Showing papers on "Rainbow table published in 2008"

Reverse-engineering a cryptographic RFID tag

Abstract: The security of embedded devices often relies on the secrecy of proprietary cryptographic algorithms. These algorithms and their weaknesses are frequently disclosed through reverse-engineering software, but it is commonly thought to be too expensive to reconstruct designs from a hardware implementation alone. This paper challenges that belief by presenting an approach to reverse-engineering a cipher from a silicon implementation. Using this mostly automated approach, we reveal a cipher from an RFID tag that is not known to have a software or micro-code implementation. We reconstruct the cipher from the widely used Mifare Classic RFID tag by using a combination of image analysis of circuits and protocol analysis. Our analysis reveals that the security of the tag is even below the level that its 48-bit key length suggests due to a number of design flaws. Weak random numbers and a weakness in the authentication protocol allow for pre-computed rainbow tables to be used to find any key in a matter of seconds. Our approach of deducing functionality from circuit images is mostly automated, hence it is also feasible for large chips. The assumption that algorithms can be kept secret should therefore to be avoided for any type of silicon chip.

Authenticated hash tables

Abstract: Hash tables are fundamental data structures that optimally answer membership queries. Suppose a client stores n elements in a hash table that is outsourced at a remote server so that the client can save space or achieve load balancing. Authenticating the hash table functionality, i.e., verifying the correctness of queries answered by the server and ensuring the integrity of the stored data, is crucial because the server, lying outside the administrative control of the client, can be malicious.We design efficient and secure protocols for optimally authenticating membership queries on hash tables: for any fixed constants 0 1/e, the server can provide a proof of integrity of the answer to a (non-)membership query in constant time, requiring O(ne/logκe--1n) time to treat updates, yet keeping the communication and verification costs constant. This is the first construction for authenticating a hash table with constant query cost and sublinear update cost. Our solution employs the RSA accumulator in a nested way over the stored data, strictly improving upon previous accumulator-based solutions. Our construction applies to two concrete data authentication models and lends itself to a scheme that achieves different trade-offs---namely, constant update time and O(ne/logκen) query time for fixed e > 0 and κ > 0. An experimental evaluation of our solution shows very good scalability.

User policy manageable strength-based password aging

Abstract: Password aging based on the strength of the password provides an incentive for users to generate and/or memorize more complex passwords. The strength of the password is computed from a formula that relates the length of the password and the types of characters contained in the password to a strength value, which can be performed using a lookup table having values for different characteristics of the password, determining partial strength values corresponding to the ranges in which the characteristics fall, and then adding the partial strength values. Alternatively, a separate password strength application may be used to provide the strength value, which is entered by the user or administrator generating a new password. Alternatively, the password may be generated based on a specified desired expiration period, with the strength computation performed to ensure that the strength is sufficient to merit the desired expiration period.

Variants of the distinguished point method for cryptanalytic time memory trade-offs

Abstract: The time memory trade-off (TMTO) algorithm, first introduced by Hellman, is a method for quickly inverting a one-way function, using pre-computed tables. The distinguished point method (DP) is a technique that reduces the number of table lookups performed by Hellman's algorithm. In this paper we propose a new variant of the DP technique, named variable DP (VDP), having properties very different from DP. It has an effect on the amount of memory required to store the pre-computed tables. We also show how to combine variable chain length techniques like DP and VDP with a more recent trade-off algorithm called the rainbow table method.

Using FPGAs to Parallelize Dictionary Attacks for Password Cracking

Abstract: Operating systems and data protection tools are employing sophisticated password derived encryption key techniques in order to encrypt data. Such techniques impose a significant computational burden on forensic tools that attempt dictionary attacks are requiring cryptographic hash generation functions to be called several thousand times for each password attempted. In order to improve throughput, forensic analysis tools are designed to operate in a distributed manner over a dedicated network of workstations. This paper describes an FPGA-based hardware implementation of the standard CPSK#5 technique published by RSA Laboratories for generating password-derived encryption keys. This is the most computationally demanding step required when performing a dictionary attack on modern password-protected systems. The initial FPGA implementation incorporates four password-derived encryption key generation units operating at a frequency of 150 MHz and is capable of processing over 510 passwords per second. The implementation's performance can be easily improved by incorporating additional key generation units.

One-Time Password Authentication with Infinite Hash Chains

Abstract: One-time password scheme based on infinite forward stepping hash chains and not requiring re-initialization after a certain number of authentications is proposed. It resists known for such type schemes attacks, channel failures, and server side database compromise.

