Showing papers on "Rainbow table published in 2016"

CASH: A Cost Asymmetric Secure Hash Algorithm for Optimal Password Protection

Abstract: An adversary who has obtained the cryptographic hash of a user's password can mount an offline attack to crack the password by comparing this hash value with the cryptographic hashes of likely password guesses This offline attacker is limited only by the resources he is willing to invest to crack the password Key-stretching techniques like hash iteration and memory hard functions have been proposed to mitigate the threat of offline attacks by making each password guess more expensive for the adversary to verify However, these techniques also increase costs for a legitimate authentication server We introduce a novel Stackelberg game model which captures the essential elements of this interaction between a defender and an offline attacker In the game the defender first commits to a key-stretching mechanism, and the offline attacker responds in a manner that optimizes his utility (expected reward minus expected guessing costs) We then introduce Cost Asymmetric Secure Hash (CASH), a randomized key-stretching mechanism that minimizes the fraction of passwords that would be cracked by a rational offline attacker without increasing amortized authentication costs for the legitimate authentication server CASH is motivated by the observation that the legitimate authentication server will typically run the authentication procedure to verify a correct password, while an offline adversary will typically use incorrect password guesses By using randomization we can ensure that the amortized cost of running CASH to verify a correct password guess is significantly smaller than the cost of rejecting an incorrect password Using our Stackelberg game framework we can quantify the quality of the underlying CASH running time distribution in terms of the fraction of passwords that a rational offline adversary would crack We provide an efficient algorithm to compute high quality CASH distributions for the defender Finally, we analyze CASH using empirical data from two large scale password frequency datasets Our analysis shows that CASH can significantly reduce (up to 50%) the fraction of password cracked by a rational offline adversary

Practical security and privacy attacks against biometric hashing using sparse recovery

Abstract: Biometric hashing is a cancelable biometric verification method that has received research interest recently. This method can be considered as a two-factor authentication method which combines a personal password (or secret key) with a biometric to obtain a secure binary template which is used for authentication. We present novel practical security and privacy attacks against biometric hashing when the attacker is assumed to know the user’s password in order to quantify the additional protection due to biometrics when the password is compromised. We present four methods that can reconstruct a biometric feature and/or the image from a hash and one method which can find the closest biometric data (i.e., face image) from a database. Two of the reconstruction methods are based on 1-bit compressed sensing signal reconstruction for which the data acquisition scenario is very similar to biometric hashing. Previous literature introduced simple attack methods, but we show that we can achieve higher level of security threats using compressed sensing recovery techniques. In addition, we present privacy attacks which reconstruct a biometric image which resembles the original image. We quantify the performance of the attacks using detection error tradeoff curves and equal error rates under advanced attack scenarios. We show that conventional biometric hashing methods suffer from high security and privacy leaks under practical attacks, and we believe more advanced hash generation methods are necessary to avoid these attacks.

GPU-Based High Performance Password Recovery Technique for Hash Functions.

Abstract: Due to the development of GPGPU (General Purpose Graphic Processing Unit) technology, GPU has been applied in many computation tasks as accelerators. In this paper, a new password recovery technique for the standardized hash functions, MD5 and SHA1, are proposed by combining the optimization methods on GPU. The performance on AMD HD7970 is 2615 mc/s for SHA1 and 6877 mc/s for MD5, which is 10 times better than the original implementation. If the length of password is limited, our GPU-based technique makes it possible to recover password from hash values in a reasonable time.

Securing passwords from dictionary attack with character-tree

Abstract: Most websites use passwords for authenticating user identity and for allowing access to website resources that may contain sensitive information. A large number of people use dictionary words for creating passwords. These user passwords are subjected to one-way hash functions and are stored inside the database as corresponding hash values instead of plaintext. A potential hacker can use brute-force, rainbow table or dictionary attacks to get the input password from the hash values and the most reported real life hacks were done by cracking password hashes using dictionary attack. Currently, users are allowed to register in websites only with passwords that obey the security policies. It is noted that, even though passwords with certain patterns are accepted as strong by the existing policies, they are vulnerable for a dictionary attack based on those patterns. This paper proposes a novel method for ensuring security for passwords against such dictionary attacks. This method, checks strength of the user passwords using a dictionary which is stored as a character tree. This system helps to create strong password hashes that are resistant to dictionary attacks. This approach thus offers advanced and superior protection for passwords from cracking attempts.

