Wireless Networks [1 ed.] 9781601323712

Citation preview

PROCEEDINGS OF THE 2016 INTERNATIONAL CONFERENCE ON WIRELESS NETWORKS

Editors Hamid R. Arabnia Leonidas Deligiannidis George Jandieri, Ashu M. G. Solo Fernando G. Tinetti

WORLDCOMP’16 July 25-28, 2016 Las Vegas Nevada, USA www.worldcomp.org ©

CSREA Press

This volume contains papers presented at The 2016 International Conference on Wireless Networks (ICWN'16). Their inclusion in this publication does not necessarily constitute endorsements by editors or by the publisher.

Copyright and Reprint Permission Copying without a fee is permitted provided that the copies are not made or distributed for direct commercial advantage, and credit to source is given. Abstracting is permitted with credit to the source. Please contact the publisher for other copying, reprint, or republication permission. © Copyright 2016 CSREA Press ISBN: 1-60132-440-5 Printed in the United States of America

CSREA Press U. S. A.

Foreword It gives us great pleasure to introduce this collection of papers to be presented at the 2016 International Conference on Wireless Networks (ICWN’16), July 25-28, 2016, at Monte Carlo Resort, Las Vegas, USA. An important mission of the World Congress in Computer Science, Computer Engineering, and Applied Computing (a federated congress to which this conference is affiliated with) includes "Providing a unique platform for a diverse community of constituents composed of scholars, researchers, developers, educators, and practitioners. The Congress makes concerted effort to reach out to participants affiliated with diverse entities (such as: universities, institutions, corporations, government agencies, and research centers/labs) from all over the world. The congress also attempts to connect participants from institutions that have teaching as their main mission with those who are affiliated with institutions that have research as their main mission. The congress uses a quota system to achieve its institution and geography diversity objectives." By any definition of diversity, this congress is among the most diverse scientific meeting in USA. We are proud to report that this federated congress has authors and participants from 74 different nations representing variety of personal and scientific experiences that arise from differences in culture and values. As can be seen (see below), the program committee of this conference as well as the program committee of all other tracks of the federated congress are as diverse as its authors and participants. The program committee would like to thank all those who submitted papers for consideration. About 62% of the submissions were from outside the United States. Each submitted paper was peer-reviewed by two experts in the field for originality, significance, clarity, impact, and soundness. In cases of contradictory recommendations, a member of the conference program committee was charged to make the final decision; often, this involved seeking help from additional referees. In addition, papers whose authors included a member of the conference program committee were evaluated using the double-blinded review process. One exception to the above evaluation process was for papers that were submitted directly to chairs/organizers of pre-approved sessions/workshops; in these cases, the chairs/organizers were responsible for the evaluation of such submissions. The overall paper acceptance rate for regular papers was 25%; 12% of the remaining papers were accepted as poster papers (at the time of this writing, we had not yet received the acceptance rate for a couple of individual tracks.) We are very grateful to the many colleagues who offered their services in organizing the conference. In particular, we would like to thank the members of Program Committee of ICWN’16, members of the congress Steering Committee, and members of the committees of federated congress tracks that have topics within the scope of ICWN. Many individuals listed below, will be requested after the conference to provide their expertise and services for selecting papers for publication (extended versions) in journal special issues as well as for publication in a set of research books (to be prepared for publishers including: Springer, Elsevier, BMC journals, and others). x x x x

x x x

Prof. Afrand Agah; Department of Computer Science, West Chester University of Pennsylvania, West Chester, PA, USA Prof. Abbas M. Al-Bakry (Congress Steering Committee); University President, University of IT and Communications, Baghdad, Iraq Prof. Nizar Al-Holou (Congress Steering Committee); Professor and Chair, Electrical and Computer Engineering Department; Vice Chair, IEEE/SEM-Computer Chapter; University of Detroit Mercy, Detroit, Michigan, USA Prof. Hamid R. Arabnia (Congress Steering Committee & Coordinator); Graduate Program Director (PhD, MS, MAMS); The University of Georgia, USA; Editor-in-Chief, Journal of Supercomputing (Springer); Editor-in-Chief, Transactions of Computational Science & Computational Intelligence (Springer); Fellow, Center of Excellence in Terrorism, Resilience, Intelligence & Organized Crime Research (CENTRIC). Prof. P. Balasubramanian; School of Computer Engineering, Nanyang Technological University, Singapore Prof. Juan Jose Martinez Castillo; Director, The Acantelys Alan Turing Nikola Tesla Research Group and GIPEB, Universidad Nacional Abierta, Venezuela Dr. Daniel Bo-Wei Chen (ABDA'16); Chair, IEEE Signal Processing Chapter, IEEE Harbin Section; Guest Editor in ACM Transactions in Embedded Computing; School of Information Technology, Monash University Sunway Campus, Australia

