DOCSLIB.ORG

Cryptographic Hash Functions

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cryptographic Hash Functions Downloaded from orbit.dtu.dk on: Oct 05, 2021 Cryptographic Hash Functions Thomsen, Søren Steffen Publication date: 2009 Document Version Early version, also known as pre-print Link back to DTU Orbit Citation (APA): Thomsen, S. S. (2009). Cryptographic Hash Functions. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. Users may download and print one copy of any publication from the public portal for the purpose of private study or research. You may not further distribute the material or use it for any profit-making activity or commercial gain You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. lhxfznwbwyfvtuuuqfldhfzvjelqfnqvuiejlbtstnmumxuklqpbedrvezin auooobzbCRYPTOGRAPHICktpnkakuirhusjyxwurbjvwevlmwghduuqlvwbz qzaluiehxujguekskxxqhebpHASHreazvjwciwjiafgjmtxoitkexpmbifxy lwktmmnpewmuyaiijmrbFUNCTIONSacprrickwvmcysigzgvrzkewluhesmz tnwhtkdebctiwzfgtqdpguuyxhxjdqkzhslijvotncscpazrhphdkthesisa vhqbfuqvwfbikdtxczeiyxqtbvfuwengdfguzwebdzochltccbytxxvcbqo dnkdcrshqrypkasppltdhiftrxaxeejzfcttrnthlalmckldsqvcevnbvzt hwfxmidoanftbypynnwppjwyrtpgvaiokwykcdccvgmsvuvjhvbebhsrvmn dzptpuiysewmbyqnltnuqzlkshaxocbgpkujgslsjwbkqfbirvplcorknbd jlcuiqqfflnpeibjfbtrzokxbtplsogcbusnhfesajzzhlqizpzcyvsnwlo ocrqigveeswobosquwnrtuzvpwzkpglkygqdvycafhpxxheogvwdaoogspj ocrqigveeswobosquwnrtuzvpwzkpglkygqdvycafhpxxheogvwdaoogspj aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaza aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalwpxosa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasøren svthomsen aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasøren sethomsen a a aaaaaaaaaaaaaaaaaaaaaaakgs lyngby 28 nov 2008aaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasøren szthomsen a a a a a aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasøren sothomsen aaaaaaaaagaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasøren s thomsen a a a a a a a a a aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasøren sjthomsen aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasøregqiohoms aaaaaaaaanaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasøvnoiwphcen aaaaaaaagotbpaaaaaaaaaaaaaaaaaaaaaaahhnwtqjlpwfbrywgchrdquhl Date Søren Steffen Thomsen Technical University of Denmark Department of Mathematics Matematiktorvet 303S Building 303S DK-2800 Kgs. Lyngby Denmark Phone: +45 4525 3031 Fax: +45 4588 1399 [email protected] Summary Cryptographic hash functions are commonly used in many different areas of cryptography: in digital signatures and in public-key cryptography, for password protection and message authentication, in key derivation functions, in pseudo-random number generators, etc. Recently, cryptographic hash functions have received a huge amount of attention due to new attacks on widely used hash functions. This PhD thesis, having the title “Cryptographic Hash Functions”, con- tains both a general description of cryptographic hash functions, including their applications and expected properties as well as some well-known de- signs, and also some design and cryptanalysis in which the author took part. The latter includes a construction method for hash functions and four de- signs, of which one was submitted to the SHA-3 hash function competition, initiated by the U.S. standardisation body NIST. It also includes cryptanal- ysis of the construction method MDC-2, and of the hash function MD2. iii iv Resum´e Kryptografiske hash-funktioner anvendes i mange forskellige omr˚aderinden for kryptografi: i digitale signatur-systemer og i offentlig-nøgle kryptografi, til password-beskyttelse og autentificering af beskeder, til dannelse af kryp- tografiske nøgler og tilfældige tal, osv. Kryptografiske hash-funktioner har tiltrukket sig stor opmærksomhed inden for de senere ˚ar,da flere af de oftest anvendte hash-funktioner er blevet knækket. Denne ph.d.