Abstract
There has been an increasing interest of integrating blockchain into cyber-physical systems (CPS). The design of password hashing schemes (PHSs) is in the core of blockchain security. However, no existing PHS seems to meet both the requirements of sufficient security and small code size for blockchain-based CPSs. In this article, a novel memory-hard PHS based on the classic PBKDF2 is proposed. Evaluation results show that the proposed scheme is promising for blockchain-based CPS, as it manages to provide enhanced security in comparison to PBKDF2 with limited increase in code size.
- Arogyalokesh. 2018. Understanding the Blockchain. Retrieved from https://mindmajix.com/understanding-the-blockchain.Google Scholar
- 1password support team. 2019. How PBKDF2 strengthens your Master Password. Retrieved from https://support.1password.com/pbkdf2/.Google Scholar
- Dmitry Khovratovich Alex Biryukov. 2015. Argon2. Retrieved from https://www.password-hashing.net/submissions/specs/Argon-v3.pdf.Google Scholar
- Roman Beck. 2018. Beyond bitcoin: The rise of blockchain world. IEEE Comput. 51, 2 (2018), 54–58.Google Scholar
Cross Ref
- Daniel J. Bernstein. 2007. The Salsa20 family of stream ciphers, eSTREAM project. Retrieved from http://cr.yp.to/papers.html#salsafamily.Google Scholar
- Alex Biryukov. 2017. Proofs of work—The engines of trust. ERCIM News 2017, 110 (2017). Retrieved from https://ercim-news.ercim.eu/en110/special/proofs-of-work-the-engines-of-trust.Google Scholar
- Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich. 2016. Argon2: New generation of memory-hard functions for password hashing and other applications. In Proceedings of the IEEE European Symposium on Security and Privacy. IEEE, 292–302. DOI:https://doi.org/10.1109/EuroSP.2016.31Google Scholar
Cross Ref
- Xingjuan Cai, Yun Niu, Shaojin Geng, Jiangjiang Zhang, Zhihua Cui, Jianwei Li, and Jinjun Chen. 2019. An under-sampled software defect prediction method based on hybrid multi-objective cuckoo search. Concurr. Comput.: Pract. Exper. (2019), e5478. DOI:https://doi.org/10.1002/cpe.5478Google Scholar
- Jiwon Choe, Tali Moreshet, R. Iris Bahar, and Maurice Herlihy. 2019. Attacking memory-hard scrypt with near-data-processing. In Proceedings of the International Symposium on Memory Systems. ACM, 33–37. DOI:https://doi.org/10.1145/3357526.3357570 Google Scholar
Digital Library
- Omar Choudary, Felix Gröbert, and Joachim Metz. 2012. Infiltrate the vault: Security analysis and decryption of lion full disk encryption. IACR Cryptology ePrint Archive 2012 (2012), 374. Retrieved from http://eprint.iacr.org/2012/374.Google Scholar
- Michael Crosby, Pradan Pattanayak, Sanjeev Verma, and Vignesh Kalyanaraman. 2016. Blockchain technology: Beyond bitcoin. Appl. Innov. 2 (2016), 6–10.Google Scholar
- Mianxiong Dong, Kaoru Ota, Laurence T. Yang, Anfeng Liu, and Minyi Guo. 2016. LSCD: A low-storage clone detection protocol for cyber-physical systems. IEEE Trans. CAD Integ Circ Syst 35, 5 (2016), 712–723. DOI:https://doi.org/10.1109/TCAD.2016.2539327 Google Scholar
Digital Library
- Levent Ertaul, Manpreet Kaur, and Venkata Arun Kumar R. Gudise. 2016. Implementation and performance analysis of PBKDF2, Bcrypt, Scrypt algorithms. In Proceedings of the International Conference on Wireless Networks (ICWN’16). 66.Google Scholar
- Christian Forler, Stefan Lucks, and Jakob Wenzel. 2014. Memory-demanding password scrambling. In Proceedings of the 20th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT’14) 2014 (Lecture Notes in Computer Science), Palash Sarkar and Tetsu Iwata (Eds.), Vol. 8874. Springer, 289–305. DOI:https://doi.org/10.1007/978-3-662-45608-8_16Google Scholar
Cross Ref
- Christian Forler, Stefan Lucks, and Jakob Wenzel. 2015. The Catena Password-Scrambling Framework. Retrieved from https://www.password-hashing.net/submissions/specs/Catena-v5.pdf.Google Scholar