x x x x x

x

x x x x x x x x x x x x x x x x

x

x

Prof. Kevin Daimi (Congress Steering Committee); Director, Computer Science and Software Engineering Programs, Department of Mathematics, Computer Science and Software Engineering, University of Detroit Mercy, Detroit, Michigan, USA Prof. Leonidas Deligiannidis (Co-Editor); Department of Computer Information Systems, Wentworth Institute of Technology, Boston, Massachusetts, USA Dr. Lamia Atma Djoudi (Chair, Doctoral Colloquium & Demos Sessions); Synchrone Technologies, France Prof. Mary Mehrnoosh Eshaghian-Wilner (Congress Steering Committee); Professor of Engineering Practice, University of Southern California, California, USA; Adjunct Professor, Electrical Engineering, University of California Los Angeles, Los Angeles (UCLA), California, USA Prof. George A. Gravvanis (Congress Steering Committee); Director, Physics Laboratory & Head of Advanced Scientific Computing, Applied Math & Applications Research Group; Professor of Applied Mathematics and Numerical Computing and Department of ECE, School of Engineering, Democritus University of Thrace, Xanthi, Greece; former President of the Technical Commission on Data Processing, Social Security for the Migrant Workers, European Commission, Hellenic Presidency, Greece Prof. George Jandieri (Congress Steering Committee); Georgian Technical University, Tbilisi, Georgia; Chief Scientist, The Institute of Cybernetics, Georgian Academy of Science, Georgia; Ed. Member, International Journal of Microwaves and Optical Technology, The Open Atmospheric Science Journal, American Journal of Remote Sensing, Georgia Prof. Byung-Gyu Kim (Congress Steering Committee); Multimedia Processing Communications Lab.(MPCL), Department of Computer Science and Engineering, College of Engineering, SunMoon University, South Korea Prof. Tai-hoon Kim; School of Information and Computing Science, University of Tasmania, Australia Prof. D. V. Kodavade (FECS'16); Professor & Head, Computer Science & Engineering Department, D.K.T.E Society's Textile & Engineering Institute, Ichalkaranji, Maharashtra State, India Prof. Dr. Guoming Lai; Computer Science and Technology, Sun Yat-Sen University, Guangzhou, P. R. China Dr. Muhammad Naufal Bin Mansor; Faculty of Engineering Technology, Kampus Uniciti Alam, Universiti Malaysia Perlis, UniMAP, Malaysia Dr. Andrew Marsh (Congress Steering Committee); CEO, HoIP Telecom Ltd (Healthcare over Internet Protocol), UK; Secretary General of World Academy of BioMedical Sciences and Technologies (WABT) a UNESCO NGO, The United Nations Dr. Armin Mehran; Electrical and Computer Engineering Department, Ryerson University, Toronto, Canada Prof. Ali Mostafaeipour; Industrial Engineering Department, Yazd University, Yazd, Iran Prof. James J. (Jong Hyuk) Park (Congress Steering Committee); Department of Computer Science and Engineering (DCSE), SeoulTech, Korea; President, FTRA, EiC, HCIS Springer, JoC, IJITCC; Head of DCSE, SeoulTech, Korea Prof. Shashikant Patil; Electronics & Telecommunication Engineering Department, Head of SVKMs NMiMS Bosch Rexroth Center of Excellence in Automation Technologies, Shirpur Campus, India Prof. Benaoumeur Senouci (ESCS'16); Embedded Systems Department, LACSC Laboratory- Central Electronic Engineering School-ECE Paris, Graduate School of Engineering, ECE Paris, Paris, France Dr. Akash Singh (Congress Steering Committee); IBM Corporation, Sacramento, California, USA; Chartered Scientist, Science Council, UK; Fellow, British Computer Society; Member, Senior IEEE, AACR, AAAS, and AAAI; IBM Corporation, USA Ashu M. G. Solo, (Publicity Chair), Fellow of British Computer Society, Principal/R&D Engineer, Maverick Technologies America Inc. Dr. Jaya Thomas; Department of Computer Science, State University of New York, Korea (SUNY Korea) and Department of Computer Science, Stony Brook University, USA Prof. Fernando G. Tinetti (Congress Steering Committee); School of Computer Science, Universidad Nacional de La Plata, La Plata, Argentina; Co-editor, Journal of Computer Science and Technology (JCS&T). Prof. Hahanov Vladimir (Congress Steering Committee); Vice Rector, and Dean of the Computer Engineering Faculty, Kharkov National University of Radio Electronics, Ukraine and Professor of Design Automation Department, Computer Engineering Faculty, Kharkov; IEEE Computer Society Golden Core Member; National University of Radio Electronics, Ukraine Prof. Shiuh-Jeng Wang (Congress Steering Committee); Director of Information Cryptology and Construction Laboratory (ICCL) and Director of Chinese Cryptology and Information Security Association (CCISA); Department of Information Management, Central Police University, Taoyuan, Taiwan; Guest Ed., IEEE Journal on Selected Areas in Communications. Prof. Hyun Yoe; Director of Agrofood IT Research Center and Vice President of Korea Association of ICT Convergence in the Agriculture and Food Business (KAICAF); Director of Agriculture IT Convergence Support Center (AITCSC); Department of of Information and Communication Engineering, Sunchon National University, Suncheon, Republic of Korea (South Korea)

x x

Prof. Jane You (Congress Steering Committee & Vice-Chair of IPCV'16); Associate Head, Department of Computing, The Hong Kong Polytechnic University, Kowloon, Hong Kong Prof. Wenbing Zhao (HIMS'16); Department of Electrical Engineering and Computer Science, Cleveland State University, Cleveland, Ohio, USA; Program Chair of IEEE Smart World Congress (France)