SPREAD: an adaptive scheme for redundant and fair storage in dynamic heterogeneous storage systems

Abstract: In this paper we study the problem of designing an adaptive hash table for redundant data storage in a system of storage devices with arbitrary capacities. Ideally, such a hash table should make sure that (a) a storage device with x% of the available capacity should get x% of the data, (b) the copies of each data item are distributed among the storage devices so that no two copies are stored at the same device, and (c) only a near-minimum amount of data replacements is necessary to preserve (a) and (b) under any change in the system. Hash tables satisfying (a) and (c) are already known, and it is not difficult to construct hash tables satisfying (a) and (b). However, no hash table is known so far that can satisfy all three properties as long as this is in principle possible. We present a strategy called SPREAD that solves this problem for the first time. As long as (a) and (b) can in principle be satisfied, SPREAD preserves (a) for every storage device within a (1 ± e) factor, with high probability, where e > 0 can be made arbitrarily small, guarantees (b) for every data item, and only needs a constant factor more data replacements than minimum possible in order to preserve (a) and (b).

High performance password cracking by implementing rainbow tables on nVidia graphics cards (IseCrack)

Abstract: IseCrack is a high performance implementation of rainbow tables on nVidia graphics cards (GPUs). It explores the limits of current technology in password cracking, and demonstrates the vulnerability of non-salted passwords to high speed GPU-accelerated attacks, using commercial off the shelf hardware. Passwords are by far the most common authentication method for users, and many users utilize the same password in multiple places. Many systems, including all current Microsoft operating systems, utilize non-salted passwords. If these passwords are vulnerable to attack, a user's encrypted files and online accounts can be accessed. IseCrack demonstrates that very high speed attacks against non-salted hashes are feasible, and highlights the necessity for salted password stores. IseCrack achieves a 100x speedup over existing implementations on inexpensive easily available hardware, and is designed to scale to large clusters.

Password recovery attack on authentication protocol MD4(Password||Challenge)

Abstract: Several widely used hash functions such as MD4 and MD5 have been proven to be insecure. As a result, it was announced that the security of APOP, which is a hash based challenge and response authentication protocol, is totally broken. Several candidates of strengthened APOP are considered. This paper deals with one of these candidates, which is described as Hash(Password||Challenge) whereas previous APOP is done as Hash(Challenge||Password). Actually, Hash(P||C) is already used in other protocols such as CHAP.The main contribution of this paper is the proposal of a password recovery attack on MD4(P||C). Let l be the length of password. If l ≤ 16, the whole password will be recovered with 237 online queries and 221 offline MD4 computations. If 16

Password recovery on challenge and response: impossible differential attack on hash function

Abstract: We propose practical password recovery attacks against two challenge-response authentication protocols using MD4. When a response is computed as MD4(Password||Challenge), passwords up to 12 characters are practically recovered. To recover up to 8 characters, we need 16 times the amount of eavesdropping and 16 times the number of queries, and the off-line complexity is less than 235 MD4 computations. To recover up to 12 characters, we need 210 times the amount of eavesdropping and 210 times the number of queries, and the off-line complexity is less than 240 MD4 computations.When a response is computed as MD4(Password||Challenge||Password), passwords up to 8 characters are practically recovered by 28 times the amount of eavesdropping and 28 times the number of queries, and the off-line complexity is less than 239 MD4 computations. Our approach is similar to the "Impossible differential attack", which was originally proposed for recovering the block cipher key. Good impossible differentials for hash functions are achieved by using local collision. This indicates that the presence of one practical local collision can damage the security of protocols.

Optimal discretization for high-entropy graphical passwords

Abstract: In click-based graphical password schemes that allow arbitrary click locations on image, a click should be verified as correct if it is close within a predefined distance to the originally chosen location. This condition should hold even when for security reasons the password hash is stored in the system, not the password itself. To solve this problem, a robust discretization method has been proposed, recently. In this paper, we show that previous work on discretization does not give optimal results with respect to the entropy of the graphical passwords and propose a new discretization method to increase the password space. To improve the security further, we also present several methods that use multiple hash computations for password verification.

P2P directory search: Signature Array Hash Table

Abstract: Bloom filters are a well known data structure for approximate set membership. Bloom filters are space efficient but require many independent hashes and consecutive memory accesses for an element test. In this paper, we develop a hash table data structure that stores string signatures in an array. This new signature array hash table (SAHT) supports faster element testing than a bloom filter and requires less memory than a standard hash table that uses linked-list chains. The SAHT also supports removal of elements (which a Bloom filter does not) and addition of elements at the expense of requiring about 1.5x more memory than a bloom filter with same false positive rate.

