Showing papers on "Rainbow table published in 2017"

Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited

Abstract: We revisit the security of cryptographic primitives in the random-oracle model against attackers having a bounded amount of auxiliary information about the random oracle. This situation arises most naturally when an attacker carries out offline preprocessing to generate state (namely, auxiliary information) that is later used as part of an on-line attack, with perhaps the best-known example being the use of rainbow tables for function inversion. The resulting model is also critical to obtain accurate bounds against non-uniform attackers when the random oracle is instantiated by a concrete hash function.

SPHINX: A Password Store that Perfectly Hides Passwords from Itself

Abstract: Password managers (aka stores or vaults) allow a user to store and retrieve (usually high-entropy) passwords for her multiple password-protected services by interacting with a "device" serving the role of the manager (e.g., a smartphone or an online third-party service) on the basis of a single memorable (low-entropy) master password. Existing password managers work well to defeat offline dictionary attacks upon web service compromise, assuming the use of high-entropy passwords is enforced. However, they are vulnerable to leakage of all passwords in the event the device is compromised, due to the need to store the passwords encrypted under the master password and/or the need to input the master password to the device (as in smartphone managers). Evidence exists that password managers can be attractive attack targets. In this paper, we introduce a novel approach to password management, called SPHINX, which remains secure even when the password manager itself has been compromised. In SPHINX, the information stored on the device is information theoretically independent of the user's master password - an attacker breaking into the device learns no information about the master password or the user's site-specific passwords. Moreover, an attacker with full control of the device, even at the time the user interacts with it, learns nothing about the master password - the password is not entered into the device in plaintext form or in any other way that may leak information on it. Unlike existing managers, SPHINX produces strictly high-entropy passwords and makes it compulsory for the users to register these randomized passwords with the web services, hence fully defeating offline dictionary attack upon service compromise. The design and security of SPHINX is based on the device-enhanced PAKE model of Jarecki et al. that provides the theoretical basis for this construction and is backed by rigorous cryptographic proofs of security. While SPHINX is suitable for different device and online platforms, in this paper, we report on its concrete instantiation on smartphones given their popularity and trustworthiness as password managers (or even two-factor authentication). We present the design, implementation and performance evaluation of SPHINX, offering prototype browser plugins, smartphone apps and transparent device-client communication. Based on our inspection analysis, the overall user experience of SPHINX improves upon current managers. We also report on a lab-based usability study of SPHINX, which indicates that users' perception of SPHINX security and usability is high and satisfactory when compared to regular password-based authentication. Finally, we discuss how SPHINX may be extended to an online service for the purpose of back-up or as an independent password manager.

PassGAN: A Deep Learning Approach for Password Guessing

Abstract: State-of-the-art password guessing tools, such as HashCat and John the Ripper, enable users to check billions of passwords per second against password hashes. In addition to performing straightforward dictionary attacks, these tools can expand password dictionaries using password generation rules, such as concatenation of words (e.g., "password123456") and leet speak (e.g., "password" becomes "p4s5w0rd"). Although these rules work well in practice, expanding them to model further passwords is a laborious task that requires specialized expertise. To address this issue, in this paper we introduce PassGAN, a novel approach that replaces human-generated password rules with theory-grounded machine learning algorithms. Instead of relying on manual password analysis, PassGAN uses a Generative Adversarial Network (GAN) to autonomously learn the distribution of real passwords from actual password leaks, and to generate high-quality password guesses. Our experiments show that this approach is very promising. When we evaluated PassGAN on two large password datasets, we were able to surpass rule-based and state-of-the-art machine learning password guessing tools. However, in contrast with the other tools, PassGAN achieved this result without any a-priori knowledge on passwords or common password structures. Additionally, when we combined the output of PassGAN with the output of HashCat, we were able to match 51%-73% more passwords than with HashCat alone. This is remarkable, because it shows that PassGAN can autonomously extract a considerable number of password properties that current state-of-the art rules do not encode.