- Clemens Fruhwirth. 2018. LUKS1 On-Disk Format SpecificationVersion 1.2.3. Retrieved from https://gitlab.com/cryptsetup/cryptsetup/wikis/LUKS-standard/on-disk-format.pdf.Google Scholar
- Jairo Giraldo, David I. Urbina, Alvaro Cardenas, Junia Valente, Mustafa Amir Faisal, Justin Ruths, Nils Ole Tippenhauer, Henrik Sandberg, and Richard Candell. 2018. A survey of physics-based attack detection in cyber-physical systems. ACM Comput. Surv. 51, 4 (2018), 76:1–76:36. DOI:https://doi.org/10.1145/3203245 Google Scholar
Digital Library
- Jeremi Gosney. 2015. Pufferfish2. Retrieved from https://github.com/epixoip/pufferfish.Google Scholar
- Reuben Grinberg. December 9, 2011. Bitcoin: An innovative alternative digital currency. Hastings Sci. Technol. Law J. Vol. 4 (Dec. 9, 2011).Google Scholar
- Muneeb Ul Hassan, Mubashir Husain Rehmani, and Jinjun Chen. 2019. DEAL: Differentially private auction for blockchain based microgrids energy trading. IEEE Trans. Serv. Comput. (2019), 1–1. DOI:https://doi.org/10.1109/TSC.2019.2947471Google Scholar
- Muneeb Ul Hassan, Mubashir Husain Rehmani, and Jinjun Chen. 2020. Differential privacy techniques for cyber physical systems: A survey. IEEE Commun. Surv. Tutor. 22, 1 (2020), 746–789. DOI:https://doi.org/10.1109/COMST.2019.2944748Google Scholar
Digital Library
- George Hatzivasilis, Ioannis Papaefstathiou, and Charalampos Manifavas. 2015. Password hashing competition—Survey and benchmark. IACR Cryptology ePrint Archive 2015 (2015), 265. Retrieved from http://eprint.iacr.org/2015/265Google Scholar
- Wu Hongjun. 2015. POMELO: A Password Hashing Algorithm. Retrieved from https://www.password-hashing.net/submissions/specs/POMELO-v1.pdf.Google Scholar
- Kaixing Huang, Chunjie Zhou, Yuanqing Qin, and Weixun Tu. 2020. A game-theoretic approach to cross-layer security decision-making in industrial cyber-physical systems. IEEE Trans. Industr. Electron. 67, 3 (2020), 2371–2379. DOI:https://doi.org/10.1109/TIE.2019.2907451Google Scholar
Cross Ref
- Abdulmalik Humayed, Jingqiang Lin, Fengjun Li, and Bo Luo. 2017. Cyber-physical systems security—A survey. IEEE Internet Things J. 4, 6 (2017), 1802–1831. DOI:https://doi.org/10.1109/JIOT.2017.2703172Google Scholar
Cross Ref
- Marcos A. Simplicio Jr, Leonardo C. Almeida, Ewerton R. Andrade, Paulo C. F. dos Santos, and Paulo S. L. M. Barreto. 2015. The Lyra2 reference guide. Retrieved from https://www.password-hashing.net/submissions/specs/Lyra2-v3.pdf.Google Scholar
- Burt Kaliski. 2000. PKCS #5: Password-based cryptography specification version 2.0. RFC 2898 (2000), 1–34. DOI:https://doi.org/10.17487/RFC2898Google Scholar
- Siddhartha Kumar Khaitan and James D. McCalley. 2015. Design techniques and applications of cyberphysical systems: A survey. IEEE Syst. J. 9, 2 (2015), 350–365. DOI:https://doi.org/10.1109/JSYST.2014.2322503Google Scholar
Cross Ref
- Hugo Krawczyk, Mihir Bellare, and Ran Canetti. 1997. HMAC: Keyed-hashing for message authentication. RFC 2104 (1997), 1–11. DOI:https://doi.org/10.17487/RFC2104Google Scholar
Digital Library
- Xueping Liang, Sachin Shetty, Deepak K. Tosh, Juan Zhao, Danyi Li, and Jihong Liu. 2018. A reliable data provenance and privacy preservation architecture for business-driven cyber-physical systems using blockchain. Int. J. Inf. Sec. Priv. 12, 4 (2018), 68–81. DOI:https://doi.org/10.4018/IJISP.2018100105Google Scholar
Cross Ref
- Katja Malvoni, Solar Designer, and Josip Knezovic. 2014. Are your passwords safe: Energy-efficient bcrypt cracking with low-cost parallel hardware. In Proceedings of the 8th USENIX Workshop on Offensive Technologies, Sergey Bratus and Felix “FX” Lindner (Eds.). USENIX Association. Retrieved from https://www.usenix.org/conference/woot14/workshop-program/presentation/malvani. Google Scholar
Digital Library
- Robert Mitchell and Ing-Ray Chen. 2013. A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. 46, 4 (2013), 55:1–55:29. DOI:https://doi.org/10.1145/2542049 Google Scholar
Digital Library