-afhandling, med den danske titel “Kryptografiske hash-funk- tioner”, indeholder b˚adeen generel beskrivelse af kryptografiske hash-funk- tioner, herunder anvendelser, forventede egenskaber samt nogle kendte de- signs, og desuden design og analyse i hvilket undertegnede har deltaget. Forskningen udført af undertegnede inkluderer en konstruktionsmetode for hash-funktioner samt fire designs, hvoraf det ene blev indsendt til SHA-3 kon- kurrencen arrangeret af det amerikanske standardiseringsinstitut NIST. Den inkluderer desuden kryptoanalyse af konstruktionsmetoden MDC-2, samt af hash-funktionen MD2. v vi Preface This thesis was prepared at the Department of Mathematics, Technical Uni- versity of Denmark, in partial fulfillment of the requirements for acquiring the PhD degree. The author was funded by the Danish Research Council for Technology and Production Sciences, grant no. 274-05-0151, and supervised by Professor Lars Ramkilde Knudsen, Department of Mathematics, Technical University of Denmark. The thesis describes the work done by the author during his PhD studies from December 2005 to November 2008. This work includes design and cryptanalysis of cryptographic hash functions. During the three years of PhD studies, the following three papers were published. L. R. Knudsen and S. S. Thomsen. Proposals for Iterated Hash Functions. In M. Malek, E. Fern´andez-Medina,and J. Hernando, editors, SECRYPT 2006, Proceedings, pages 246–253. INSTICC Press, 2006. L. R. Knudsen, C. Rechberger, and S. S. Thomsen. The Grindahl Hash Functions. In A. Biryukov, editor, Fast Software Encryption 2007, Pro- ceedings, volume 4593 of Lecture Notes in Computer Science, pages 39–57. Springer, 2007. I. B. Damg˚ard,L. R. Knudsen, and S. S. Thomsen. Dakota – Hashing from a Combination of Modular Arithmetic and Symmetric Cryptogra- phy. In S. M. Bellovin, R. Gennaro, A. D. Keromytis, and M. Yung, editors, Applied Cryptography and Network Security (ACNS) 2008, Pro- ceedings, volume 5037 of Lecture Notes in Computer Science, pages 144– 155. Springer, 2008. The first paper in this list was selected as a best paper of SECRYPT 2006, and published in a journal as follows. L. R. Knudsen and S. S. Thomsen. Proposals for Iterated Hash Functions. In J. Filipe and M. S. Obaidat, editors, E-Business and Telecommunica- vii viii tion Networks. Third International Conference, ICETE 2006. Selected Papers., volume 9 of Communications in Computer and Information Sci- ence, pages 107–118. Springer, 2008. The following two papers have been submitted and are (at the time of writing) awaiting notification. L. R. Knudsen, J. E. Mathiassen, F. Muller, and S. S. Thomsen. Crypt- analysis of MD2. Submitted to a journal, August 2007. L. R. Knudsen, F. Mendel, C. Rechberger, and S. S. Thomsen. Crypt- analysis of MDC-2. Submitted to an international conference, September 2008. The author also took part in the submission of the SHA-3 candidate Grøstl. P. Gauravaram, L. R. Knudsen, K. Matusiewicz, F. Mendel, C. Rech- berger, M. Schl¨affer,and S. S. Thomsen. Grøstl – a SHA-3 candi- date. SHA-3 Algorithm Submission, October 31, 2008. Available: http: //www.groestl.info/Groestl.pdf (2008/11/03). Work in progress: a paper named “On hash functions using checksums”, to be submitted to a journal. Joint work with Praveen Gauravaram, John Kelsey, and Lars R. Knudsen. Published as a technical report [70]. Acknowledgements I am very grateful to my supervisor, Lars Ramkilde Knudsen, for introducing me to cryptography, for raising funds for