Abstract
Hashing functions protect passwords against various hacking techniques because message digests can replace the passwords when stored in the network for future authentication. However, the message digests remain exposed to password guessing attacks, most hashing functions are known, and public. The objective of the protocols presented in this paper is to offer additional lines of defense using physical unclonable functions to convert the message digests into challenge-response pairs. The use of ternary physical unclonable functions reduces false rejection rates, and lowers the latencies during the processing of the authentications. Without having access to the PUFs, the look up tables storing challenge-response pairs are more difficult to attack than those storing message digests: they are unclonable, contain high levels of randomness, and quasi unique. The modeling efforts, and algorithms developed in this paper to validate the schemes, use commercially available components, and SRAM based ternary PUFs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Jeong, Y.S., Park, J.S., Park, J.H.: An efficient authentication system of smart device using multi factors in mobile cloud service architecture. Int. J. Commun. Syst. 28(4), 629–674 (2014)
Saxena, N., Choi, B.J.: State of the art authentication, access control, and secure integration in smart grid. Energies 8(10), 11883–11915 (2015)
Zhang, M., Zhang, J., Zhang, Y.: Remote three-factor authentication scheme based on Fuzzy extractors. Secur. Commun. Netw. 8(4), 682–693 (2014)
Keane, J.: Security researcher dumps 427 million hacked Myspace passwords, July 2016. https://www.digitaltrends.com/social-media/myspace-hack-password-dump/
Morgan, S.: 2017 Cybercrime Report, Cybercrime damages will cost the world $6 trillion annually by 2021. Cybersecurity Ventures, Herjavec Group (2017)
Target: Data stolen from up to 70 million customers: USA Today. https://www.usatoday.com/story/money/business/2014/01/10/target-customers-data-breach/4404467/
Blocki, J., Harsha, B., Zhou, S.: On the economics of offline password cracking. In: IEEE Symposium on Security and Privacy (SP) (2018)
Lee, H.W., Noh, M.J., Chol, H.M., Feng, X.: Password system, method of generating password, and method of checking password. Patent application US2009/0228977A1 (2009)
Fitzgerald, J.: Systems and methods for providing a covert password manager. US patent 9,571,487 B2 (2017)
Harper, R.: STARTS password manager. Patent publication, US2005/0125699A1 (2005)
Mimlitsch, J.: User-administrated single sign-on with automatic password management for WEB server authentication. Patent publication US2007/0226783A1 (2007)
Safriel, M.: Portable password manager. Patent publication US2004/0193925A1
Tsai, C.-S., Lee, C.-C., Hwang, M.-S.: Password authentication schemes: current status and key issues. IJ Network Security (2006)
Zhang, Z., Yang, K., Hu, X., Wang, Y.: Practical anonymous password authentication and TLS with anonymous client authentication. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1179–1191. ACM (2016)
Forler, C., List, E., Lucks, S., Wenzel, J.: Overview of the candidates for the password hashing competition. In: Conference on Passwords, Springer (2014)
Tsai, J.-L.: Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput. Secur. 27(3–4), 115–121 (2008)
Janzen, W.S.: Iterated password hash systems and methods for preserving password entropy. US patent 8,769,637 B2 (2014)
Pappu, R., Recht, B., Taylor, J., Gershenfield, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002)
Jin, Y.: Introduction to hardware security. Electronics 4, 763–784 (2015). https://doi.org/10.3390/electronics4040763
Gassend, B., et al.: Silicon physical randomness. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS’2002, pp. 148–160 (2002)
Naccache, D., Frémanteau, P.: Unforgeable identification device, identification device reader and method of identification. Patent US5434917, August 1992
Gao, Y., et al.: Emerging physical unclonable functions with nanotechnologies. IEEE. https://doi.org/10.1109/access.2015.2503432
Delavor, M., et al.: PUF based solution for secure communication in advanced metering infrastructure. ACR Publication (2014)
Herder, C., Yu, M.-D., Koushanfar, F., Devadas, S.: Physical unclonable functions and applications: a tutorial. Proc. IEEE 102(8), 1126–1141 (2014)
Maes, R., Verbauwhede, I.: Physically unclonable functions: a study on the state of the art and future research directions. In: Towards Hardware-Intrinsic Security (2010)
Wang, D., Zhang, Z., Wang, P., Yan, J., Huang, X.: Targeted online password guessing: an underestimated threat. In: Proceedings of the ACM CCS, pp. 1242–1254 (2016)
Pass the Hash attack: Microsoft research as on 12 August 2015. http://www.microsoft.com/PTH
Bonneau, J., Herley, C., van Oorschot, P., Stajano, F.: Passwords and the evolution of imperfect authentication. Commun. ACM 58(7), 78–87 (2015)
Taniguchi, M., Shiozaki, M., Kubo, H., Fujino, T.: A stable key generation from PUF responses with a fuzzy extractor for cryptographic authentications. In: 2013 IEEE 2nd Global Conference on Consumer Electronics (GCCE), Tokyo (2013)
Price, N.E., Sherman, A.T.: How to generate repeatable keys using physical unclonable functions, correcting PUF errors with iteratively broadening and prioritized search
Boehm, H.M.: Error correction coding for physical unclonable functions. In: Austrochip, Workshop in Microelectronics (2010)