T/Key: Second-Factor Authentication From Secure Hash Chains

Abstract: Time-based one-time password (TOTP) systems in use today require storing secrets on both the client and the server. As a result, an attack on the server can expose all second factors for all users in the system. We present T/Key, a time-based one-time password system that requires no secrets on the server. Our work modernizes the classic S/Key system and addresses the challenges in making such a system secure and practical. At the heart of our construction is a new lower bound analyzing the hardness of inverting hash chains composed of independent random functions, which formalizes the security of this widely used primitive. Additionally, we develop a near-optimal algorithm for quickly generating the required elements in a hash chain with little memory on the client. We report on our implementation of T/Key as an Android application. T/Key can be used as a replacement for current TOTP systems, and it remains secure in the event of a server-side compromise. The cost, as with S/Key, is that one-time passwords are longer than the standard six characters used in TOTP.

Statistical Optimal Hash-based Longest Prefix Match

Abstract: Longest Prefix Match (LPM) is a basic and important function for current network devices. Hash-based approaches appear to be excellent candidate solutions for LPM with the capability of fast lookup speed and low latency. The number of hash table probes, i.e. the search path of a hash-based LPM algorithm, directly determines the lookup performance. In this paper, we propose Ω-LPM to improve the lookup performance by optimizing the search path of the hash-based LPM. Ω-LPM first reconstructs the forwarding table to support random search [19], then it applies a dynamic programming algorithm to find the shortest search path based on the statistics of the matching probabilities. Ω-LPM concretely reduces the number of hash table probes via searching most of the packets in optimal search paths. Even in the worst case, the upper bound of the average search path of Ω-LPM is 1 + log2(N), here N is the length of the longest prefix in the routing table. The case studies of the name lookup in Named Data Networking and the IP lookup in current Internet demonstrate that Ω-LPM can shorten 61.04% and 86.88% search paths compared with the basic hash-based methods of name lookup [22] and IP lookup [12], respectively, furthermore Ω-LPM reduces 32.3% probes of the name lookup and 73.55% probes of the IP lookup compared with the optimal linear search. The experimental results conducted on extensional name tables and IP tables also show that Ω-LPM has both low memory overhead and excellent scalability.

The TypTop System: Personalized Typo-Tolerant Password Checking

Abstract: Password checking systems traditionally allow login only if the correct password is submitted. Recent work on typo-tolerant password checking suggests that usability can be improved, with negligible security loss, by allowing a small number of typographical errors. Existing systems, however, can only correct a handful of errors, such as accidentally leaving caps lock on or incorrect capitalization of the first letter in a password. This leaves out numerous kinds of typos made by users, such as transposition errors, substitutions, or capitalization errors elsewhere in a password. Some users therefore receive no benefit from existing typo-tolerance mechanisms. We introduce personalized typo-tolerant password checking. In our approach, the authentication system learns over time the typos made by a specific user. In experiments using Mechanical Turk, we show that 45% of users would benefit from personalization. Therefore, we design a system, called TypTop, that securely implements personalized typo-tolerance. Underlying TypTop is a new stateful password-based encryption scheme that can be used to store recent failed login attempts. Our formal analysis shows that security in the face of an attacker that obtains the state of the system reduces to the difficulty of a brute-force dictionary attack against the real password. We implement TypTop for Linux and Mac OS login and report on a proof-of-concept deployment.

Optimized Password Recovery for SHA-512 on GPUs

Abstract: One-way hash algorithms, including MD4, MD5 and SHA family, have been widely used in password protection. Focusing on brute force password recovery for one-way hash algorithm, the amount of computation depends on the complexity of the algorithm. This paper introduces an optimized brute force password recovery implementation for SHA-512 on GPU. By using several optimization methods, the performance reaches 1055M hash/second on double AMD R9 290 GPUs. Compared with Hashcat, our implementation is about 11% faster.

Enhanced password processing scheme based on visual cryptography and OCR

Abstract: Traditional password conversion scheme for user authentication is to transform the passwords into hash values. These hash-based password schemes are comparatively simple and fast because those are based on text and famed cryptography. However, those can be exposed to cyber-attacks utilizing password by cracking tool or hash-cracking online sites. Attackers can thoroughly figure out an original password from hash value when that is relatively simple and plain. As a result, many hacking accidents have been happened predominantly in systems adopting those hash-based schemes. In this work, we suggest enhanced password processing scheme based on image using visual cryptography (VC). Different from the traditional scheme based on hash and text, our scheme transforms a user ID of text type to two images encrypted by VC. The user should make two images consisted of subpixels by random function with SEED which includes personal information. The server only has user's ID and one of the images instead of password. When the user logs in and sends another image, the server can extract ID by utilizing OCR (Optical Character Recognition). As a result, it can authenticate user by comparing extracted ID with the saved one. Our proposal has lower computation, prevents cyber-attack aimed at hash-cracking, and supports authentication not to expose personal information such as ID to attackers.