my PhD position, for suggesting research topics, for listening to a few good and many bad ideas, for innu- merable discussions, including those of a more casual nature, for supervising my mid-way and master’s projects, for giving me a more realistic view of my own abilities, for introducing me to the football club of the department, for improving my writing and presentation skills, . I could go on and on. Thank you! I would also like to express my thanks to the rest of the crypto group at DTU Mathematics, for broadening my knowledge in cryptography, for many interesting discussions, and for helping to create a nice atmosphere; Tanja Lange, Peter Birkner, and Dan Bernstein (who are no longer with the de- partment), Charlotte Vikkelsøe Miolane, Erik Zenner, Praveen Gauravaram, Krystian Matusiewicz, Julia Borghoff, Gregor Leander, Nasour Bagheri, and Val´erieGauthier Umana. Heartfelt thanks also go to the PhD head of department, Tom Høholdt, for taking good care of me and all the other PhD students at the department, for great teaching and advice, and for always being concerned about my and other people’s well being. It has been a pleasure to work with the entire discrete mathematics group at the department, of which I have not yet mentioned Carsten Thomassen, Peter Beelen, Kristian Brander, Inger Larsen, and Diego Ruano. Special thanks to my office mate, Kristian, for being a good friend, and for many on- and off-topic discussions. I feel grateful to all my PhD colleagues (some ex-) for friendship, lunch time meetings, and for fun and enlightening PhD trips: Allan, Anders Astrup, Anders Rønne, Charlotte, Eduardo, Jakob, Jesper, Johan, Julia, Kealey, Kristian, Lai, Marie, Marie-Louise, Mikael, Mirza, Morten, Nikolaj, Nina, Oded, Peter, Rune, and Val´erie. I feel privileged to have been a part of DTU Mathematics the last
Load more

Recommended publications
  • GPU-Based Password Cracking on the Security of Password Hashing Schemes Regarding Advances in Graphics Processing Units
    Radboud University Nijmegen Faculty of Science Kerckhoffs Institute Master of Science Thesis GPU-based Password Cracking On the Security of Password Hashing Schemes regarding Advances in Graphics Processing Units by Martijn Sprengers [email protected] Supervisors: Dr. L. Batina (Radboud University Nijmegen) Ir. S. Hegt (KPMG IT Advisory) Ir. P. Ceelen (KPMG IT Advisory) Thesis number: 646 Final Version Abstract Since users rely on passwords to authenticate themselves to computer systems, ad- versaries attempt to recover those passwords. To prevent such a recovery, various password hashing schemes can be used to store passwords securely. However, recent advances in the graphics processing unit (GPU) hardware challenge the way we have to look at secure password storage. GPU's have proven to be suitable for crypto- graphic operations and provide a significant speedup in performance compared to traditional central processing units (CPU's). This research focuses on the security requirements and properties of prevalent pass- word hashing schemes. Moreover, we present a proof of concept that launches an exhaustive search attack on the MD5-crypt password hashing scheme using modern GPU's. We show that it is possible to achieve a performance of 880 000 hashes per second, using different optimization techniques. Therefore our implementation, executed on a typical GPU, is more than 30 times faster than equally priced CPU hardware. With this performance increase, `complex' passwords with a length of 8 characters are now becoming feasible to crack. In addition, we show that between 50% and 80% of the passwords in a leaked database could be recovered within 2 months of computation time on one Nvidia GeForce 295 GTX.
