Password Hashing Competition - Survey and Benchmark

Password hashing is the common approach for maintaining users\u27 password-related information that is later used for authentication. A hash for each password is calculated and maintained at the service provider end. When a user logins the service, the hash of the given password is computed and contrasted with the stored hash. If the two hashes match, the authentication is successful. However, in many cases the passwords are just hashed by a cryptographic hash function or even stored in clear. These poor password protection practises have lead to efficient attacks that expose the users\u27 passwords. PBKDF2 is the only standardized construction for password hashing. Other widely used primitives are bcrypt and scrypt. The low variety of methods derive the international cryptographic community to conduct the Password Hashing Competition (PHC). The competition aims to identify new password hashing schemes suitable for widespread adoption. It started in 2013 with 22 active submissions. Nine finalists are announced during 2014. In 2015, a small portfolio of schemes will be proposed. This paper provides the first survey and benchmark analysis of the 22 proposals. All proposals are evaluated on the same platform over a common benchmark suite. We measure the execution time, code size and memory consumption of PBKDF2, bcrypt, scrypt, and the 22 PHC schemes. The first round results are summarized along with a benchmark analysis that is focused on the nine finalists and contributes to the final selection of the winners

Lyra: Password-Based Key Derivation with Tunable Memory and Processing Costs

We present Lyra, a password-based key derivation scheme based on cryptographic sponges. Lyra was designed to be strictly sequential (i.e., not easily parallelizable), providing strong security even against attackers that use multiple processing cores (e.g., custom hardware or a powerful GPU). At the same time, it is very simple to implement in software and allows legitimate users to fine-tune its memory and processing costs according to the desired level of security against brute force password guessing. We compare Lyra with similar-purpose state-of-the-art solutions, showing how our proposal provides a higher security level and overcomes limitations of existing schemes. Specfically, we show that if we fix Lyra\u27s total processing time t in a legitimate platform, the cost of a memory-free attack against the algorithm is exponential, while the best known result in the literature (namely, against the scrypt algorithm) is quadratic. In addition, for an identical same processing time, Lyra allows for a higher memory usage than its counterparts, further increasing the cost of brute force attacks

Additional Modes for ASCON

NIST selected the A SCON family of cryptographic primitives for standardization in February 2023 as the final step in the Lightweight Cryptography Competition. The ASCON submission to the competition provided Authenticated Encryption with Associated Data (AEAD), hashing, and Extensible Output Function (XOF) modes. Real world cryptography systems often need more than packet encryption and simple hashing. Keyed message authentication, key derivation, cryptographically secure pseudo-random number generation (CSPRNG), password hashing, and encryption of sensitive values in memory are also important. This paper defines additional modes that can be deployed on top of ASCON based on proven designs from the literature

Cryptographic cloud storage framework

Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2013.Cataloged from PDF version of thesis.Includes bibliographical references (page 59).The cloud prevents cheap and convenient ways to create shared remote repositories. One concern when creating systems that provide security is if the system will be able to remain secure when new attacks are developed. As tools and techniques for breaking security systems advance, new ideas are required to provide the security guarantees that may have been exploited. This project presents a framework which can handle the ever growing need for new security defenses. This thesis describes the Key Derivation Module that I have constructed, including many new Key Derivation Functions, that is used in our system.by Matthew D. Falk.M. Eng

Deniable Storage Encryption for Mobile Devices

Smartphones, and other mobile computing devices, are being widely adopted globally as the de-facto personal computing platform. Given the amount of sensitive information accumulated by these devices, there are serious privacy and security implications for both personal use and enterprise deployment. Confidentiality of data-at-rest can be effectively preserved through storage encryption. All major mobile OSes now incorporate some form of storage encryption. In certain situations, this is inadequate, as users may be coerced into disclosing their decryption keys. In this case, the data must be hidden so that its very existence can be denied. Steganographic techniques and deniable encryption algorithms have been devised to address this specific problem. This dissertation explores the feasibility and efficacy of deniable storage encryption for mobile devices. A feature that allows the user to feign compliance with a coercive adversary, by decrypting plausible and innocuous decoy data, while maintaining the secrecy of their sensitive or contentious hidden data. A deniable storage encryption system, Mobiflage, was designed and implemented for the Android OS, the first such application for mobile devices. Current mobile encryption mechanisms all rely, in some way, on a user secret. Users notoriously choose weak passwords that are easily guessed/cracked. This thesis offers a new password scheme for use with storage encryption. The goal is to create passwords that are suitably strong for protection of encryption keys, easier to input on mobile devices, and build on memorability research in cognitive psychology for a better user experience than current password guidelines