Yu, M., Devadas, S.: Secure and robust error correction for physical unclonable functions. IEEE Design Test Comput. Verifying Phys. Trustworthiness ICs Syst. 27, 48–65 (2010)
Kang, H., Hori, Y., Katashita, T., Hagiwara, M., Iwamura, K.: Cryptographie key generation from PUF data using efficient fuzzy extractors. In: 16th International Conference on Advanced Communication Technology, Pyeongchang (2014)
Becker, G.T., Wild, A., Güneysu, T.: Security analysis of index-based syndrome coding for PUF-based key generation. In: 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Washington, DC (2015)
Hiller, M., Weiner, M., Rodrigues, L., Birkner, M., Sigl, G.: Breaking through fixed PUF block limitations with differential sequence coding and convolutional codes. In: TrustED’13 (2013)
Paar, C., Pezl, J.: Understanding Cryptography - A Text Book for Students and Practitioners. Springer, Berlin (2011)
Mel, H.X., Baker, D.: Cryptography Decrypted. Addison-Wesley, Boston (2001)
Pfleeger, C.P., et al.: Security in Computing, 5th edn. Prentice Hall, Upper Saddle River (2015)
Croman, K., Decker, C., Eyal, I., Gencer, A.E., Juels, A., Kosba, A., Miller, A.: On scaling decentralized blockchains. In: Springer International Conference on Financial Cryptography and Data Security, Berlin, Heidelberg (2016)
Luu, L., Narayanan, V., Zheng, C., Baweja, K., Gilbert, S., Saxena, P.: A secure sharing protocol for open blockchains. In: ACM SIGSAC Conference on Computer and Communication Security (2016)
Eyal, I., Gencer, A.E., Sirer, E.G., Renesse, R.V.: Bitcoin-NG: a scalable blockchain protocol. In: NSDI (2016)
Dorri, A., Kanhere, S.S., Jurdak, R.: Blockchain in internet of things: challenges and solutions. arXiv preprint arXiv: 1608.05187 (2016)
Gervais, A., Karame, G.O., Wüst, K., Glykantzis, V., Ritzdorf, H., Capkun, S.: On the security and performance of proof of work blockchains. In: ACM SIGSAC Conference on Computer and Communications Security (2016)
Zheng, Z., Xie, S., Dai, H.-N., Wang, H.: Blockchain challenges and opportunities: a survey. Int. J. Web Grid Serv. 1–25 (2016)
Cambou, B.: Addressable PUF generators for database-free password management system. In: CryptArchi (2018)
Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of TRN. IEEE Trans. Comput. 57(11), 1198–1210 (2008)
Maes, R., Tuyls, P., Verbauwhede, I.: A soft decision helper data algorithm for SRAM PUFs. In: 2009 IEEE International Symposium on Information Theory (2009)
Christensen, T.A., Sheets II, J.E.: Implementing PUF utilizing EDRAM memory cell capacitance variation. Patent No.: US 8,300,450 B2, 30 October 2012
Prabhu, P., Akel, A., Grupp, L.M., Yu, W.-K.S., Suh, G.E., Kan, E., Swanson, S.: Extracting device fingerprints from flash memory by exploiting physical variations. In: 4th International Conference on Trust and Trustworthy Computing, June 2011
Plusquellic, J., et al.: Systems and methods for generating PUF’s from non-volatile cells. WO20151056887A1 (2015)
Chen, A.: Comprehensive assessment of RRAM-based PUF for hardware security applications. IEEE (2015). 978-1-4673-9894-7/15/IEDM
Cambou, B., Afghah, F., Sonderegger, D., Taggart, J., Barnaby, H., Kozicki, M.: Ag conductive bridge RAMs for physical unclonable functions. In: 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean (2017)
Korenda, A., Afghah, F., Cambou, B., A secret key generation scheme for internet of things using ternary-states ReRAM-based physical unclonable functions. In: Submitted to International Wireless Communications and Mobile Computing Conference (IWCMC 2018)
Zhu, X., Millendorf, S., Guo, X., Jacobson, D.M., Lee, K., Kang, S.H., Nowak, M.M., Fazla, D.: PUFs based on resistivity of MRAM magnetic tunnel junctions. Patents US 2015/0071432 A1, March 2015
Vatajelu, E.I., Di Natale, G., Barbareschi, M., Torres, L., Indaco, M., Prinetto, P.: STT-MRAM-based PUF architecture exploiting magnetic tunnel junction fabrication-induced variability. ACM Trans. 13(1), 5 (2015)
Cambou, B., Orlowski, M.: Design of PUFs with ReRAM and ternary states. CISR 2016, April 2016
Cambou, B., Afghah, F.: Physically unclonable functions with multi-states and machine learning. In: 14th International Workshop on Cryptographic Architectures Embedded in Logic Devices (CryptArchi), France (2016)
Cambou, B., Telesca, D.: Ternary computing to strengthen information assurance, development of ternary state based public key exchange. In: Computing Conference, IEEE, London, July 2018
Cambou, B., Flikkema, P., Palmer, J., Telesca, D., Philabaum, C.: Can ternary computing improve information assurance? Cryptography, MDPI, February 2018
Cambou, B.: Physically unlonable function generating systems and related methods. US patent 9,985,791 (2018)
Cambou, B.: Encoding ternary data for PUF environment. US patent 10,050,796 (2018)
Acknowledgments
The author is thanking the contribution of several graduate students at Northern Arizona University, in particular Sareh Assiri, Christopher Philabaum, Duane Booher, Vince Rodriguez, Ian Burke, and Mohammad Mohammadi.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Cambou, B. (2019). Password Manager Combining Hashing Functions and Ternary PUFs. In: Arai, K., Bhatia, R., Kapoor, S. (eds) Intelligent Computing. CompCom 2019. Advances in Intelligent Systems and Computing, vol 998. Springer, Cham. https://doi.org/10.1007/978-3-030-22868-2_37
Download citation
DOI: https://doi.org/10.1007/978-3-030-22868-2_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-22867-5
Online ISBN: 978-3-030-22868-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)