Comparison of perfect table cryptanalytic tradeoff algorithms

Abstract: The performances of three major time memory tradeoff algorithms were compared in a recent paper. The algorithms considered there were the classical Hellman tradeoff and the non-perfect table versions of the distinguished point method and the rainbow table method. This paper adds the perfect table versions of the distinguished point method and the rainbow table method to the list, so that all the major tradeoff algorithms may now be compared against each other. Even though there are existing claims as to the superiority of one tradeoff algorithm over another algorithm, the algorithm performance comparisons provided by the current work and the recent paper mentioned above are of higher practical value. We provide comparisons of algorithms at parameters that achieve a common success rate of inversion and which take both the cost of pre-computation and the efficiency of the online phase into account. The comparisons are based on the average case execution behaviors rather than the worst case situations, and non-negligible details such as the effects of false alarms and various storage optimization techniques are no longer ignored. A large portion of this paper is allocated to analyzing the execution behavior of the perfect table distinguished point method. In particular, we obtain a closed-form formula for the average length of chains associated with a perfect distinguished point table.

Optical image encryption using password key based on phase retrieval algorithm

Abstract: A novel optical image encryption system is proposed using password key based on phase retrieval algorithm (PRA). In the encryption process, a shared image is taken as a symmetric key and the plaintext is encoded into the phase-only mask based on the iterative PRA. The linear relationship between the plaintext and ciphertext is broken using the password key, which can resist the known plaintext attack. The symmetric key and the retrieved phase are imported into the input plane and Fourier plane of 4f system during the decryption, respectively, so as to obtain the plaintext on the CCD. Finally, we analyse the key space of the password key, and the results show that the proposed scheme can resist a brute force attack due to the flexibility of the password key.

Deterministic and Efficient Hash Table Lookup Using Discriminated Vectors

Abstract: Hash table is used in many areas of networking such as route lookup, packet classification, per-flow state management and network monitoring for its constant access time latency at moderate loads. However, collisions may become frequent at high loads in traditional hash tables, which may lead the access time complexity to be linear and intolerable to applications like high-speed route lookups. While some schemes were proposed to help resolve this problem and most of them may achieve O(1) average memory access per lookup, very few of them are able to cut down the access to a deterministic single one. In this paper, we design a structure called deterministic and efficient hash table (DEHT). In DEHT, a novel data structure on on-chip memory is built, with the help of which the off-chip memory access can be decreased to a single one at most per lookup even when the load of the hash table is very high. What's more, the on-chip data structure also plays a similar role as Bloom Filter to do membership screening, which can avoid most lookups of nonexistent items of the hash table visiting the off-chip memory. Through theoretical analysis and simulations, we show that our scheme is faster than other schemes in lookup operations; the usable load of the off-chip hash table, the memory efficiency and the false positive rate of the on-chip data structure are also favorable.

Decryption of Frequent Password Hashes in Rainbow Tables

Abstract: Time-memory trade-off methods provide means to invert one way functions. Such attacks offer a flexible trade-off between running time and memory cost in accordance to users' computational resources. In particular, they can be applied to hash values of passwords in order to recover the plaintext. They were introduced by Martin Hellman and later improved by Philippe Oechslin with the introduction of rainbow tables. The drawbacks of rainbow tables are that they do not always guarantee a successful inversion. We address this issue in this paper. In the context of passwords, it is pertinent that frequently used passwords are incorporated in the rainbow table. It has been known that up to 4 given passwords can be incorporated into a chain but it is an open problem if more than 4 passwords can be achieved. We solve this problem by showing that it is possible to incorporate more of such passwords along a chain. Furthermore, we prove that this results in faster recovery of such passwords during the online running phase as opposed to assigning them at the beginning of the chains. For large chain lengths, the average improvement translates to 3 times the speed increase during the online recovery time.