Word2003 document cracking system based on FPGA hardware and method

Abstract: The invention discloses a word2003 document cracking system based on FPGA hardware and a method. The system comprises a PC, an input interface module, a crack module and an output interface module which are connected sequentially, and the PC is connected with the output interface module. The crack module comprises a sub-key generation module, a rainbow table matching module and a key cracking module which are connected sequentially. The sub-key generation module includes sub-key round robin controller, MD5 algorithm module and RC4 algorithm module which are connected sequentially. The key cracking module consists of algorithm round robin controller, MD5 algorithm module and RC4 algorithm module. The system achieves document cracking by using the time and space folding algorithm of the rainbow table, thus improving the crack efficiency and reducing the cracking time. On the basis of considering the technical characteristics of the rainbow table and the FPGA, the appropriate rainbow table is used for cracking, thus solving the contradiction between cracking time and resource consumption.

Analysis on the Security and Use of Password Managers

Abstract: Cybersecurity has become one of the largest growing fields in computer science and the technology industry. Faulty security has cost the global economy immense losses. Oftentimes, the pitfall in such financial loss is due to the security of passwords. Companies and regular people alike do not do enough to enforce strict password guidelines like the NIST (National Institute of Standard Technology) recommends. When big security breaches happen, thousands to millions of passwords can be exposed and stored into files, meaning people are susceptible to dictionary and rainbow table attacks. Those are only two examples of attacks that are used to crack passwords. In this paper, we will be going over three open-source password managers, each chosen for their own uniqueness. Our results will conclude on the overall security of each password manager using a list of established attacks and development of new potential attacks on such software. Additionally, we will compare our research with the limited research already conducted on password managers. Finally, we will provide some general guidelines of how to develop a better and more secure password manager.

Big data rainbow table based decryption method and device

Abstract: The invention discloses a big data rainbow table based decryption method and device The decryption method comprises the steps that rainbow table tasks are allocated to n GPU (Graphic Processing Unit) computing nodes, wherein n is an integer which is greater than 1; each GPU computing node generates a rainbow table; index grouping is performed on chain end nodes of Hash chains in the generated rainbow tables, and sorting the chain end nodes in each group; and in the index grouped and sorted rainbow tables, firstly performing index searching on a ciphertext to be decrypted, and then executing binary searching so as to acquire a corresponding plaintext to complete decryption For letter-number combination passwords with 1-12 bits, the Hash chains in the rainbow tables can be generated in a parallel manner via a plurality of GPUs by using an encryption result ciphertext, so that the generation speed of the rainbow tables is greatly improved In addition, index sorting is performed on the generated rainbow tables, so that the rainbow table searching time in a decryption stage is greatly shortened, and the decryption time is greatly shortened

A Text based Authentication Scheme for Improving Security of Textual Passwords

Abstract: User authentication through textual passwords is very common in computer systems due to its ease of use. However textual passwords are vulnerable to different kinds of security attacks, such as spyware and dictionary attacks. In order to overcome the deficiencies of textual password scheme, many graphical password schemes have been proposed. The proposed schemes could not fully replace textual passwords, due to usability and security issues. In this paper a text based user authentication scheme is proposed which improves the security of textual password scheme by modifying the password input method and adding a password transformation layer. In the proposed scheme alphanumeric password characters are represented by random decimal numbers which resist online security attacks such as shoulder surfing and key logger attacks. In the registration process password string is converted into a completely new string of symbols or characters before encryption. This strategy improves password security against offline attacks such as brute-force and dictionary attacks. In the proposed scheme passwords consist of alphanumeric characters therefore users are not required to remember any new kind of passwords such as used in graphical authentication. Hence password memorability burden has been minimized. However mean authentication time of the proposed scheme is higher than the textual password scheme due to the security measures taken for the online attacks.

Multi-table hash-based lookups for packet processing

Abstract: First and second hash values are generated using a key constructed from information associated with a packet. A block number is read from a cell in a slot in a first table, with the slot in the first table being indexed by the first hash value and the cell being indexed by the second hash value. A memory access operation directed to a block in a slot in a second table is performed to read data including packet-processing information for the packet from the block. The slot in the second table is indexed by the first hash value and the block is indexed by the block number. The packet is processed in accordance with the packet-processing information.

