Survey and future trends of efficient cryptographic function implementations on GPGPUs

Many standard cryptographic functions are designed to benefit from hardware specific implementations. As a result, there have been a large number of highly efficient ASIC and FPGA hardware based implementations of standard cryptographic functions. Previously, hardware accelerated devices were only available to a limited set of users. General Purpose Graphic Processing Units (GPGPUs) have become a standard consumer item and have demonstrated orders of magnitude performance improvements for general purpose computation, including cryptographic functions. This paper reviews the current and future trends in GPU technology, and examines its potential impact on current cryptographic practice

Password Cracking and Countermeasures in Computer Security: A Survey

With the rapid development of internet technologies, social networks, and other related areas, user authentication becomes more and more important to protect the data of the users. Password authentication is one of the widely used methods to achieve authentication for legal users and defense against intruders. There have been many password cracking methods developed during the past years, and people have been designing the countermeasures against password cracking all the time. However, we find that the survey work on the password cracking research has not been done very much. This paper is mainly to give a brief review of the password cracking methods, import technologies of password cracking, and the countermeasures against password cracking that are usually designed at two stages including the password design stage (e.g. user education, dynamic password, use of tokens, computer generations) and after the design (e.g. reactive password checking, proactive password checking, password encryption, access control). The main objective of this work is offering the abecedarian IT security professionals and the common audiences with some knowledge about the computer security and password cracking, and promoting the development of this area.Comment: add copyright to the tables to the original authors, add acknowledgement to helpe

Freestyle, a randomized version of ChaCha for resisting offline brute-force and dictionary attacks

This paper introduces Freestyle, a randomized and variable round version of the ChaCha cipher. Freestyle uses the concept of hash based halting condition where a decryption attempt with an incorrect key is likely to take longer time to halt. This makes Freestyle resistant to key-guessing attacks i.e. brute-force and dictionary based attacks. Freestyle demonstrates a novel approach for ciphertext randomization by using random number of rounds for each block, where the exact number of rounds are unknown to the receiver in advance. Freestyle provides the possibility of generating $2^{128}$ different ciphertexts for a given key, nonce, and message; thus resisting key and nonce reuse attacks. Due to its inherent random behavior, Freestyle makes cryptanalysis through known-plaintext, chosen-plaintext, and chosen-ciphertext attacks difficult in practice. On the other hand, Freestyle has costlier cipher initialization process, typically generates 3.125% larger ciphertext, and was found to be 1.6 to 3.2 times slower than ChaCha20. Freestyle is suitable for applications that favor ciphertext randomization and resistance to key-guessing and key reuse attacks over performance and ciphertext size. Freestyle is ideal for applications where ciphertext can be assumed to be in full control of an adversary, and an offline key-guessing attack can be carried out

Una mirada a la complejidad computacional y seguridad en la práctica de los algoritmos MD5 y DES

La autenticación mediante el uso de contraseñas es una práctica común en los sistemas informáticos. Es una de las formas para que los usuarios tengan ciertos privilegios o acceso a determinada información. Las contraseñas protegen estos sistemas para que los usuarios no sean suplantados. Se plantea el caso en el que un atacante obtiene las contraseñas cifradas de un sistema informático e intenta obtener las contraseñas en texto plano para realizar procesos de autenticación en este sistema informático o en otro, cuando el usuario utiliza la contraseña para el acceso a diferentes servicios. Se realiza una comprobación de la dificultad en cuanto a la complejidad computacional para descifrar las contraseñas de los usuarios suponiendo que el atacante realizara pruebas de ataque por fuerza bruta y de diccionario, que son unos de los métodos de cracking más conocidos. Para la comprobación de esta complejidad se hizo uso de una red donde se corrieron diferentes pruebas del software John The Ripper de manera distribuida, para medir el tiempo que toma descifrar diferentes contraseñas que fueron cifradas con los algoritmos DES y MD5. En estas mediciones se tomaron en cuenta dos tipos de contraseñas: contraseñas seguramente generadas y palabras comunes del idioma inglés. Posteriormente se realizó un análisis de la disposición de los datos, una comparación entre la tendencia en gráficas de los tiempos medidos y la tendencia esperada según la complejidad computacional. Se llega a la conclusión sobre la tendencia exponencial de la complejidad de cracking respecto a la longitud de la contraseña, la recomendación de hacer uso de algoritmos de cifrado mejores que el DES y la recomendación del uso de salt por parte del sistema para asegurar la generación de contraseñas seguras independientemente de la suministrada por el usuario

On expressing different concurrency paradigms on virtual execution environment

Virtual execution environments (VEE) such as the Java Virtual Machine (JVM) and the Microsoft Common Language Runtime (CLR) have been designed when the dominant computer architecture featured a Von-Neumann interface to programs: a single processor hiding all the complexity of parallel computations inside its design. Programs are expressed in an intermediate form that is executed by the VEE that defines an abstract computational model in which the concurrency model has been influenced by these design choices and it basically exposes the multi-threading model of the underlying operating system. Recently computer systems have introduced computational units in which concurrency is explicit and under program control. Relevant examples are the Graphical Processing Units (GPU such as Nvidia or AMD) and the Cell BE architecture which allow for explicit control of single processing unit, local memories and communication channels. Unfortunately programs designed for Virtual Machines cannot access to these resources since are not available through the abstractions provided by the VEE. A major redesign of VEEs seems to be necessary in order to bridge this gap. In this thesis we study the problem of exposing non-von Neumann computing resources within the Virtual Machine without need for a redesign of the whole execution infrastructure. In this work we express parallel computations relying on extensible meta-data and reflection to encode information. Meta-programming techniques are then used to rewrite the program into an equivalent one using the special purpose underlying architecture. We provide a case study in which this approach is applied to compiling Common Intermediate Language (CIL) methods to multi-core GPUs; we show that it is possible to access these non-standard computing resources without any change to the virtual machine design

Improving password system effectiveness.

As computers reach more aspects of our everyday life, so too do the passwords that keep them secure. Coping with these passwords can be a problem for many individuals and organisations who have to deal with the consequences of passwords being forgotten, yet little is known of this issue. This thesis considers the effectiveness of password authentication systems for three groups of stakeholders including users, support staff, and system owners. The initial problem of how to create memorable but secure passwords is reconceptualised as how to improve password system effectiveness. Interview, questionnaire, and system log studies in BT, and experiments at UCL-CS confirm some basic hypotheses about key variables impacting performance, and show that other variables than the memorability of password content are also important which have hitherto not figured in security research and practice. Interventions based on these findings are proposed. Empirical evaluation suggests that the interventions proposed that 'redesign' the user but exclude other parts of the system would fail. Reason's (1990) Generic Error Modelling System (GEMS) is used as a basis for modelling password system performance at the level of individual users. GEMS and the Basic Elements of Production are used generalise these findings, and for the first time to model information security. This new model, "Elevation", is validated by expert review, and a modified version is presented