System And Method Of A Dynamic Shared Memory Hash Table With Notifications

Abstract: A method and apparatus of a device that grows and/or shrinks a table that is shared between a writer and a plurality of readers is described. In an exemplary embodiment, a device receives an entry to be added to the shared table. In response to receiving the entry, the device remaps shared table to add a new storage segment to the shared table. The device further adds the entry to the shared table, where the entry is stored in the new storage segment. In addition, the device updates a shared table characteristic to indicate that the shared table has changed. The device further shrinks the shared table by remapping the table to remove a segment of the table.

A Distributed Hash Table for Shared Memory

Abstract: Distributed algorithms for graph searching require a high-performance CPU-efficient hash table that supports find-or-put. This operation either inserts data or indicates that it has already been added before. This paper focuses on the design and evaluation of such a hash table, targeting supercomputers. The latency of find-or-put is minimized by using one-sided RDMA operations. These operations are overlapped as much as possible to reduce waiting times for roundtrips. In contrast to existing work, we use linear probing and argue that this requires less roundtrips. The hash table is implemented in UPC. A peak-throughput of 114.9 million op/s is reached on an Infiniband cluster. With a load-factor of 0.9, find-or-put can be performed in 4.5μs on average. The hash table performance remains very high, even under high loads.

Optimization of Rainbow Tables for Practically Cracking GSM A5/1 Based on Validated Success Rate Modeling

Abstract: GSM Global System for Mobile Communications communication is a ubiquitous technology developed by European Telecommunications Standards Institute for cellular network. To ensure the confidentiality of the user communication, it is protected against eavesdroppers by the A5/1 cryptographic algorithm. Various time-memory trade-off TMTO techniques have been proposed to crack A5/1. These techniques map the keystreams to the initial states of the algorithm at a reasonable success rate. Among TMTO techniques, rainbow table is an efficient method that allows a good trade-off between run-time and storage. The link between rainbow table parameters and the success rate is not well established yet. In view of this, a statistical success rate model is proposed in this paper, which takes various parameters of a given TMTO structure into consideration. The developed success rate model can be used to optimize the TMTO parameters for the best performance. Comprehensive experiments show that A5/1 can be broken with $$43\,\%$$ success rate in 9i¾?s using 1.29i¾?TB rainbow tables, which is consistent with the theoretically predicted success rate. When using 3.84i¾?TB rainbow tables, the extrapolated success rate is $$81\,\%$$.

Client-CASH: Protecting Master Passwords against Offline Attacks

Abstract: Offline attacks on passwords are increasingly commonplace and dangerous. An offline adversary is limited only by the amount of computational resources he or she is willing to invest to crack a user's password. The danger is compounded by the existence of authentication servers who fail to adopt proper password storage practices like key-stretching. Password managers can help mitigate these risks by adopting key stretching procedures like hash iteration or memory hard functions to derive site specific passwords from the user's master password on the client-side. While key stretching can reduce the offline adversary's success rate, these procedures also increase computational costs for a legitimate user. Motivated by the observation that most of the password guesses of the offline adversary will be incorrect, we propose a client side cost asymmetric secure hashing scheme (clientcash). clientcash~randomizes the runtime of client-side key stretching procedure in a way that the expected computational cost of our key derivation function is greater when run with an incorrect master password. We make several contributions. First, we show how to introduce randomness into a client-side key stretching algorithms through the use of halting predicates which are selected randomly at the time of account creation. Second, we formalize the problem of finding the optimal running time distribution subject to certain cost constraints for the client and certain security constrains on the halting predicates. Finally, we demonstrate that Client-CASH can reduce the adversary's success rate by up to 21%. These results demonstrate the promise of the Client-CASH mechanism.

Mechanism for color management cache reinitialization optimization

Abstract: A printing system is disclosed. The printing system includes a color management unit having a hash table to store input colors and corresponding output colors and a lookup table (LUT). The printing system also includes one or more processors to reinitialize the hash table based on a hash table time and a interpolation time derived from concurrent real time measurements.