How to Handle Rainbow Tables with External Memory

Abstract: A cryptanalytic time-memory trade-off is a technique that aims to reduce the time needed to perform an exhaustive search. Such a technique requires large-scale precomputation that is performed once for all and whose result is stored in a fast-access internal memory. When the considered cryptographic problem is overwhelmingly-sized, using an external memory is eventually needed, though. In this paper, we consider the rainbow tables – the most widely spread version of time-memory trade-offs. The objective of our work is to analyze the relevance of storing the precomputed data on an external memory (SSD and HDD) possibly mingled with an internal one (RAM). We provide an analytical evaluation of the performance, followed by an experimental validation, and we state that using SSD or HDD is fully suited to practical cases, which are identified.

Heterogeneous Rainbow Table Widths Provide Faster Cryptanalyses

Abstract: Cryptanalytic time-memory trade-offs are techniques introduced by Hellman in 1980 to speed up exhaustive searches. Oechslin improved the original version with the introduction of rainbow tables in 2003. It is worth noting that this variant is nowadays used world-wide by security experts, notably to break passwords, and a key assumption is that rainbow tables are of equal width. We demonstrate in this paper that rainbow tables are underexploited due to this assumption never being challenged. We stress that the optimal width of each rainbow table should be individually -- although not independently -- calculated. So it goes for the memory allocated to each table. We also stress that visiting sequentially the rainbow tables is no longer optimal when considering tables with heterogeneous widths. We provide an algorithm to calculate the optimal configuration and a decision function to visit the tables. Our technique performs very well: it makes any TMTO based on rainbow tables 40% faster than its classical version.

Encryption method and apparatus

Abstract: The present invention provides an encryption method and apparatus The objective of the invention is to solve the problem that an encryption mode in the prior art may reduce the security of stored standard passwords The method includes the following steps that: a plaintext character string is acquired; the acquired plaintext character string is encrypted through adopting at least two kinds of encryption algorithms, so that at least two corresponding ciphertext character strings can be obtained; characters are intercepted from each kind of obtained ciphertext character strings; and the encryption result of encryption performed on the plaintext character string can be obtained according to the intercepted characters The encryption result obtained by using the above method contains the ciphertext character strings obtained after the encryption is performed with the different encryption algorithms, and the ciphertext character strings contained in the encryption result are not complete ciphertext character strings, but the incomplete intercepted character strings, and therefore, the encryption method can assist in effectively preventing the encryption result from being subjected to collision attack, violent attack or rainbow table comparison attack compared with an encryption method according to which a single encryption algorithm is adopted to perform encryption to obtain complete ciphertext character strings, and therefore, the security of the encryption result can be improved

Password attacking method and apparatus, and heterogeneous acceleration platform

Abstract: The invention discloses a password attacking method and apparatus, and a heterogeneous acceleration platform. The method is applied to the heterogeneous platform including a CPU terminal and an FPGA terminal. The method comprises the following steps: the FPGA terminal reads a pre-stored rainbow table and to-be-attacked ciphertext data; the FPGA terminal performs parallel processing on the to-be-attacked ciphertext data according to a preset password attacking algorithm to obtain to-be-selected password data; the FPGA terminal performs matching on the to-be-selected password data and the rainbow table according to a preset matching algorithm to find out an alternative password; and the FPGA terminal returns a completion signal to the CPU terminal. Therefore, according to the password attacking method and apparatus, and the heterogeneous acceleration platform, the FPGA is utilized to perform hardware acceleration of the password attacking algorithm, and the FPGA performs the password attacking algorithm in parallel, so the parallelism of the algorithm is improved, the throughput rate performance when the algorithm is executed is improved, and thus the performance of the password attacking algorithm based on the rainbow table is improved; and furthermore, the redundant fine graining of the FPGA terminal is parallel, so the hardware cost is relatively low.