    [Show full text]
  • Increasing Cryptography Security Using Hash-Based Message
    ISSN (Print) : 2319-8613 ISSN (Online) : 0975-4024 Seyyed Mehdi Mousavi et al. / International Journal of Engineering and Technology (IJET) Increasing Cryptography Security using Hash-based Message Authentication Code Seyyed Mehdi Mousavi*1, Dr.Mohammad Hossein Shakour 2 1-Department of Computer Engineering, Shiraz Branch, Islamic AzadUniversity, Shiraz, Iran . Email : [email protected] 2-Assistant Professor, Department of Computer Engineering, Shiraz Branch, Islamic Azad University ,Shiraz ,Iran Abstract Nowadays, with the fast growth of information and communication technologies (ICTs) and the vulnerabilities threatening human societies, protecting and maintaining information is critical, and much attention should be paid to it. In the cryptography using hash-based message authentication code (HMAC), one can ensure the authenticity of a message. Using a cryptography key and a hash function, HMAC creates the message authentication code and adds it to the end of the message supposed to be sent to the recipient. If the recipient of the message code is the same as message authentication code, the packet will be confirmed. The study introduced a complementary function called X-HMAC by examining HMAC structure. This function uses two cryptography keys derived from the dedicated cryptography key of each packet and the dedicated cryptography key of each packet derived from the main X-HMAC cryptography key. In two phases, it hashes message bits and HMAC using bit Swapp and rotation to left. The results show that X-HMAC function can be a strong barrier against data identification and HMAC against the attacker, so that it cannot attack it easily by identifying the blocks and using HMAC weakness.
    [Show full text]
  • CHAPTER 9: ANALYSIS of the SHA and SHA-L HASH ALGORITHMS
    CHAPTER 9: ANALYSIS OF THE SHA AND SHA-l HASH ALGORITHMS In this chapter the SHA and SHA-l hash functions are analysed. First the SHA and SHA-l hash functions are described along with the relevant notation used in this chapter. This is followed by describing the algebraic structure of the message expansion algorithm used by SHA. We then proceed to exploit this algebraic structure of the message expansion algorithm by applying the generalised analysis framework presented in Chapter 8. We show that it is possible to construct collisions for each of the individual rounds of the SHA hash function. The source code that implements the attack is attached in Appendix F. The same techniques are then applied to SHA-l. SHA is an acronym for Secure Hash Algorithm. SHA and SHA-l are dedicated hash func- tions based on the iterative Damgard-Merkle construction [22] [23]. Both of the round func- tions utilised by these algorithms take a 512 bit input (or a multiple of 512) and produce a 160 bit hash value. SHA was first published as Federal Information Processing Standard 180 (FIPS 180). The secure hash algorithm is based on principles similar to those used in the design of MD4 [10]. SHA-l is a technical revision of SHA and was published as FIPS 180-1 [13]. It is believed that this revision makes SHA-l more secure than SHA [13] [50] [59]. SHA and SHA-l differ from MD4 with regard to the number of rounds used, the size of the hash result and the definition of a single step.
    [Show full text]
  • An Advance Visual Model for Animating Behavior of Cryptographic Protocols
    An Advance Visual Model for Animating Behavior of Cryptographic Protocols Mabroka Ali Mayouf Maeref1*, Fatma Alghali2, Khadija Abied2 1 Sebha University, Faculty of Science, Department of Computer Science, P. O. Box 18758 Sebha, Libya, Libyan. 2 Sebha University of Libya, Sebha, Libya. * Corresponding author. Tel.: 00218-925132935; email: [email protected] Manuscript submitted February 13, 2015; accepted July 5, 2015. doi: 10.17706/jcp.10.5.336-346 Abstract: Visual form description benefits from the ability of visualization to provide precise and clear description of object behavior especially if the visual form is extracted from the real world. It provides clear definition of object and the behavior of that object. Although the current descriptions of cryptographic protocol components and operations use a different visual representation, the cryptographic protocols behaviors are not actually reflected. This characteristic is required and included within our proposed visual model. The model uses visual form and scenario-based approach for describing cryptographic protocol behavior and thus increasing the ability to describe more complicated protocol in a simple and easy way. Key words: Animation, cryptographic protocols, interactive tool, visualization. 1. Introduction Cryptographic protocols (CPs) mostly combine both theory and practice [1], [2]. These cause protocol complexity describing and understanding. Therefore, separating the mathematical part from the protocol behavior should provide feeling of how the protocol works, thus increasing the ability to describe and to gain confidence in reflecting more complicated information about CPs, as well as to generate interest to know about other more complex protocol concepts. Several researchers realized the use of visual model and animation techniques to reflect the explanation of the learning objectives and their benefits [3]-[11].