Optimising large hash tables for lookup performance

Abstract: Hash tables can provide fast mapping between keys and values even for voluminous data sets. Our main goal is to find a suitable implementation having compact structure and efficient collision avoidance method. Our attention is focused on maximizing the lookup performance when handling several millions of data items. This paper suggest a new memory consumption oriented way for comparing the significantly different approaches and analyses various types of hash table implementations in order to answer the question what structure needs to be used and how the parameters must be chosen in order to achieve a maximal lookup performance with the lowest possible memory consumption.

The Cost of False Alarms in Hellman and Rainbow Tradeoffs.

Abstract: Cryptanalytic time memory tradeoff algorithms are generic one-way function inversion techniques that utilize pre-computation. Even though the online time complexity is known up to a small multiplicative factor for any tradeoff algorithm, false alarms pose a major obstacle in its accurate assessment. In this work, we study the expected pre-image size for an iteration of functions and use the result to analyze the cost incurred by false alarms. We are able to present the expected online time complexities for the Hellman tradeoff and the rainbow table method in a manner that takes false alarms into account. We also analyze the effects of the checkpoint method in reducing false alarm costs. The ability to accurately compute the online time complexities will allow one to choose their tradeoff parameters more optimally, before starting the expensive precomputation process.

A new secure password authentication scheme using smart cards

Abstract: Thirteen security requirements for an ideal password authentication scheme using smart cards are listed and a new smart card based password authentication scheme with identity anonymity is proposed. The new scheme can satisfy all the listed ideal security requirements and has the following merits: ① it can resist all the attacks listed in introduction; ② less storage memory requirement due to no verification table stored in server; ③ low computational cost due to hash functions based operations; ④ even if the smart card is lost, the new system is still secure; ⑤ As user identity is anonymous, this scheme is more practical. The new proposed scheme can be applied in source constraint networks.

Password processor, image forming apparatus, and password processing program

Abstract: PROBLEM TO BE SOLVED: To easily analogize a set password, even when a user forgets the set password, and to hardly derive it by other party. SOLUTION: A storage part 5 stores the set password, and an auxiliary password comprising a pattern correlated with the set password. A display input part 3 displays an array of a plurality of code display areas indicating a code of a kind same to that of a code for forming the set password, and receives an input of a password by a selection operation of the code display areas. A password collating part 7 collates the input password with the set password, and outputs authentication information when both are determined to be consistent each other. A starting-up control part 11 controls starting-up of electronic equipment, based on the authentication information. A display changing part 9 changes an array of the code for forming the code display area along a pattern shape of the auxiliary password, when no input password is determined to be consistent with the set password, and displays and controls the display input part 3. COPYRIGHT: (C)2010,JPO&INPIT

One Time Password Authentication Based on Diffie-Hellman

Abstract: Aiming to the shortages of current OTP, a sort of scheme for one-time password authentication based on Diffie-Hellman by using the challenge/response scheme for reference is raised. Comparing with traditional ones, this scheme can provides mutual authentication between Client and Sever, but also avoids replay attack, off-line guessing attack and forgery attack, so it can improve the security of the application systems greatly.

Communication system, password determination method, and password change method

Abstract: PROBLEM TO BE SOLVED: To provide a communication system in which a terminal device can access a host computer even during changing a password. SOLUTION: When a password storage part 14 is made to store a new password (S105), the new password is transmitted to a host computer 2 (S103). The new password B is stored into a password storage means 25 (S111), and when the terminal device 1 accesses the host computer 2 after the transmission of the new password B, and when the password is transmitted from the terminal device 1 (S21), respective passwords are read from password storage parts 24 and 25, and whether or not the transmitted password is matched with any of the read passwords is determined (S41). COPYRIGHT: (C)2010,JPO&INPIT

Variants of the Distinguished Point Method for Cryptanalytic Time Memory Trade-offs

Abstract: The time memory trade-off (TMTO) algorithm, first introduced by Hellman, is a method for quickly inverting a one-way function, using pre-computed tables. The distinguished point method (DP) is a technique that reduces the number of table lookups performed by Hellman’s algorithm. In this paper we propose a new variant of the DP technique, named variable DP (VDP), having properties very different from DP. It has an effect on the amount of memory required to store the pre-computed tables. We also show how to combine variable chain length techniques like DP and VDP with a more recent trade-off algorithm called the rainbow table method.