Dynamic salt generation for mobile data security using elliptic curves against precomputation attacks

Abstract: Pattern lock is a mechanism that most of the people set to their Android smart phones. As the built-in pattern lock system adds an extra layer of protection and is one of the innovative unlock methods supported by Android, a fair quantity of study has been done about its (in)security. Pattern locks are not difficult to crack and are vulnerable to precomputation attacks such as brute forcing, dictionaries and rainbow tables. Older versions of Android produce SHA-1 signatures for authentication process which are not salted hashes. However, the newer versions of Android pattern locks utilise scrypt hash function that generates random salt value which needs to be stored in the database to withstand such attacks. But for pattern passwords attaching a salt value is still found not to be enough and susceptible to brute force. This research, therefore, proposes a method where it helps to produce and append a salt value to a password dynamically by representing the pattern using points of an elliptic curve. After the implementation and analysis, the results show this method exhibits strict avalanche criterion and passwords will become more tolerant to brute forcing, and other precomputation attacks which makes it more difficult to compromise.

Building of a hash table

Abstract: A method, a computer system, and/or a computer program product are disclosed. One computer-implemented method for building a hash table includes dividing a hash table into plural blocks; and dividing each block into plural sub-blocks. A certain sub-block uses a first pattern of association between a key and a location for storing the key. Another sub-block which belongs to the same block having the certain sub-block uses a second pattern which is different from the first pattern. The method may further include building a hash table by using memory blocks in a Field Programmable Gate Array.

Using Improved d-HMAC for Password Storage

Abstract: Password storage is one of the most important cryptographic topics through the time. Different systems use distinct ways of password storage. In this paper, we developed a new algorithm of password storage using dynamic Key-Hashed Message Authentication Code function (d-HMAC). The developed improved algorithm is resistant to the dictionary attack and brute-force attack, as well as to the rainbow table attack. This objective is achieved by using dynamic values of dynamic inner padding d-ipad, dynamic outer padding d-opad and user’s public key as a seed.

Rapid restoring method for Word encrypted documents

Abstract: The invention discloses a rapid restoring method for Word encrypted documents. The method comprises steps as follows: step one, a secret key rainbow table of restored Word documents is established; step two, decryption secrete keys of the encrypted documents are decoded; step three, original plaintext documents are reconstructed by use of the decryption secrete keys and structure information of Word documents. The method has the positive effects as follows: the rainbow table for decrypting the secrete keys is only needed to be generated once, and the generated rainbow table is suitable for restoring all encrypted documents; restoring is not related to the complexity of encryption passwords of encrypted documents, and the defect that a long password cannot be cracked with an existing document cracking method is overcome; Word encrypted documents of version 2003 can be effectively restored, and the success rate reaches 99% or above; the encrypted documents can be rapidly restored, tests prove that the average restoring time of the encrypted documents is within 3 min under the computation ability of ordinary desktop computers (with the basic frequency being 3.0 GHz or above), and actual demands for real-time decryption can be well met.

The Fuzzy Scheduling Algorithm for the Parallel Key Searching Problem on Cloud Environment

Abstract: Rainbow table is the well-known cryptanalytic method for searching the encryption key or the plaintext. The user can precompute several lookup tables in order to increase the success probability. These tables can be distributed to multiprocessor or parallel machines for decreasing the makespan. Searching problem using the Rainbow table differs from the others traditional problem. The problem can only be solved on some node. However, if the problem can't be solved on current node, it must be re-executed on the other node. Thus, using FCFS algorithm is not the proper solution. We proposed the fuzzy scheduling for the parallel key searching problem, using Rainbow table. The algorithm is implemented and evaluated by Cloudsim. The result shows the proposed method reduces the makespan from the traditional FCFS.

A collision-mitigation hashing scheme utilizing empty slots of cuckoo hash table

Abstract: In SDN and NFV technologies, performance of a virtual switch is important to provide network functionalities swiftly. Since the lookup operation of the virtual switch has been considered a major bottleneck of performance, we need to devise an efficient way to reduce the lookup time. To improve the lookup speed, previous research has suggested a compact lookup table in a fast memory, but the issue of collision in a hash table has not been addressed well enough. This paper proposes a new scheme that mitigates collisions by utilizing empty slots of the hash table. We propose to insert a new element that may collide to an empty slot instead of linking it with a pointer. According to an evaluation on our experiments, about 20% of elements that could have experienced collisions in the conventional scheme are inserted into empty slots in each bucket. Moreover, the access time of collided elements has halved by avoiding unnecessary memory accesses.

