Dissertation•

# Design and analysis of password-based authentication systems

01 Oct 2017-

TL;DR: This thesis is devoted to the secure design of password hashing algorithm and the analysis of existing password-based authentication systems and provides a cryptographic module based approach for password hashing.

Abstract: Passwords are the most widely deployed means of human-computer authentication since the early 1960s. The use of passwords, which are usually low in entropy, is delicate in cryptography because of the possibility of launching an offline dictionary attack. It is ever challenging to design a password-based cryptosystem that is secure against this attack. Password-based cryptosystems broadly cover two areas 1) Password-based authentication, e.g., password hashing schemes and 2) Password-based encryption specifically used in password-based authenticated key exchange (PAKE) protocols. This thesis is devoted to the secure design of password hashing algorithm and the analysis of existing password-based authentication systems. The frequent reporting of password database leakage in real-world highlights the vulnerabilities existing in the current password based constructions. In order to alleviate these problems and to encourage strong password protection techniques, a Password Hashing Competition (PHC) was held from 2013 to 2015. Following the announced criteria, we propose a password hashing scheme Rig that fulfills all the required goals. We also present a cryptanalytic technique for password hashing. Further, we focus on the improvement of a password database breach detection technique and on the analysis of Universal 2nd Factor protocol. This report tries to list and summarize all the important results published in the field of password hashing in recent years and understand the extent of research over password-based authentication schemes. Our significant results are listed below. 1. Following the design requirements for a secure password hashing scheme as mentioned at the PHC [16], we present our design Rig which satisfies all required criteria. It is a memory hard and best performing algorithm under cache-timing attack resistant category. As part of the results, we present the construction explaining the design rationale and the proof of its collision resistance. We also provide the performance and security analysis. 2. In practice, most cryptographic designs are implemented inside a Cryptographic module, as suggested by National Institute of Standards and Technology (NIST) in a standard, FIPS 140. A cryptographic module has a limited memory and this makes it challenging to implement a password hashing scheme (PHS) inside it. We provide a cryptographic module based approach for password hashing. It helps to enhance the security of the existing password-based authentication framework. We also discuss the feasibility of the approach considering the submissions of PHC. 3. The increasing threat of password leakage from compromised password hashes demands a resource consuming algorithm to prevent the precomputation of the password hashes. A class of password hashing designs which ensure that any reduction in the memory leads to exponential increase in their runtime are called Memory hard designs. Time Memory Tradeoff (TMTO) technique is an effective cryptanalytic approach for such password hashing schemes (PHS). However, it is generally difficult to evaluate the “memory hardness” of a given PHS design. We present a simple technique to analyze TMTO for any password hashing schemes which can be represented as a directed acyclic graph.

##### Citations

More filters

##### References

More filters

••

TL;DR: Good generalized these methods and gave elegant algorithms for which one class of applications is the calculation of Fourier series, applicable to certain problems in which one must multiply an N-vector by an N X N matrix which can be factored into m sparse matrices.

Abstract: An efficient method for the calculation of the interactions of a 2' factorial ex- periment was introduced by Yates and is widely known by his name. The generaliza- tion to 3' was given by Box et al. (1). Good (2) generalized these methods and gave elegant algorithms for which one class of applications is the calculation of Fourier series. In their full generality, Good's methods are applicable to certain problems in which one must multiply an N-vector by an N X N matrix which can be factored into m sparse matrices, where m is proportional to log N. This results inma procedure requiring a number of operations proportional to N log N rather than N2. These methods are applied here to the calculation of complex Fourier series. They are useful in situations where the number of data points is, or can be chosen to be, a highly composite number. The algorithm is here derived and presented in a rather different form. Attention is given to the choice of N. It is also shown how special advantage can be obtained in the use of a binary computer with N = 2' and how the entire calculation can be performed within the array of N data storage locations used for the given Fourier coefficients. Consider the problem of calculating the complex Fourier series N-1 (1) X(j) = EA(k)-Wjk, j = 0 1, * ,N- 1, k=0

11,795 citations

### "Design and analysis of password-bas..." refers methods in this paper

...The Butterfly graph [68, 51] is obtained by placing two back-to-back Fast Fourier Transformation (FFT) graphs after omitting one row in the middle....

[...]

••

TL;DR: A theory of secrecy systems is developed on a theoretical level and is intended to complement the treatment found in standard works on cryptography.

Abstract: THE problems of cryptography and secrecy systems furnish an interesting application of communication theory.1 In this paper a theory of secrecy systems is developed. The approach is on a theoretical level and is intended to complement the treatment found in standard works on cryptography.2 There, a detailed study is made of the many standard types of codes and ciphers, and of the ways of breaking them. We will be more concerned with the general mathematical structure and properties of secrecy systems.

8,777 citations

### "Design and analysis of password-bas..." refers background in this paper

...Shannon, in his seminal work [149] defines the concept of perfect secrecy which says that a cipher is called perfectly secure if the ciphertext does not reveal the adversary any additional information about the plaintext....

[...]

••

15 Aug 1999TL;DR: In this paper, the authors examine specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. And they also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.

Abstract: Cryptosystem designers frequently assume that secrets will be manipulated in closed, reliable computing environments. Unfortunately, actual computers and microchips leak information about the operations they process. This paper examines specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. We also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.

6,757 citations

•

01 Jan 1996

3,526 citations

•

14 Feb 2002

TL;DR: The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked.

Abstract: 1. The Advanced Encryption Standard Process.- 2. Preliminaries.- 3. Specification of Rijndael.- 4. Implementation Aspects.- 5. Design Philosophy.- 6. The Data Encryption Standard.- 7. Correlation Matrices.- 8. Difference Propagation.- 9. The Wide Trail Strategy.- 10. Cryptanalysis.- 11. Related Block Ciphers.- Appendices.- A. Propagation Analysis in Galois Fields.- A.1.1 Difference Propagation.- A.l.2 Correlation.- A. 1.4 Functions that are Linear over GF(2).- A.2.1 Difference Propagation.- A.2.2 Correlation.- A.2.4 Functions that are Linear over GF(2).- A.3.3 Dual Bases.- A.4.2 Relationship Between Trace Patterns and Selection Patterns.- A.4.4 Illustration.- A.5 Rijndael-GF.- B. Trail Clustering.- B.1 Transformations with Maximum Branch Number.- B.2 Bounds for Two Rounds.- B.2.1 Difference Propagation.- B.2.2 Correlation.- B.3 Bounds for Four Rounds.- B.4 Two Case Studies.- B.4.1 Differential Trails.- B.4.2 Linear Trails.- C. Substitution Tables.- C.1 SRD.- C.2 Other Tables.- C.2.1 xtime.- C.2.2 Round Constants.- D. Test Vectors.- D.1 KeyExpansion.- D.2 Rijndael(128,128).- D.3 Other Block Lengths and Key Lengths.- E. Reference Code.

3,444 citations

### "Design and analysis of password-bas..." refers methods in this paper

...Currently, the widely used block cipher is Advanced Encryption Standard (AES) [72] which supports block size 128-bits and the key lengths 128, 192 or 256-bits....

[...]