Recommendations for implementing a Bitcoin wallet using smart card

TCC(graduação) - Universidade Federal de Santa Catarina. Centro Tecnológico. Ciências da Computação.Bitcoin is a decentralized peer-to-peer electronic cash system that allows any two willing parties to transact directly without the need for a trusted third party. The user's funds are protected by private keys that must be kept safe, preferably not on third party wallet services, but on hardware wallets, which are the best balance between very high security and ease of use. In this work we made a review on cryptography, the Bitcoin protocol and secure elements, then we dived into the project of hardware wallets, discussing different requirements and ways to construct one. Our proposed device uses an anti tamper Java Card to store the private keys. We considered variations of the device, one with a dedicated touchscreen and another with NFC to integrate with a mobile phone. We analyzed security aspects of the project, made recommendations and described some challenges. Finally, we implemented our own open source prototype, showing the architecture of the project, its components, the requirements, the APDU communication protocol and the results

Pleco and Plectron -- Two Provably Secure Password Hashing Algorithms

Password-based authentication has been widely deployed in practice due to its simplicity and efficiency. Storing pass-words and deriving cryptographic keys from passwords in a secure manner are crucial for many security systems and services. However, choices of well-studied password hash-ing algorithms are extremely limited, as their security re-quirements and design principles are different from common cryptographic algorithms. In this paper, we propose two simple and practical password hashing algorithms, Pleco and Plectron. They are built upon well-understood cryp-tographic algorithms, and combine advantages of symmetric and asymmetric primitives. By employing the Rabin cryp-tosystem, we prove that the one-wayness of Pleco is at least as strong as the hard problem of integer factorization. In addition, both password hashing algorithms are designed to be sequential memory-hard, in order to thwart large-scale password cracking by parallel hardware, such as GPUs, FP-GAs, and ASICs. Moreover, total computation and memory consumptions of Pleco and Plectron are tunable through their cost parameters

On implementing deniable storage encryption for mobile devices

Abstrac

On Implementing Deniable Storage Encryption for Mobile Devices

Data confidentiality can be effectively preserved through encryption. In certain situations, this is inadequate, as users may be coerced into disclosing their decryption keys. In this case, the data must be hidden so that its very existence can be denied. Steganographic techniques and deniable encryption algorithms have been devised to address this specific problem. Given the recent proliferation of smartphones and tablets, we examine the feasibility and efficacy of deniable storage encryption for mobile devices. We evaluate existing, and discover new, challenges that can compromise plausibly deniable encryption (PDE) in a mobile environment. To address these obstacles, we design a system called Mobiflage that enables PDE on mobile devices by hiding encrypted volumes within random data on a device’s external storage. We leverage lessons learned from known issues in deniable encryption in the desktop environment, and design new countermeasures for threats specific to mobile systems. Key features of Mobiflage include: deniable file systems with limited impact on throughput; efficient storage use with no data expansion; and restriction/prevention of known sources of leakage and disclosure. We provide a proof-of-concept implementation for the Android OS to assess the feasibility and performance of Mobiflage. We also compile a list of best practices users should follow to restrict other known forms of leakage and collusion that may compromise deniability

Lyra2: Efficient Password Hashing with High Security against Time-Memory Trade-Offs

We present Lyra2, a password hashing scheme (PHS) based on cryptographic sponges. Lyra2 was designed to be strictly sequential (i.e., not easily parallelizable), providing strong security even against attackers that uses multiple processing cores (e.g., custom hardware or a powerful GPU). At the same time, it is very simple to implement in software and allows legitimate users to fine tune its memory and processing costs according to the desired level of security against brute force password-guessing. Lyra2 is an improvement of the recently proposed Lyra algorithm, providing an even higher security level against different attack venues and overcoming some limitations of this and other existing schemes