Spark platform-based password hash value recovery method and device

Abstract: The invention discloses a Spark platform-based password hash value recovery method and device. The design method includes a rainbow table data generation step and a rainbow table decryption step. According to the method, the first-of-chain node value of each rainbow chain is recorded as an SV (Start Value), and the last-of-chain node value of each rainbow chain is recorded as an EV (End Value); based on the processing capability of the Spark platform for large-scale data, a map function is utilized to effectively calculate EV corresponding to SV, so that rainbow chains can be generated, and are stored in an HDFS (Hadoop distributed file system), and rainbow table data generation is completed; and a filter function is utilized to find all SV corresponding to a ciphertext to be decrypted, and a foreach function is called to generate complete rainbow chains according to each SV, and the ciphertext can be decrypted.

A Method for Cracking the Password of WPA2-PSK Based on SA and HMM

Abstract: Password recovery of WPA2-PSK is an important problem in digital forensics. Since the encryption mechanism of WPA-PSK is gradually enhanced, it is difficult to deal with this problem by the traditional methods such as brute force, rainbow table, Markov model, and so on. In this paper, we give a new method based on simulated annealing (SA) and hidden markov model (HMM). The main principle of this method is to create the hidden markov model of the known password based on the SA which could be used to generate the password candidates in the wireless network password recovery. It means that the passwords are given by a probability learning of the known password. The tests have shown that this approach could improve the effectiveness of password recovery for the wireless network, comparing with the Markov model which has been shown much more efficiently than the traditional methods such as brute force and dictionary attack.

Hardware Implementation of Rainbow Tables Generation for Hash Function Cryptanalysis

Abstract: Nowadays programmable logic structures are commonly used in cryptology. FPGA implementations of cryptographic and cryptanalytic algorithms combine advantages of an ASIC and a software, offering both great data processing speed and flexibility. In this paper, we present the design and implementation of a system for rapid rainbow tables’ generation. Rainbow tables are commonly used for cryptanalysis of hash functions. The presented approach shows that proposed method may compete with CPU-based approaches when performance is considered, as well as computational complexity, while maintaining low level of programmable structures’ logic element utilization.

Password Recovery for WPA/WPA2-PSK Based on Parallel Random Search with GPU

Abstract: Password recovery of WPA/WPA2-PSK is an important problem in computer forensics. It is difficult to deal with this problem by traditional methods such as brute force, rainbow table, dictionary, and so on. We give a new method based on parallel random search to solve this problem. This method integrates the advantages that random search can improve the hit rate and the parallel search can improve the operating efficiency. The principle and implementation of this method is also given based on GPU. Finally the test results show that this method can improve the speed of the password search for WPA2-PSK.

LAPPS: Location Aware Password Protection System.

Abstract: Location Aware Password Protection System (LAPPS) is designed to strengthen the security of traditional password protection systems. This is achieved by adding several layers of protection to the passwords that most traditional password protection systems generate. The current implementation looks at the Password/Pin numbers of Credit/Debit cards that are used on Automated Teller Machine (ATM),though the underlying design of the system can be used in many other scenarios. A password that is generated will be allocated to a particular user and to the ATM that is nearest to the user. LAPPS ensures the following qualities of the passwords that it generates. Location Awareness: The passwords are generated according to the users' geographical area, that they request their passwords from. So a password will only be active in just one location. Time Awareness: A password will only be valid for five minutes. The unused passwords will be discarded. Dynamic: The user has to have a new password each time he/she logs in. A password is generated to be used only once. User Oriented/Specific: The received password can only be used by the requester, and can only be used on its allocated ATM. Two Factor Authenticity: The confidential information will be secured using two-factor authentication. For extra security, a Pin generating device has been introduced. This will produce an eight digit number that the user has to supply to the mobile application, before requesting for a password. The user can obtain a pin number by inserting his/her Debit/Credit card and the fixed password that has been allocated when the user registers with the system.