    [Show full text]
  • Reconsidering the Security Bound of AES-GCM-SIV
    Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Reconsidering the Security Bound of AES-GCM-SIV Tetsu Iwata1 and Yannick Seurin2 1Nagoya University, Japan 2ANSSI, France March 7, 2018 — FSE 2018 T. Iwata and Y. Seurin Reconsidering AES-GCM-SIV’s Security FSE 2018 1 / 26 Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Summary of the contribution • we reconsider the security of the AEAD scheme AES-GCM-SIV designed by Gueron, Langley, and Lindell • we identify flaws in the designers’ security analysis and propose a new security proof • our findings leads to significantly reduced security claims, especially for long messages • we propose a simple modification to the scheme (key derivation function) improving security without efficiency loss T. Iwata and Y. Seurin Reconsidering AES-GCM-SIV’s Security FSE 2018 2 / 26 Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Summary of the contribution • we reconsider the security of the AEAD scheme AES-GCM-SIV designed by Gueron, Langley, and Lindell • we identify flaws in the designers’ security analysis and propose a new security proof • our findings leads to significantly reduced security claims, especially for long messages • we propose a simple modification to the scheme (key derivation function) improving security without efficiency loss T. Iwata and Y. Seurin Reconsidering AES-GCM-SIV’s Security FSE 2018 2 / 26 Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Summary of the contribution • we reconsider the security of the AEAD scheme AES-GCM-SIV designed by Gueron, Langley, and Lindell • we identify flaws in the designers’ security analysis and propose a new security proof • our findings leads to significantly reduced security claims, especially for long messages • we propose a simple modification to the scheme (key derivation function) improving security without efficiency loss T.
    [Show full text]
  • Fast Hashing and Stream Encryption with Panama
    Fast Hashing and Stream Encryption with Panama Joan Daemen1 and Craig Clapp2 1 Banksys, Haachtesteenweg 1442, B-1130 Brussel, Belgium [email protected] 2 PictureTel Corporation, 100 Minuteman Rd., Andover, MA 01810, USA [email protected] Abstract. We present a cryptographic module that can be used both as a cryptographic hash function and as a stream cipher. High performance is achieved through a combination of low work-factor and a high degree of parallelism. Throughputs of 5.1 bits/cycle for the hashing mode and 4.7 bits/cycle for the stream cipher mode are demonstrated on a com- mercially available VLIW micro-processor. 1 Introduction Panama is a cryptographic module that can be used both as a cryptographic hash function and a stream cipher. It is designed to be very efficient in software implementations on 32-bit architectures. Its basic operations are on 32-bit words. The hashing state is updated by a parallel nonlinear transformation, the buffer operates as a linear feedback shift register, similar to that applied in the compression function of SHA [6]. Panama is largely based on the StepRightUp stream/hash module that was described in [4]. Panama has a low per-byte work factor while still claiming very high security. The price paid for this is a relatively high fixed computational overhead for every execution of the hash function. This makes the Panama hash function less suited for the hashing of messages shorter than the equivalent of a typewritten page. For the stream cipher it results in a relatively long initialization procedure. Hence, in applications where speed is critical, too frequent resynchronization should be avoided.