We would like to extend our appreciation to the referees, the members of the program committees of individual sessions, tracks, and workshops; their names do not appear in this document; they are listed on the web sites of individual tracks. As Sponsors-at-large, partners, and/or organizers each of the followings (separated by semicolons) provided help for at least one track of the Congress: Computer Science Research, Education, and Applications Press (CSREA); US Chapter of World Academy of Science (http://www.worldcomp.org/) ; American Council on Science & Education & Federated Research Council (http://www.americancse.org/); HoIP, Health Without Boundaries, Healthcare over Internet Protocol, UK (http://www.hoip.eu); HoIP Telecom, UK (http://www.hoip-telecom.co.uk); and WABT, Human Health Medicine, UNESCO NGOs, Paris, France (http://www.thewabt.com/ ). In addition, a number of university faculty members and their staff (names appear on the cover of the set of proceedings), several publishers of computer science and computer engineering books and journals, chapters and/or task forces of computer science associations/organizations from 3 regions, and developers of high-performance machines and systems provided significant help in organizing the conference as well as providing some resources. We are grateful to them all. We express our gratitude to keynote, invited, and individual conference/tracks and tutorial speakers - the list of speakers appears on the conference web site. We would also like to thank the followings: UCMSS (Universal Conference Management Systems & Support, California, USA) for managing all aspects of the conference; Dr. Tim Field of APC for coordinating and managing the printing of the proceedings; and the staff of Monte Carlo Resort (Convention department) in Las Vegas for the professional service they provided. Last but not least, we would like to thank the Co-Editors of ICWN’16: Prof. Hamid R. Arabnia, Prof. Leonidas Deligiannidis, Prof. George Jandieri, Prof. Fernando G. Tinetti, and Ashu M. G. Solo. We present the proceedings of ICWN’16.

Steering Committee, 2016 http://www.worldcomp.org/

&RQWHQWV 6(66,21$'+2&1(7:25.6$1'$33/,&$7,216 6FDOLQJ3URSHUWLHVRI0LQLPDO6SDQQLQJ7UHHVLQ6LPXODWHG$G+RF:LUHOHVV1HWZRUNV .HQ+DZLFN



$1RYHO$SSURDFKRQ6WULNLQJWKH%DODQFHEHWZHHQWKH)DLUQHVVDQG7KURXJKSXWLQ9HKLFXODU  1HWZRUNV **0G1DZD]$OL0G$EGXV6DOLP0ROODK6\HGD.KDLUXQQHVD6DPDQWKD3HWHU+DQ-RR&KRQJ @



7KLVSDSHU 91$ 'D9LQFL

    













7LPH7LPHXQLW

)LJXUH 

1RGH UHVRXUFH XWLOL]DWLRQ

&DQ EH GUDZQ IURP WKH ILJXUH   WLPH XQLWV ODWHU WKH YLUWXDO QHWZRUN UHTXHVWV UHDFK VDWXUDWLRQ VWDWH EHFDXVH WKH DOJRULWKP YLUWXDO QHWZRUN UHTXHVW DFFHSWDQFH UDWH LV KLJKHU VR VDWHOOLWH UHVRXUFH XVLQJ UDWH LV KLJK EHWWHU 



/LQNUHVRXUFHXWLOL]DWLRQ

YLUWXDO QHWZRUN G\QDPLF PDSSLQJ DOJRULWKP FRQVLGHULQJ WKH GLIIHUHQFH RI PRELOH VDWHOOLWH QHWZRUN DQG WKH H[LVWLQJ UHVHDUFK QHWZRUN D WDVN DQG KDV EHHQ PDSSLQJ RI YLUWXDO QHWZRUN UHTXHVWV UHDOWLPH FDOFXODWLRQ RI VDWHOOLWH UHVRXUFHV IRU DFFRUGLQJ WR WKH FRYHUDJH SUHGLFWLRQ WDVN UHTXHVW WLPH FRYHULQJ WKH SURSRVHG UHDVRQDEOH QRGH PDSSLQJ PLJUDWLRQ PHFKDQLVP DSSOLHV 6HFRQGO\ WKH DQDO\VLV RI WKH UHDO WLPH IDFWRU RI UHOLDELOLW\ DQG HDFK VDWHOOLWH OLQN PRGHO %DVHG RQ WKH SURSRVHG G\QDPLF PDSSLQJ DOJRULWKP %HFDXVH WKH DOJRULWKP FRQVLGHULQJ WKH FKDUDFWHULVWLFV RI WKH VDWHOOLWH VR ZKHQ FRPSDUHG ZLWK WKH H[LVWLQJ DOJRULWKPV LQ YLUWXDO QHWZRUN PDSSLQJ VXFFHVV UDWH DYHUDJH QRGH UHVRXUFH XVLQJ UDWH WKH DYHUDJH OLQN UHVRXUFH XWLOL]DWLRQ UDWH RI WKH SHUIRUPDQFH RI WKH WKUHH DVSHFWV KDYH REYLRXV DGYDQWDJHV +RZ WR VROYH WKH QHWZRUN PDSSLQJ ZKHQ IDFLQJ XQNQRZQ WDVNV ZLOO EH WKH QH[W UHVHDUFK GLUHFWLRQ







7KLVSDSHU 'D9LQFL 91$

 















7LPH7LPHXQLW

)LJXUH  /LQN UHVRXUFH XWLOL]DWLRQ

&DQ EH GUDZQ IURP )LJXUH  WKLV DOJRULWKP LQ LQWHU VDWHOOLWH OLQN UHVRXUFH XWLOL]DWLRQ UDWH LV VLJQLILFDQWO\ KLJKHU WKDQ WKDW RI WKH RWKHU WZR DOJRULWKPV