Vehicle Intruder Alert System using Multi-Layered Authentication Technique

Abstract: Objectives: In the recent past, vehicle theft is increasingly prevalent. The objective of the study is to propose a method to overcome the problem. Methods: In this paper, a technique is proposed that resolves the above mentioned problem. The primary purpose of the proposed scheme is to protect the vehicle from any unauthorized access using a cryptographic algorithm. Findings: The surety of the algorithm is achieved by combining cryptographic algorithm with a secret key. A randomly chosen binary template is used as a secret key which is then integrated with the input in order to generate the hash value using an MD5 hashing algorithm. This hash value is then compared with the stored hash value in order to operate the vehicle. In hashing algorithm, the hidden key is a data in which it is applied as an additional input to a one-way function that hashes a password. The principal use of the private key is to defend against dictionary attack and a rainbow table attack. Improvements/Applications: Thus, this technique achieves data confidentiality, data integrity, data privacy, authentication, and also is efficient in terms of processing time.

The Cryptanalysis of WPA & WPA2 Using the Parallel-Computing with GPUs

Abstract: The encryption of WPA & WPA2 is the present and security protection for the wireless LAN. With the vigorous development of parallel computing (GPU), the speed of cryptanalysis is rising up and getting more popular which causes the great threat to the Wi-Fi security. It is time-consuming for the wireless passwords analysis for the huge total combinations of 9563 max. Now, it is the turning point that the leap progress of GPU makes the Wi-Fi cryptanalysis much more efficient than before. In this research, we proposed a much faster speed (270,000 PMKs/s) compared to those in years, and the speed of computing PMKs/s is the major crucial factor and base for the mainstream of wireless passwords attacks, such as brute force, dictionary, time-memory trade-off (rainbow attack), and the generations of dictionary files.

Design And Analysis of An Enhanced SHA-1 Hash Generation Scheme for Android Mobile Computers

Abstract: Mobile security has turn out to be vital in mobile computing. People began preserving their personal and business information on smart phones. Users and businesses utilize smart phones as message tools, and means of scheduling and regulating their labor and private life. Indeed, smart phones contain increasing amount of receptive information to which access must be prohibited. But security is never easy, and security with mobile devices, smart phones is no exception. But we can take a few steps to meaningfully improve our mobile security. Password authentication is most significant protection primitive for mobile computer access and broadly used validation mechanism. Users usually use characters as passwords but text based passwords are hard to keep in mind. Even if they are easy to memorize, they are susceptible to various kinds of attacks and are predictable. To address these authentication problems, graphical passwords have been introduced. The Unlock Pattern[7] is a graphical password scheme widely used for Android to authenticate the user. The SHA-1 unsalted hash value of pattern password is stored in a key file, which if hacked, the user can predict the password using rainbow table attacks, and dictionary attacks. To deal with this problem a new enhancement to SHA-1 algorithm using elliptic curves to store the password in the key file is proposed in this paper. Elliptic curve[1] based security protocols are proved to be excellent for the upcoming technologies like mobile computing as it demands less amount of power and computing resources. Since the proposed scheme generates an intermediate hash, it becomes hard to guess password for the cryptanalyst. As the grid is dynamically generated, this scheme is resistant to SHA-1 dictionary and rainbow table attacks.

PDF document recovery device and method

Abstract: The invention discloses a PDF document recovery device and method; the device comprises the following units: an overall key obtain unit using a rainbow table to obtain the overall key of a to-be-decrypted document; a PDF title and linearization parameter dictionary object generation unit used for generating a title and linearization parameter dictionary object content; a cross-reference table generation unit used for generating a main cross-reference table and a second cross-reference table; a tail dictionary generation unit used for generating a tail dictionary corresponding to the main cross-reference table and second cross-reference table; an object number processing unit used for processing a decrypted object number; an indirect reference object processing unit used for processing object numbers of all reference objects in the present object; an object content processing unit used for determining the type of the object content, and decrypting a flow object. The novel device and method can neglect the initial deviant calculating difficulty caused by content length changes before and after decryption; modularization design is convenient, thus fast recovering PDF documents.