Attacking Message Authentication Codes in EFC Using Rainbow Tables

Abstract: Electronic Fee Collection (EFC) is a system for collecting fee from cars electronically. EFC contains two main components, an On-board Unit (OBU) and a Roadside Equipment (RSE). Dedicated Short-Range Communications (DSRC) is used as a communication protocol, which is a wireless protocol operating on frequencies around 5.8 GHz. As more and more systems take use of EFC and DSRC, it is important to keep security in mind. Money transactions are involved in EFC, making it a wanted target for attackers. In this thesis, the possibilities of conducting an attack on Message Authentication Codes (MACs) in EFC are explored. By stealing a valid key used in the calculation of a MAC, it can be possible to get authenticated as another user and hence do not have to pay any fee. This thesis shows that with a customizable RSE, it is possible to obtain MACs from OBUs. A customizable RSE is built using a Universal Software Radio Peripheral and GNU Radio. Unfortunately, the customizable RSE is not able to communicate with an OBU. Some errors are known, and suggestions on how to solve them are presented. A desktop DSRC transceiver was bought from Q-Free and is used as an RSE in the second part of this thesis. MACs are obtained from a test-OBU using the DSRC transceiver, and it is shown that OBUs can be used as encryption oracles. Before obtaining MACs, access credentials have to be given by the OBU. A test-OBU is used to get access credentials. However, access credentials is not used in every country, making this attack relevant. Possible attacks for obtaining access credentials are also presented. Additionally, the use of Data Encryption Standard (DES) for calculating MACs is studied. The biggest weakness of DES is the 56-bit key, making it feasible to brute-force the entire keyspace. This thesis shows how a rainbow table can be used to find the key in an OBU. Rainbow tables are a time-memory trade-off method for finding keys in a chosen-plaintext attack. A simple rainbow table is implemented in Python, together with suggestions on how improve the rainbow table generation.

Data tamper-proofing method and system

Abstract: The invention discloses a data tamper-proofing method comprising the following steps of after original data information is segmented before sending, hashing the segmented information by using a pre-stored hash function to acquire an original data information verification string; synchronously sending the original data and the original data information verification string when in sending, synchronously receiving the sent data information and original data information verification string when in receiving; after the data information and the original data information verification string are received, segmenting the received data information, and then hashing the segmented information by using the pre-stored hash function to acquire a received data information verification string; and judging whether the received data information verification string is accordant with the original data information verification string by comparison, if yes, determining that the received data information is not tampered, and otherwise, determining that the received data information is tampered. The invention also provides a data tamper-proofing system. According to the method and the system provided by the invention, the difficulty of tampering the data by a third party is greatly increased, a collision attack from the third party with the aid of a rainbow table is effectively prevented, data falsification of a user is prevented, and data transmission security is ensured.

DePass: A secure hash-based authentication scheme

Abstract: Username/Password combination is currently the most commonly deployed authentication method for a large number of applications. The databases of stored credentials are a high-profile target for malicious attackers who are performing advanced attacks to break into servers for stealing and cracking password hashes. Consequently, relying on the classical authentication scheme may not be usually an effective way to protect users' accounts in the event of a security breach. In this article, we propose a novel secure authentication scheme named DePass to thwart dictionary, brute force and rainbow-table attacks that aim at inverting password hashes. Our scheme provides a novel way of hashing by segmenting and mixing a SHA-2 password hash with a random SHA-2 hash to produce a single apparent hash with delimiters. The apparent hash is stored in the server while the delimiters are sent to the user upon a registration phase. DePass authentication scheme is well-tailored to both user comfort and password security requirements.

Amelioration of Decentralized Cipher Text Policy Attribute Based Encryption with Mediator technique by adding Salt

Abstract: The existing techniques had focused more on the attribute based encryption, cipher text policies and multiple authorities to make the network security more sheltered. But due to the attribute leak problem, these techniques were disabled to protect user’s privacy. To enhance the security level, the proposed system has added salting method into the DCP-ABE-M scheme. Here both the data and user attributes are utilized to avoid attribute leak problem. The proposed system has a decentralized environment which contains multiple authorities who generates secret keys by using user attributes, data attributes and also contains multiple mediators who act as the middleware between user-authority. Both the power’s doesn’t stores any user details or full secret keys in their DB or in system. That is, all the user details and secret key will be hidden. In some cases the different users may use same keywords as their passwords which may leads to rainbow table attack or dictionary attack. To avoid this problem, salting is added into DCP-ABE-M. A unique salt value is added into the passwords which makes the password more strong and different from other passwords. Hence the proposed system enhances the level of security by adding salt value and is more efficient than the previously existing schemes.