    [Show full text]
  • MD5 Collisions the Effect on Computer Forensics April 2006
    Paper MD5 Collisions The Effect on Computer Forensics April 2006 ACCESS DATA , ON YOUR RADAR MD5 Collisions: The Impact on Computer Forensics Hash functions are one of the basic building blocks of modern cryptography. They are used for everything from password verification to digital signatures. A hash function has three fundamental properties: • It must be able to easily convert digital information (i.e. a message) into a fixed length hash value. • It must be computationally impossible to derive any information about the input message from just the hash. • It must be computationally impossible to find two files to have the same hash. A collision is when you find two files to have the same hash. The research published by Wang, Feng, Lai and Yu demonstrated that MD5 fails this third requirement since they were able to generate two different messages that have the same hash. In computer forensics hash functions are important because they provide a means of identifying and classifying electronic evidence. Because hash functions play a critical role in evidence authentication, a judge and jury must be able trust the hash values to uniquely identify electronic evidence. A hash function is unreliable when you can find any two messages that have the same hash. Birthday Paradox The easiest method explaining a hash collision is through what is frequently referred to as the Birthday Paradox. How many people one the street would you have to ask before there is greater than 50% probability that one of those people will share your birthday (same day not the same year)? The answer is 183 (i.e.
    [Show full text]
  • FIPS 140-2 Non-Proprietary Security Policy Oracle Linux 7 NSS
    FIPS 140-2 Non-Proprietary Security Policy Oracle Linux 7 NSS Cryptographic Module FIPS 140-2 Level 1 Validation Software Version: R7-4.0.0 Date: January 22nd, 2020 Document Version 2.3 © Oracle Corporation This document may be reproduced whole and intact including the Copyright notice. Title: Oracle Linux 7 NSS Cryptographic Module Security Policy Date: January 22nd, 2020 Author: Oracle Security Evaluations – Global Product Security Contributing Authors: Oracle Linux Engineering Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com Copyright © 2020, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. Oracle specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may reproduced or distributed whole and intact including this copyright notice. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Linux 7 NSS Cryptographic Module Security Policy i TABLE OF CONTENTS Section Title
    [Show full text]
  • The First Collision for Full SHA-1
    The first collision for full SHA-1 Marc Stevens1, Elie Bursztein2, Pierre Karpman1, Ange Albertini2, Yarik Markov2 1 CWI Amsterdam 2 Google Research [email protected] https://shattered.io Abstract. SHA-1 is a widely used 1995 NIST cryptographic hash function standard that was officially deprecated by NIST in 2011 due to fundamental security weaknesses demonstrated in various analyses and theoretical attacks. Despite its deprecation, SHA-1 remains widely used in 2017 for document and TLS certificate signatures, and also in many software such as the GIT versioning system for integrity and backup purposes. A key reason behind the reluctance of many industry players to replace SHA-1 with a safer alternative is the fact that finding an actual collision has seemed to be impractical for the past eleven years due to the high complexity and computational cost of the attack. In this paper, we demonstrate that SHA-1 collision attacks have finally become practical by providing the first known instance of a collision. Furthermore, the prefix of the colliding messages was carefully chosen so that they allow an attacker to forge two PDF documents with the same SHA-1 hash yet that display arbitrarily-chosen distinct visual contents. We were able to find this collision by combining many special cryptanalytic techniques in complex ways and improving upon previous work. In total the computational effort spent is equivalent to 263:1 SHA-1 compressions and took approximately 6 500 CPU years and 100 GPU years. As a result while the computational power spent on this collision is larger than other public cryptanalytic computations, it is still more than 100 000 times faster than a brute force search.