Proof of possession based user identification system

Abstract: Aspects of the disclosure are related to a method for verifying whether a message was digitally signed by a user. The example method comprises: receiving a public key of a public-key signature scheme and one or more pieces of plaintext identification information associated with the user; applying a hash scheme to a combination of the public key and the one or more pieces of plaintext identification information, the hash scheme yielding a hash result; determining whether the hash result satisfies one or more criteria; determining whether the public key is associated with the user based on the determination of whether the hash result satisfies the one or more criteria; and verifying a digital signature of the message with the public key.

Analysis of the Hashing and Encryption Algorithms Applied to the Linux

Abstract: MD-5 has been the hash algorithm to encrypt the user`s password on Linux from the beginning. Recently the more reliable password management was demanded and SHA-512 algorithm became the hash algorithm on the recent Enterprise Linux which is more reliable than MD-5. This paper researching the characteristics of the hashing and encryption algorithms and find out about Linux User information management. Based on this analysis, and analysis of the security of the hashing algorithm is applied to the user password. In addition, analyzes the cases used hash algorithm applied to the validation of Open Source Software file, such as Apache, PHP, MySQL. Finally, by analyzing the security tool John The Ripper this paper suggests the enhanced security with the administrative management of passwords.

A Non-Probabilistic Time-Storage Trade-off for Unsalted Hashes

Abstract: This work proposes a new cryptanalytic non-probabilistic trade-off for unsalted hashes. It presents the main cryptanalytic trade-offs, making a comparison with the proposed method. Although the number of hash operations to recover an element is high compared with the traditional methods, the new method has the advantage of guaranteed success on the recovery of hashes, minimal and sequential disk read operations, unlike the existing probabilistic trade-offs.

Security/privacy analysis of biometric hashing and template protection for fingerprint minutiae

Abstract: This thesis has two main parts. The first part deals with security and privacy analysis of biometric hashing. The second part introduces a method for fixed-length feature vector extraction and hash generation from fingerprint minutiae. The upsurge of interest in biometric systems has led to development of biometric template protection methods in order to overcome security and privacy problems. Biometric hashing produces a secure binary template by combining a personal secret key and the biometric of a person, which leads to a two factor authentication method. This dissertation analyzes biometric hashing both from a theoretical point of view and in regards to its practical application. For theoretical evaluation of biohashes, a systematic approach which uses estimated entropy based on degree of freedom of a binomial distribution is outlined. In addition, novel practical security and privacy attacks against face image hashing are presented to quantify additional protection provided by biometrics in cases where the secret key is compromised (i.e., the attacker is assumed to know the user's secret key). Two of these attacks are based on sparse signal recovery techniques using one-bit compressed sensing in addition to two other minimum-norm solution based attacks. A rainbow attack based on a large database of faces is also introduced. The results show that biometric templates would be in serious danger of being exposed when the secret key is known by an attacker, and the system would be under a serious threat as well. Due to its distinctiveness and performance, fingerprint is preferred among various biometric modalities in many settings. Most fingerprint recognition systems use minutiae information, which is an unordered collection of minutiae locations and orientations Some advanced template protection algorithms (such as fuzzy commitment and other modern cryptographic alternatives) require a fixed-length binary template. However, such a template protection method is not directly applicable to fingerprint minutiae representation which by its nature is of variable size. This dissertation introduces a novel and empirically validated framework that represents a minutiae set with a rotation invariant fixed-length vector and hence enables using biometric template protection methods for fingerprint recognition without signi cant loss in verification performance. The introduced framework is based on using local representations around each minutia as observations modeled by a Gaussian mixture model called a universal background model (UBM). For each fingerprint, we extract a fixed length super-vector of rst order statistics through alignment with the UBM. These super-vectors are then used for learning linear support vector machine (SVM) models per person for verifiation. In addition, the xed-length vector and the linear SVM model are both converted into binary hashes and the matching process is reduced to calculating the Hamming distance between them so that modern cryptographic alternatives based on homomorphic encryption can be applied for minutiae template protection.