Software Implementation of a SRAM PUF-Based Password Manager
The main goal of narrating the password-management protocol is to reduce the prevalent attacks on cyber-physical systems such as the hacking of databases of User-ID-Password pairs and side-channel analysis. The architecture uses a hash function to hash th
- PDF / 4,569,808 Bytes
- 19 Pages / 439.37 x 666.142 pts Page_size
- 3 Downloads / 220 Views
Abstract. The main goal of narrating the password-management protocol is to reduce the prevalent attacks on cyber-physical systems such as the hacking of databases of User-ID-Password pairs and side-channel analysis. The architecture uses a hash function to hash the password and user ID has weakness can help to crack the password. So, the architecture utilizes both hash function and the Addressable Physical unclonable function (PUF) Generator (APG) to authenticate clients on the network without keeping the real format of passwords in the database. The hash function and APG together are more difficult to attack because they are unclonable, have a high level of randomness, and do not depend on storing information. This paper shows a simulation prototype for how the password manager protocol can work depending on the SHA-3-512 and SRAM PUF. Furthermore, the paper shows how to encrypt the database content of password manager by using the SRAM PUF and provides a software solution of the noise of SRAM PUF to reduce the rate of false rejections for the real user and false acceptance for the not existing user. Keywords: Password management · Physical unclonable function · Hash functions · SRAM PUF with password manager · Authentication · New user · Exist user
1 Introduction A password is an authentication mechanism that provides the ability to access systems, applications, or accounts online. In general, a password is a string of characters used to verify the identity of a user during the authentication process where most passwords are used with a username (USER ID). By design, only the user knows the password (PW) and USER ID (UID) needed to gain access to a device, application, or website. The simplest way to store passwords is in a database (DB) and create a table that contains the USERID and PW. The DB table keeps all of the UIDs and PWs in ‘plain text’ humanreadable format [1]. For example, the user may set the UID and PW to BoB2019 and assEDA123/!, respectively. Subsequently, the UID and the PW will be saved in the DB table [1–3]. Should an intruder be able to hack the DB, then they will easily read all of the UID and DB content. For this reason, the UID and PW data that has been stored in plain © Springer Nature Switzerland AG 2020 K. Arai et al. (Eds.): SAI 2020, AISC 1230, pp. 361–379, 2020. https://doi.org/10.1007/978-3-030-52243-8_26
362
S. Assiri et al.
text formatted is vulnerable to be compromised. Consequently, in security terms, one of the worst possible methods used by some websites and applications, is to store a UID and PW in the original form plaintext format [1–3]. The vulnerability of DBs containing user ids and passwords is of major concern for information technology developers. It prompts investigation of a solution that will help make the content of DBs unreadable from hackers understanding the DB content [1, 2]. One solution is to encrypt the content of the DB by using the hash function to obtain the message digest (MD) [2–4]. Where in this solution, the real plaintext UID and PW are replaced
Data Loading...