1HMDEDWL 5 (VFDORQD ( 3HQJ 6 HW DO 2SWLFDO QHWZRUN YLUWXDOL]DWLRQ>&@2SWLFDO 1HWZRUN 'HVLJQ DQG 0RGHOLQJ 21'0   WK ,QWHUQDWLRQDO &RQIHUHQFH RQ ,(((SS  >@ -@LQ 3URFHHGLQJV RI WKH ,((( ,1)2&20   >@ -+H 5=KDQJ6KHQ -@ $&0 6,*&200 &RPSXWHU &RPPXQLFDWLRQ 5HYLHZ   SS  >@ &@ ,Q 3URFHHGLQJV RI ,((( ,1)2&20  >@ %XWW 1 ) &KRZGKXU\ 0 %RXWDED 5 7RSRORJ\DZDUHQHVV DQG UHRSWLPL]DWLRQ PHFKDQLVP IRU YLUWXDO QHWZRUN PDSSLQJ >0@ 6SULQJHU  >@ &KHQJ ; 6X 6 =KDQJ = HW DO 9LUWXDO QHWZRUN PDSSLQJ WKURWLJK WRSRORJ\DZDUH QRGH UDQNLQJ >-@ $&0 6,*&200 &RPSXWHU &RPPXQLFDWLRQ 5HYLHZ    SS  >@ +RXLGL , /RXDWL: =HJKODFKH ' $ GLVWULEXWHG YLUWXDO QHWZRUN PDSSLQJ DOJRULWKP >&@ ,Q 3URFHHGLQJV RI ,((( ,QWHUQDWLRQDO &RQIHUHQFH RQ &RPPXQLFDWLRQV  SS  >@ /LVFKND - .DUO + $ YLUWXDO QHWZRUN PDSSLQJ DOJRULWKP EDVHG RQ VXEJUDSK LVRPRUSKLVP GHWHFWLRQ >&@ ,Q 3URFHHGLQJV RI WKH VW $&0 ZRUNVKRS RQ 9LUWXDOL]HG LQIUDVWUXFWXUH V\VWHPV DQG DUFKLWHFWXUHV  SS  >@ 681 - &+8 + % '21* + 4 5HVHDUFK RQ 3RZHUHQKDQFHG 7HFKQRORJ\ DQG &RYHUDJH $UHDV RI *OREDO 1DYLJDWLRQ 6DWHOOLWHV>-@ $FWD *HRGDHWLFD HW &DUWRJUDSKLFD 6LQLFD

 &RQFOXVLRQ 7KLV SDSHU SUHVHQWV D RULHQWHG WDVN RI VDWHOOLWH PRELOH

ISBN: 1-60132-440-5, CSREA Press ©

66

Int'l Conf. Wireless Networks | ICWN'16 |

Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms Levent Ertaul, Manpreet Kaur, Venkata Arun Kumar R Gudise CSU East Bay, Hayward, CA, USA. [email protected], [email protected], [email protected]

Abstract- With the increase in mobile wireless technologies, security breaches are also increasing. It has become critical to safeguard our sensitive information from the wrongdoers. So, having strong password is pivotal. As almost every website needs you to login and create a password, it’s tempting to use same password for numerous websites like banks, shopping and social networking websites. This way we are making our information easily accessible to hackers. Hence, we need a strong application for password security and management. In this paper, we are going to compare the performance of 3 key derivation algorithms, namely, PBKDF2 (Password Based Key Derivation Function), Bcrypt and Scrypt. We have developed an android application by which we will measure the complexity and time required to generate the hash of the password. This will give us an idea about the effectiveness of these 3 algorithms. Performance comparison and analysis is also given in this paper.

I. INTRODUCTION Cryptographic hash functions have a feature of determinism which means they will take large amount of data as input and generate a fixed length output [1].The fixed length output is also called message digest or hash. It is not possible to recreate the input data from its hash value. These one-way hashing functions have following properties: x Computes hash of any message quickly. x Not possible to regenerate original value from its hash. x Not possible to change the message without modifying the hash. x No two messages have same hash. Usually, user chosen passwords are hashed and stored in the database. These hashed passwords are then encrypted using cryptography algorithms. Typical hash functions are MD5, SHA1 and SHA256. Hashed passwords are vulnerable to Dictionary/Rainbow table attack [4] and Brute Force Attack [4]. Applications of hash functions are enormous in cryptography and programming practice. Encryption and hash functions are two related and complementary fields and are not the replacement technologies for one another. PBKDFs are generally designed to be computationally insensitive, so that it takes relatively long time to compute. Hence, it is tough for the hackers to retrieve the password. Hashing algorithms are used for mapping of variable length data to fixed output, retrieving data from the database

or data lookup. Whereas, Cryptographic hash functions are used for building blocks for HMACs which provides message authentication. They ensure integrity of the data that is transmitted. Collision free hash function is the one which can never have same hashes of different output. If a and b are inputs such that H (a) =H (b), and a  b. User chosen passwords shall not be used directly as cryptographic keys as they have low entropy and randomness properties [2].Password is the secret value from which the cryptographic key can be generated. Figure 1 shows the statics of increasing cybercrime every year. Hence there is a need for strong key generation algorithms which can generate the keys which are nearly impossible for the hackers to crack. So, PBKDF2, Bcrypt and Scrypt provide a solution to this issue. PBKDF2 works on pseudorandom function (PRF) with fixed number of iterations, denoted as C. It takes salt, user chosen password and desired length of output key as an

Figure 1: Cybercrime every year

input. By repeating the process (PRF) to the number of iteration count, the cryptographic key is generated [9].