    [Show full text]
  • A Password-Based Key Derivation Algorithm Using the KBRP Method
    American Journal of Applied Sciences 5 (7): 777-782, 2008 ISSN 1546-9239 © 2008 Science Publications A Password-Based Key Derivation Algorithm Using the KBRP Method 1Shakir M. Hussain and 2Hussein Al-Bahadili 1Faculty of CSIT, Applied Science University, P.O. Box 22, Amman 11931, Jordan 2Faculty of Information Systems and Technology, Arab Academy for Banking and Financial Sciences, P.O. Box 13190, Amman 11942, Jordan Abstract: This study presents a new efficient password-based strong key derivation algorithm using the key based random permutation the KBRP method. The algorithm consists of five steps, the first three steps are similar to those formed the KBRP method. The last two steps are added to derive a key and to ensure that the derived key has all the characteristics of a strong key. In order to demonstrate the efficiency of the algorithm, a number of keys are derived using various passwords of different content and length. The features of the derived keys show a good agreement with all characteristics of strong keys. In addition, they are compared with features of keys generated using the WLAN strong key generator v2.2 by Warewolf Labs. Key words: Key derivation, key generation, strong key, random permutation, Key Based Random Permutation (KBRP), key authentication, password authentication, key exchange INTRODUCTION • The key size must be long enough so that it can not Key derivation is the process of generating one or be easily broken more keys for cryptography and authentication, where a • The key should have the highest possible entropy key is a sequence of characters that controls the process (close to unity) [1,2] of a cryptographic or authentication algorithm .
    [Show full text]
  • FPGA Parallel-Pipelined AES-GCM Core for 100G Ethernet Applications
    FPGA Parallel-Pipelined AES-GCM Core for 100G Ethernet Applications Luca Henzen and Wolfgang Fichtner Integrated Systems Laboratory, ETH Zurich, Switzerland E-mail: {henzen, fw}@iis.ee.ethz.ch Abstract—The forthcoming IEEE 802.3ba Ethernet standard Exploiting the parallelization of four cores plus the extensive will provide data transmission at a bandwidth of 100 Gbit/s. Cur- utilization of pipelining, we were able to design three different rently, the fastest cryptographic primitive approved by the U.S. National Institute for Standard and Technology, that combines 100G AES-GCM implementations for Xilinx Virtex-5 FPGAs. data encryption and authentication, is the Galois/Counter Mode (GCM) of operation. If the feasibility to increase the speed of the II. GCM AUTHENTICATED ENCRYPTION GCM up to 100 Gbit/s on ASIC technologies has already been The GCM is a block cipher mode of operation that is demonstrated, the FPGA implementation of the GCM in secure able to encrypt or decrypt data, providing at the same time 100G Ethernet network systems arises some important structural issues. In this paper, we report on an efficient FPGA architecture authentication and data integrity . In practice, it combines a of the GCM combined with the AES block cipher. With the block cipher in the counter mode with universal hashing over parallelization of four pipelined AES-GCM cores we were able the binary field GF(2128). In this work, we used the Advanced to reach the speed required by the new Ethernet standard. Encryption Standard (AES) [4] for encryption and decryption, Furthermore, the time-critical binary field multiplication of the authentication process relies on four pipelined 2-step Karatsuba- supporting key sizes of 128, 192 and 256bits.
    [Show full text]
  • Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms
    Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms Levent Ertaul, Manpreet Kaur, Venkata Arun Kumar R Gudise CSU East Bay, Hayward, CA, USA. [email protected], [email protected], [email protected] Abstract- With the increase in mobile wireless or data lookup. Whereas, Cryptographic hash functions are technologies, security breaches are also increasing. It has used for building blocks for HMACs which provides become critical to safeguard our sensitive information message authentication. They ensure integrity of the data from the wrongdoers. So, having strong password is that is transmitted. Collision free hash function is the one pivotal. As almost every website needs you to login and which can never have same hashes of different output. If a create a password, it’s tempting to use same password and b are inputs such that H (a) =H (b), and a ≠ b. for numerous websites like banks, shopping and social User chosen passwords shall not be used directly as networking websites. This way we are making our cryptographic keys as they have low entropy and information easily accessible to hackers. Hence, we need randomness properties [2].Password is the secret value from a strong application for password security and which the cryptographic key can be generated. Figure 1 management. In this paper, we are going to compare the shows the statics of increasing cybercrime every year. Hence performance of 3 key derivation algorithms, namely, there is a need for strong key generation algorithms which PBKDF2 (Password Based Key Derivation Function), can generate the keys which are nearly impossible for the Bcrypt and Scrypt.
    [Show full text]