- Colin Percival. 2009. Stronger Key Derivation via Sequential Memory-hard Functions. BSDCan.Google Scholar
- Alexander Peslyak. 2015. Escrypt—A password hashing competition submission. Retrieved from https://www.password-hashing.net/submissions/specs/yescrypt-v2.pdf.Google Scholar
- Thomas Pornin. 2015. The MAKWA Password Hashing Function. Retrieved from https://www.password-hashing.net/submissions/specs/Makwa-v1.pdf.Google Scholar
- Niels Provos and David Mazières. 1999. A future-adaptable password scheme. In Proceedings of the FREENIX Track: 1999 USENIX Annual Technical Conference. USENIX, 81–91. Retrieved from http://www.usenix.org/events/usenix99/provos.html. Google Scholar
Digital Library
- Nakamoto Satoshi. 2008. Bitcoin A Peer-to-Peer Electronic Cash System. Retrieved from http://Bitcoin.Orgbitcoin.pdf.Google Scholar
- Bruce Schneier. 1993. Description of a new variable-length key, 64-bit block cipher (Blowfish). In Proceedings of the Cambridge Security Workshop: Fast Software Encryption (Lecture Notes in Computer Science), Ross J. Anderson (Ed.), Vol. 809. Springer, 191–204. DOI:https://doi.org/10.1007/3-540-58108-1_24 Google Scholar
Digital Library
- Lui Sha, Sathish Gopalakrishnan, Xue Liu, and Qixin Wang. 2008. Cyber-physical systems: A new frontier. In Proceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, Mukesh Singhal, Giovanna Di Marzo Serugendo, Jeffrey J. P. Tsai, Wang-Chien Lee, Kay Römer, Yu-Chee Tseng, and Han C. W. Hsiao (Eds.). IEEE Computer Society, 1–9. DOI:https://doi.org/10.1109/SUTC.2008.85 Google Scholar
Digital Library
- Steven Thomas. 2014. battcrypt (Blowfish All The Things). Retrieved from https://www.password-hashing.net/submissions/specs/battcrypt-v0.pdf.Google Scholar
- Steve Thomas. 2015. Parallel. Retrieved from https://www.password-hashing.net/submissions/specs/Parallel-v1.pdf.Google Scholar
- Meltem Sönmez Turan, Elaine Barker, William Burr, and Lily Chen. 2010. Recommendation for password-based key derivation. NIST Spec. Public. 800 (2010), 132.Google Scholar
- Andrea Visconti, Ondrej Mosnáček, Milan Brož, and Vashek Matyáš. 2019. Examining PBKDF2 security margin—Case study of LUKS. J. Inf. Sec. Applic. 46 (2019), 296–306.Google Scholar
- Penghong Wang, Jianrou Huang, Zhihua Cui, Liping Xie, and Jinjun Chen. 2019. A Gaussian error correction multi-objective positioning model with NSGA-II. Concurr. Comput.: Pract. Exper. (2019), e5464. DOI:https://doi.org/10.1002/cpe.5464Google Scholar
- Jun Wu, Mianxiong Dong, Kaoru Ota, Jianhua Li, and Zhitao Guan. 2018. Big data analysis-based secure cluster management for optimized control plane in software-defined networks. IEEE Trans. Netw. Serv. Manag. 15, 1 (2018), 27–38. DOI:https://doi.org/10.1109/TNSM.2018.2799000Google Scholar
Cross Ref
- Zhenyu Zhou, Bingchen Wang, Mianxiong Dong, and Kaoru Ota. 2020. Secure and efficient vehicle-to-grid energy trading in cyber physical systems: Integration of blockchain and edge computing. IEEE Trans. Syst., Man. Cyber.: Syst. 50, 1 (2020), 43–57. DOI:https://doi.org/10.1109/TSMC.2019.2896323Google Scholar
Cross Ref
Index Terms
A Novel Memory-hard Password Hashing Scheme for Blockchain-based Cyber-physical Systems
Recommendations
Blockchain Enabled Cyber-Physical Society Framework
AbstractBlockchain is a disrupting technology that is transforming the technological ecosystem that drives and governs the transactions. Establishing the distributed trust in the cyber-physical society without any intermediaries has the potential to ...
Blockchain for Cyber-Physical System in Manufacturing
SoICT '19: Proceedings of the 10th International Symposium on Information and Communication TechnologyThis paper proposed a blockchain manufacturing framework that involves the utilization of secondary validation and collaborative distribution concepts. Conventional and blockchain manufacturing simulators were developed to investigate the effects of ...






Comments