Fig 2: A generic diagram of PBKDF2

Increasing the computation makes it complex which is known as key stretching and resists the brute force and dictionary attacks. Bcrypt has expensive key setup schedule and is a cross platform encryption utilty. It uses EBC (Electronic Code Block) and is a cross platform encryption utility.It divides the input data into subkeys and then starts block encryption of the subkeys.The resultant is encrypted subkeys appended

ISBN: 1-60132-440-5, CSREA Press ©

Int'l Conf. Wireless Networks | ICWN'16 |

67

with some value.This process will keep on repeating until all the subkeys are hashed[3].Bcrypt has lot of computation which makes it extremely invulnerable to dictionary and brute force attack.Hence,bcrypt is very secure to use.

function slow enough to impede the attack, but still fast enough not to cause a noticeable delay for the user.[8] Following are the common features for the key derivation functions:

Scrypt is hashing algorithm which makes use of password based key derivation function. It generates large vector of pseudorandom bit strings.It takes large amount of memory and cpu cost. Many pseudorandom numbers are generated in the whole process that are stored in random access memory so it occupies immense memory space.It is considered as an expensive algorithm as each element that is generated during the time of hashing requires more memory and computation.This is very secure as it is very hard for attackers to crack this hashed message due to lack of resources and memory[11]. Section II focuses on the working of the key streching algorithms (also called Salted hashing) and how they are different from the traditional hashing. Section III contains explanation about the algorithms of PBKDF2, Bcrypt and Scrypt.

x Deterministic Functions. x One-way Functions. x Slow hashing functions. x Key stretching functions. Next section gives information about the algorithms for PBKDF2, Bcrypt and Scrypt.

II.

TRADITIONAL HASHING VS KEY DERIVATION FUNCTION

Passwords are never stored in plain-text format, so to store passwords in database, hash of the passwords are generated. Hash algorithms are one-way functions. They can turn any amount to variable data to fixed length output. The generated output is impossible to reverse to get the plaintext. Hence, it provides a level of security as there is no threat to your data even if the password file is compromised. Examples of these cryptographic hash algorithms are SHA256, SHA512, WHIRLPOOL and RipeMD[1][6]. This is traditional way of storing and securing the passwords. This type of hashing is still susceptible to cracking as there are more applications and resources available to do evil to your data. These types of passwords can be recovered with Brute Force and Dictionary attacks, lookup tables, reverse lookup tables and Rainbow tables. Salted hashing provides the security from these attacks and make password cracking extra difficult. Salt helps us to randomize the hashes [12]. It is a random string of bits which can be prepended or appended to the user chosen password before hashing the password [7]. It makes all the stored hashes unique as the salt generated different every time and needs not to be a secret. Adding salt to the passwords before hashing makes lookup table and rainbow table attacks ineffective. But passwords are still open to brute force or dictionary attacks. These few attacks are still effective because of High-end graphic cards and custom hardware that is able to compute billions of hashing per second. Password cracking can be made harder by key stretching. Purpose of key stretching is to add computation to the process of key generation to make the algorithm slow. Hence, in PBKDF2, Bcrypt and Scrypt we have a security factor which is iteration count. With the value of iteration count, we can decide how slow we want the algorithm to be. Iteration count can be chosen such that it makes hash

III. ALGORITHMS OF PBKDF2, BCRYPT AND SCRYPT PBKDF2, Bcrypt and Scrypt are the latest key derivation functions. They provide strongest password security. They have key stretching and salted hashes which makes very tough for the hacker to break into the security of these password hashes. PBKDF2 is a key generation algorithm and it is a part of RSA Public Key Cryptographic Standards (PKCS #5 V2.0).It is also published by Internet Engineering Task Force as RFC 2898.This Key derivation function is designed to be slow by increasing its computation and complexity. So it is also called key stretching function which safeguards it from many cryptographic attacks. It applies a pseudorandom function such as cryptographic hash, cipher or HMAC. PBKDF2 has following inputs: x Password (P): User chosen password which is needs to be hashed. x Number of Iterations (c): The algorithm is iterates this number of times before returning the hash password. This parameter slows down the algorithm and helps to safeguard against security attacks. x Salt: Salt is a random number which is appended to the password to make it more secure. x dkLen: Length of the derived key in octets which is at most (2^32 -1)* hlen (digest size of hash function). Output: x Derived key (DK) The effectiveness of dictionary and brute-force attacks is reduced because it is a slow algorithm and it takes lots of time for the attacker to get the original password. The salt value and number of iterations parameter makes it even harder to guess the password. The salt value which is added to password lessens the capability of rainbow attack. [4] Key Derivation process The key derivation function accepts the following input parameters. Key = PBKDF2(PRF, Password, Salt, c, dkLen) PRF is a pseudorandom function which takes two input parameters and output length hLen .Password is the master password from which a derived key is generated. Each hLen-bit block Ti of derived key DK, is computed as follows:

ISBN: 1-60132-440-5, CSREA Press ©

68

Int'l Conf. Wireless Networks | ICWN'16 |

DK = T1 || T2 || ... || Tdklen/hlen Ti = F (Password, Salt, c, i) The function f is known as xor (^) of c which iteration of chained PRFs. F (Password, Salt, c, i) = U1 ^ U2 ^ ... ^ Uc Where: U1 = PRF(Password, Salt || INT_32_BE(i)) U2 = PRF(Password, U1) ... Uc = PRF(Password, Uc-1). Basically, in order to recover passwords from the system attackers either brute force technique or the dictionary attack. The intruders estimate the passwords by using some hashing techniques and then differentiating the hashing results to store them to recognize if the results are similar with the user’s password in the system. Normal cryptographic hash functions can be used by attackers to guess huge number of passwords per second. Here comes the PBKDF2 which helps users in every way to lessen such privacy attacks and at the same time it becomes hard for intruder to guess the original passwords. They would be successful in getting few thousand passwords per second as far as PBKDF2 systems are concerned. So, PBKDF2 systems create some crucial situations that would make it impossible for hackers to attack them. Also, if we use salt in the hashing process, the ability to use precompiled hashes would be reduced by the passwords itself for attacks in the system. PBKDF2 Strategies: x Computing output in host endianess. x Vigorously lines everything in the inner loop. x Buffering and padding are not required inside loop. x Parallelization can be done for lengthy outputs. x Minimal copies can be made inside loop. Where PBKDF2 is being used? x AES Encryption scheme by WinZip. x For secure wireless networks through Wi-Fi Protected x Firefox Sync x Cisco IOS x For the protection of user passwords and pass codes in Apple’s IOS mobile operating systems. Bcrypt Bcrypt is the key derivation function for the passwords being designed for the systems. It is one of the most popular and powerful algorithms which is quite successful in restraining the password hacking and other unwanted attacks in the system. It functions similar to Blowfish Block Cipher. Therefore, this bcrypt is based on EKSBlowfish procedure which strengthens the password encryption in order to avoid attacks. It encrypts 192 bit magic values [5] by using 128-bit salt. Above all, bcrypt is using expensive key setup in Eksblowfish. There are two phases in which bcrypt algorithm is being executed. In the very first phase, the Eksblowfish Setup is called with the salt, password and cost to process the Eksblowfish state. However, the expensive key schedule consumes lots of time. On the basis of 192-bit value of

OrpheanBeholderScryDoubt is encrypted at 64 times from the previous phase to the particular state using Eksblowfish in ECB mode. The 128-bit salt would be concatenated with final result of encryption loop to provide the output. One issue with bcrypt is that salting is not good enough to hash a string. But Still Bcrypt keeps on fighting with processing power using iterations of encryption. This process is known as work or cost factor. How Bcrypt Works? Bcrypt makes use Blowfish encryption algorithm consisting of keying schedule [6]. It includes work factor as well. The hashed value being created comprises of the steps listed below: x First of all, Bcrypt algorithm version identifier is executed x Cost factor is included x Every 16-byte salt value in Bcrypt is encoded in a adapt Base-64 (22 characters) x cipher text (remaining characters) is produced For example Bcrypt hash is; $21$10$MN9CW1vkR2xSXT8jqchug.wvLZbl4mtapxK0u/S LbTcgl9Ldzlq60 It will be shown as follows: x Crypt algorithm version is 2a x It uses a Cost factor of 10 x Salt is MN9CW1vkR2xSXT8jqchug. x The cipher text comes out to wvLZbl4mtapxK0u/SLbTcgl9Ldzlq60

be

is

We are implementing Java here via Spring-security 3.2.5. Several methods are being tendered by Bcrypt object that makes the usage of API relatively easy. GenSalt is one of the general methods processed in the salt generation. The various kinds of genSalt are following: x genSalt() – In the process, gensalt() would use a cost factor of 10. In order to generate the 16-byte salt for hashing, this procedure would take a new instance of Secure-Random class. x genSalt(int log_rounds) – It uses an updated Cost Factor to the value that is stated as integer and to create the 16-byte salt , it uses a new instance of Secure-Random class. x genSalt(int log_rounds, SecureRandom) – It also uses a modified Cost Factor with the value of the specific integer. In order to create the 16-byte salt it uses the provided SecureRandom -instance. Hashed passwords can be generated easily once the salt is implemented by simple call in program; x

hashpw (String password, String salt) – The given password is hashed with the given salt.

Algorithm bcrypt(cost, salt, input) state EksBlowfishSetup(cost, salt, input) ctext "OrpheanBeholderScryDoubt" // 64-bit bocks repeat (64)

