the proposed work provides significantly good recognition performance and efficiency, while it achieves high security. Finally, the bit-wise encryption scheme can be built over the commercial-off-the-shelf systems to achieve security with equivalent high performance.

Generation of Secure and Reliable Honeywords, Preventing False Detection

Abstract: Breach in password databases has been a frequent phenomena in the software industry. Often these breaches go undetected for years. Sometimes, even the companies involved are not aware of the breach. Even after they are detected, publicizing such attacks might not always be in the best interest of the companies. This calls for a strong breach detection mechanism. Juels et al. (in ACM-CCS 2013) suggest a method called ‘Honeywords’, for detecting password database breaches. Their idea is to generate multiple fake passwords, called honeywords and store them along with the real password. Any login attempt with honeywords is identified as a compromise of the password database, since legitimate users are not expected to know the honeywords corresponding to their passwords. The key components of their idea are (i) generation of honeywords, (ii) typo-safety measures for preventing false alarms, (iii) alarm policy upon detection, and (iv) testing robustness of the system against various attacks. In this work, we analyze the limitations of existing honeyword generation techniques. We propose a new attack model called ‘Multiple System Intersection attack considering Input’. We show that the ‘Paired Distance Protocol’ proposed by Chakraborty et al., is not secure in this attack model. We also propose new and more practical honeyword generation techniques and call them the ‘evolving-password model’, the ‘user-profile model’, and the ‘append-secret model’. These techniques achieve ‘approximate flatness’, implying that the honeywords generated using these techniques are indistinguishable from passwords with high probability. Our proposed techniques overcome most of the risks and limitations associated with existing techniques. We prove flatness of our ‘evolving-password model’ technique through experimental analysis. We provide a comparison of our proposed models with the existing ones under various attack models to justify our claims.

XHX - A Framework for Optimally Secure Tweakable Block Ciphers from Classical Block Ciphers and Universal Hashing.

Abstract: Tweakable block ciphers are important primitives for designing cryptographic schemes with high security. In the absence of a standardized tweakable block cipher, constructions built from classical block ciphers remain an interesting research topic in both theory and practice. Motivated by Mennink’s \(\widetilde{F}[2]\) publication from 2015, Wang et al. proposed 32 optimally secure constructions at ASIACRYPT’16, all of which employ two calls to a classical block cipher each. Yet, those constructions were still limited to n-bit keys and n-bit tweaks. Thus, applications with more general key or tweak lengths still lack support. This work proposes the XHX family of tweakable block ciphers from a classical block cipher and a family of universal hash functions, which generalizes the constructions by Wang et al. First, we detail the generic XHX construction with three independently keyed calls to the hash function. Second, we show that we can derive the hash keys in efficient manner from the block cipher, where we generalize the constructions by Wang et al.; finally, we propose efficient instantiations for the used hash functions.

Rig: A Simple, Secure and Flexible Design for Password Hashing

Abstract: Password Hashing, a technique commonly implemented by a server to protect passwords of clients, by performing a one-way transformation on the password, turning it into another string called the hashed password In this paper, we introduce a secure password hashing framework Rig which is based on secure cryptographic hash functions It provides the flexibility to choose different functions for different phases of the construction The design of the scheme is very simple to implement in software and is flexible as the memory parameter is independent of time parameter (no actual time and memory trade-off) and is strictly sequential (difficult to parallelize) with comparatively huge memory consumption that provides strong resistance against attackers using multiple processing units It supports client-independent updates, ie, the server can increase the security parameters by updating the existing password hashes without knowing the password Rig can also support the server relief protocol where the client bears the maximum effort to compute the password hash, while there is minimal effort at the server side We analyze Rig and show that our proposal provides an exponential time complexity against the low-memory attack

How many FIDO protocols are needed? Surveying the design, security and market perspectives.

Abstract: Unequivocally, a single man in possession of a strong password is not enough to solve the issue of security. Studies indicate that passwords have been subjected to various attacks, regardless of the applied protection mechanisms due to the human factor. The keystone for the adoption of more efficient authentication methods by the different markets is the trade-off between security and usability. To bridge the gap between user-friendly interfaces and advanced security features, the Fast Identity Online (FIDO) alliance defined several authentication protocols. Although FIDO's biometric-based authentication is not a novel concept, still daunts end users and developers, which may be a contributor factor obstructing FIDO's complete dominance of the digital authentication market. This paper traces the evolution of FIDO protocols, by identifying the technical characteristics and security requirements of the FIDO protocols throughout the different versions while providing a comprehensive study on the different markets (e.g., digital banking, social networks, e-government, etc.), applicability, ease of use, extensibility and future security considerations. From the analysis, we conclude that there is currently no dominant version of a FIDO protocol and more importantly, earlier FIDO protocols are still applicable to emerging vertical services.

CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects

Abstract: Cryptographic API misuses, such as exposed secrets, predictable random numbers, and vulnerable certificate verification, seriously threaten software security. The vision of automatically screening cryptographic API calls in massive-sized (e.g., millions of LoC) programs is not new. However, hindered by the practical difficulty of reducing false positives without compromising analysis quality, this goal has not been accomplished. CryptoGuard is a set of detection algorithms that refine program slices by identifying language-specific irrelevant elements. The refinements reduce false alerts by 76% to 80% in our experiments. Running our tool, CryptoGuard, on 46 high-impact large-scale Apache projects and 6,181 Android apps generated many security insights. Our findings helped multiple popular Apache projects to harden their code, including Spark, Ranger, and Ofbiz. We also have made progress towards the science of analysis in this space, including manually analyzing 1,295 Apache alerts, confirming 1,277 true positives (98.61% precision), and in-depth comparison with leading solutions including CrySL, SpotBugs, and Coverity.

CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects

Abstract: Cryptographic API misuses, such as exposed secrets, predictable random numbers, and vulnerable certificate verification, seriously threaten software security. The vision of automatically screening cryptographic API calls in massive-sized (e.g., millions of LoC) Java programs is not new. However, hindered by the practical difficulty of reducing false positives without compromising analysis quality, this goal has not been accomplished. State-of-the-art crypto API screening solutions are not designed to operate on a large scale. Our technical innovation is a set of fast and highly accurate slicing algorithms. Our algorithms refine program slices by identifying language-specific irrelevant elements. The refinements reduce false alerts by 76% to 80% in our experiments. Running our tool, CrytoGuard, on 46 high-impact large-scale Apache projects and 6,181 Android apps generate many security insights. Our findings helped multiple popular Apache projects to harden their code, including Spark, Ranger, and Ofbiz. We also have made substantial progress towards the science of analysis in this space, including: i) manually analyzing 1,295 Apache alerts and confirming 1,277 true positives (98.61% precision), ii) creating a benchmark with 38-unit basic cases and 74-unit advanced cases, iii) performing an in-depth comparison with leading solutions including CrySL, SpotBugs, and Coverity. We are in the process of integrating CryptoGuard with the Software Assurance Marketplace (SWAMP).

Optical PTFT Asymmetric Cryptosystem-Based Secure and Efficient Cancelable Biometric Recognition System

Abstract: Recently, biometric systems are extensively and commonly utilized for authentication and verification applications. The security issue and the dependence on a specific biometric for the biometric verification process are the main challenges confronted in biometric systems. The security issue comes due to the exploitation of the original biometrics in stored servers. Therefore, if any attacks have been introduced to the stored biometrics, they will be missed indefinitely. Consequently, the stored original biometrics must be secured through maintaining and storing these templates away from exploitation in their servers. So, there is a need for designing a cancelable biometric recognition system (CBRS) that is a promising protection trend in biometric verification and authentication fields. The CBRS is based on the conversion of biometric data or its features to a different arrangement. In this article, a novel CBRS based on the suggested optical PTFT (Phase Truncated Fourier Transform) asymmetric encryption algorithm is introduced. In the proposed algorithm, two different distributions of phases in the output and Fourier planes are maintained as deciphering keys, and thus, the encryption keys will not be utilized for the decryption process. This leads to the advantage that the two ciphering keys may be utilized as public secret keys to encrypt distinct biometric images. Consequently, the suggested PTFT cryptosystem is an asymmetric encryption/decryption technique compared to the preceding related optical encryption techniques that are symmetric techniques such as Optical Scanning Holography (OSH) and Double Random Phase Encoding (DRPE). The suggested PTFT asymmetric encryption algorithm also has a wonderful practical performance in security applications. One of the main contributions of the proposed optical PTFT asymmetric encryption algorithm is that it removes the linearity features of the optical OSH and DRPE symmetric encryption algorithms through its great features of the phase truncation nonlinear operation. Subsequently, this produces an encrypted biometric template with two public keys, and the authenticated user can retrieve the original biometric template utilizing two private keys with achieving a high security and cancelability performance for the stored biometrics. To confirm the efficacy of the suggested optical encryption algorithm for developing a secure CBRS, various biometric datasets of face, ear, palmprint, fingerprint, and iris images are examined and analyzed. Extensive comparative analyses are performed amongst the suggested algorithm and the optical OSH and DRPE encryption algorithms. The experimental outcomes achieved for performance quality assessment assure that the suggested CBRS is reliable, robust, and realistic. It has great security and cancelability proficiency that expose excellent cancelable biometric recognition performance even in the existence of noise. Moreover, the performed experiments declare that the suggested CBRS guarantee an average FRR (False Reject Rate) of 0.0012, EER (Equal Error Rate) of 0.0019, and FAR (False Accept Rate) of 0.0030, and an average AROC (Areas under the Receiver Operating Characteristic) of 0.9996.

On the Depth-Robustness and Cumulative Pebbling Cost of Argon2i

Abstract: Argon2i is a data-independent memory hard function that won the password hashing competition. The password hashing algorithm has already been incorporated into several open source crypto libraries such as libsodium. In this paper we analyze the cumulative memory cost of computing Argon2i. On the positive side we provide a lower bound for Argon2i. On the negative side we exhibit an improved attack against Argon2i which demonstrates that our lower bound is nearly tight. In particular, we show that