ISBN: 1-60132-440-5, CSREA Press ©

Int'l Conf. Wireless Networks | ICWN'16 |

ctext EncryptECB(state, ctext) //encrypt using standard Blowfish in ECB mode return Concatenate(cost, salt, ctext) Implementations are fluctuated in the approach of changing passwords into initial numeric values here. It leads to reducing the strength of passwords sometimes which contains special characters. [6] Cost Factor The real value of Bcrypt gives us the Cost Factor. The Present processors and technologies permits us to generate the brute force attacks easily that can select targets straight in the system. The increase in the cost factor is exponential in the cost factor (as 2^cost factor).The Cost factor being created in every process is stored as hashed value. Scrypt Scrypt is a key derivation function which is computational intensive and it consumes more time to compute. For every operation, the authenticated users have to perform the function and the time taken would be negligible as well [11]. High level of security is being provided to users and their data through this function that makes it next to impossible for the intruders to crack the original passwords. Even it is so powerful that it makes such complicated situations that the attacker won’t get the actual passwords if he makes millions of guesses too [10]. The guessing technique used is Brute Forcing. However, script functions are developed to avoid the attack attempts by increasing the requirements of resources of algorithms. Specifically, this algorithm is implemented in such a way that it should use the highest amount of memory allocated to other password based Key Derived Functions. This can be done by making both size and cost of hardware implementation for any particular device more expensive and at the same time parallelism used by an attacker should be of minimum amount for the limited amount of financial resources[10]. Function scrypt(Passphrase,Salt,N,p,dkLen): (B0 ... Bp    !" 1, p * MFLen) for i = 0 to p-1 do Bi #$#& end for Output    '**+++ Bp? MFLen - Length of block mixed by SMix() hLen – length of produced by HMAC_SHA256() dkLen- output length, positive integer satisfying dkLen \ (232^>?+ N- CPU/memory cost parameter. p - Parallelization parameter; a positive integer satisfying p \ (232^>?_>?+ We have applied these algorithms in our application to check how much time they are taking to create the hash. Also, we can analyze the behavior of each algorithm as we are varying the even parameters in the 3 algorithms. Next section will explain about the application.

69

IV. IMPLEMENTATION OF PBKDF2,BCRYPT AND SCRYPT We have implemented an android application where we are securing the contacts numbers saved on the android device by using these 3 algorithms. User can select any one of these 3 algorithms to generate the encrypted contacts. We are measuring the performance of the algorithms by varying the input parameters which are common in all 3 algorithms. Here are the software (Table I) and hardware specification (Table II) for the application. Table1. Software Specification

Type

Specification

Operating system Language Version Back-end Server Tool

Windows, Linux Java Server Pages JDK 1.7 MySQL(XAMPP Server) Apache Netbeans, Elipse

Table II. Hardware Specification

Type

Specification

Processor Clock Speed Ram Capacity Hard Disk Drive Monitor

PENTIUM IV 2.7 GHZ 1 GB 250 GB 15 VGA Color

‘Contact Securing Application’ is an android application where user can register with his credentials and will use those credentials to login in the application. That password will be stored in hashed version which will be in non-readable format to humans. User can use that password to decrypt his contacts later in the application. This user chosen password will be used as input to the one of the 3 key generation algorithms (PBKDF2, Bcrypt and Scrypt).The cryptographic key generated by these algorithms will be used as input to AES algorithm (128 bit) which is used to encrypt the contact numbers. Figure 3 is the Login page of the application. It will appear when user runs the application. Here, we have Email and password as text fields, sign-in and register button. User needs to create an account if he does not have one. User can redirect to registration page while hitting register button; otherwise he can directly sign in. Valid credential will lead him to the next screen. An error message will appear in case of incorrect credentials.

ISBN: 1-60132-440-5, CSREA Press ©

Figure 3. Login Screen

70

Int'l Conf. Wireless Networks | ICWN'16 |

On clicking the register button, register screen will be shown as in figure 4.We have 3 textboxes; name, email id and password. On clicking register, all his information will be stored in the database.

Figure 6 Encryption

Here, it is showing all the contact numbers that are stored in the android device. On tapping ‘Start Encrypt’ button, the contact numbers will start encrypting. Processing will be shown on screen (figure 7).

Figure 4.Registration

After creating an account and login, User will be navigated to next screen (Figure 5).Here we have 3 buttons that are having the name of 3 algorithms on them, respectively. User can select any of the algorithms to encrypt his contacts. We also have a graph button here which will show in time taken (in nanoseconds) to generate the hash. After using all 3 algorithms, user can compare the time taken by 3 algorithms. The ‘Logout’ Button will help user to log the application out.

Figure 7 Encryption Process

After encrypting, we can also decrypt the contact numbers but it will need the same password. Here, authenticity of the user can be verified. Only the intended user, who has encrypted the contacts, can decrypt them. See Figure 8.

Figure 5 Home Screen

On choosing any one of them, Figure 6 is the next screen that will pop up on the android device.

ISBN: 1-60132-440-5, CSREA Press ©

Int'l Conf. Wireless Networks | ICWN'16 |

71

Table 3. Constant parameters

Parameters Salt(bytes) Iteration count(int)

PBKDF2 16 1000

Bcrypt 16 1000

Scrypt 16 1000

1200

Figure 8 Decryption

We can click ’Home’ button to go back to the home screen where 3 algorithms are listed (Figure 5). We can try encrypting the contact numbers using all the three algorithms one by one. After we are done doing that, there is graph button on home screen (Figure 5) to check the performance of each algorithm.

Ti me in mil lis ec on ds

1000 Key Length=16 bits

800 600

Key Length=32 bits

400

Key Length=64 bits

200 0 PBKDF2

Bcrypt

Scrypt

Figure 10. Varying Key Length

Figure 10 shows the performance when we have kept Salt (Bytes) and Iteration Count (integer) as constant and we are varying the Key Length. Constant parameters are shown in Table 3. In the graph, the first 3 bars are of PBKDF2 with different key lengths (16 bits, 32 bits and 64 bits). Table 4. Constant Parameters

Parameters Salt(bytes) Key Length(bytes)

Ti me in Mil lise co nd

Figure 9 performance Graph

On taping the graph button, Figure 9 will appear on screen. Let us see how the performance of the algorithms varies if we change some important and even parameters in these algorithms. Next section is about performance analysis.

V.

TESTS AND RESULTS

For testing purpose, we experimented by varying the even parameters: salt value, key length and Number of iterations. We will take these three parameters as basis and will compare the output on the basis of these parameters in terms of time taken to generate the hash of the password.

PBKDF2 16 128

Bcrypt 16 128

Scrypt 16 128

700 600 Iteration Count=10

500 400

Iteration Count=100

300 200

Iteration Count=500

100 0 PBKDF2

Bcrypt

Scrypt

Figure 11: varying iteration counts

The 3 bars of each algorithm is showing the time taken in milliseconds with Salt (bytes) and Key Length (bytes) as constant( as shown in table 4) with different variation count( 10,100 and 500). Table 5 constant parameters

Parameters Salt(bytes) Key Length(bytes)

PBKDF2 16 128

ISBN: 1-60132-440-5, CSREA Press ©

Bcrypt 16 128

Scrypt 16 128

72

Int'l Conf. Wireless Networks | ICWN'16 |

Ti me in Mil lise co nd

800 600

Salt=32 bytes

400

5.

Salt=64 bytes

200

Salt=128 bytes

0 PBKDF2 Bcrypt

6.

Scrypt

Figure 12. Varying Salt value

In the last graph, we have kept Salt (bytes) and Key Length as constant as in table 5.3 and we are changing salt to 3 cases (32 bytes, 64 bytes and128 bytes).

VI. CONCLUSION AND FUTURE

7.

8.

IMPLEMENTATION Security is the major issue in today’s paperless world. There are lots of applications that are running on PBKDF2 and are working very successfully. They are considered The Best Password Managers for 2016[13]. In our application, we have presented the performance analysis of the three algorithms. These algorithms are already implemented on desktop platform. So, we have chosen the mobile platform to measure the performance of these algorithms. We have concluded that PBKDF2 is fast and can be considered the best among 3 algorithms. But PBKDF2 is cracked as reported in the news [14]. Bcrypt is slow because it is using Blowfish which is using iterations as 2 to the power number of iterations parameters. Bcrypt and Scrypt are memory hard functions. They take large resources and computation power to crack. Hence, they are nearly impossible to crack. There is utmost need to have strong password as well as manage them well. So, these algorithms provide solution to the problem of password generation and management. With all performance tests, we are clear that which algorithm is providing what type of security. In future, we are trying to modify it as multimedia securing application. Also, we will try to implement it on platforms other than android like iOS.

9. 10. 11. 12.

13. 14.

2015). Web. https://engineering.purdue.edu/kak/compsec/NewLe ctures/Lecture24.pdf. Assurance Technologies. (2015). passlib.hash.bcrypt BCrypt. http://pythonhosted.org/passlib/lib/passlib.hash.bcr ypt.html. Bansal, S. K. (April 10, 2014). “Securing Passwords with Bcrypt Hashing Function”. Retrived from: http://thehackernews.com/2014/04/securingpasswords-with-bcrypt-hashing.html. Bard, A. (July 11, 2013). “3 Wrong Ways to Store a Password And 5 code samples doing it right”. https://adambard.com/blog/3-wrong-ways-to-storea-password/. Provos, N., Mazières, D., (June 1999).”A FutureAdaptable Password Scheme”. USENIX '99, Freenix Track. Monterey, CA. http://www.usenix.org/events/usenix99/provos.htm Bezzi, M., & al., e. (2011). "Data privacy". In Camenisch, Jan et al. Privacy and Identity Management for Life. Springer, 185–186. C. Percival, S. J. (2012-09-17). “The scrypt Password-Based Key Derivation Function”. IETF. CoinPursuit . (2014 ). “SHA-256 and Scrypt Mining Algorithms”. Retrived from: CoinPursuit. Goldberg, J. (June 6, 2012). A salt-free diet is bad for your security. Retrieved from: https://blog.agilebits.com/2012/06/06/a-salt-freeDiet-is-bad-for-your-security/. "The Best Password Managers for 2016." PCMAG. Web. 18 Mar. 2016. Goldberg, Jeffrey. "Crackers Report Great News for 1Password4." 10 Mar. 2014. https://blog.agilebits.com/2014/03/10/crackersreport-great-news-for-1password-4/.

VII. REFERENCES 1.

2.

3.

4.

S. K. Pal, D. Bhardwaj, R. Kumar and V. Bhatia, "A New Cryptographic Hash Function based on Latin Squares and Non-linear Transformations," Advance Computing Conference, 2009. IACC 2009. IEEE International, Patiala, 2009, pp. 862-867 Turan, M. S., E. B. Barker, W. E. Burr, and L. Chen (December 2010). “Recommendation for Password-based Key Derivation”.http://csrc.nist.gov/publications/nistpu bs/800-132/nist-sp800-132.pdf. Antonopoulos, A. M. (3 December 2014). “Mastering Bitcoin: Unlocking Digital Cryptocurrencies”. O'Reilly Media, 221-223. Kak, Avi. "Lecture 24: The Dictionary Attack and the Rainbow-Table ..." Purdue University, (27 Apr.

ISBN: 1-60132-440-5, CSREA Press ©

Int'l Conf. Wireless Networks | ICWN'16 |

73

>~|~"~!"#~?"~”€?~€#!#"#?‡"#"# !~?#‰•~