skip to main content
research-article

A Novel Memory-hard Password Hashing Scheme for Blockchain-based Cyber-physical Systems

Authors Info & Claims
Published:08 March 2021Publication History
Skip Abstract Section

Abstract

There has been an increasing interest of integrating blockchain into cyber-physical systems (CPS). The design of password hashing schemes (PHSs) is in the core of blockchain security. However, no existing PHS seems to meet both the requirements of sufficient security and small code size for blockchain-based CPSs. In this article, a novel memory-hard PHS based on the classic PBKDF2 is proposed. Evaluation results show that the proposed scheme is promising for blockchain-based CPS, as it manages to provide enhanced security in comparison to PBKDF2 with limited increase in code size.

References

  1. Arogyalokesh. 2018. Understanding the Blockchain. Retrieved from https://mindmajix.com/understanding-the-blockchain.Google ScholarGoogle Scholar
  2. 1password support team. 2019. How PBKDF2 strengthens your Master Password. Retrieved from https://support.1password.com/pbkdf2/.Google ScholarGoogle Scholar
  3. Dmitry Khovratovich Alex Biryukov. 2015. Argon2. Retrieved from https://www.password-hashing.net/submissions/specs/Argon-v3.pdf.Google ScholarGoogle Scholar
  4. Roman Beck. 2018. Beyond bitcoin: The rise of blockchain world. IEEE Comput. 51, 2 (2018), 54–58.Google ScholarGoogle ScholarCross RefCross Ref
  5. Daniel J. Bernstein. 2007. The Salsa20 family of stream ciphers, eSTREAM project. Retrieved from http://cr.yp.to/papers.html#salsafamily.Google ScholarGoogle Scholar
  6. Alex Biryukov. 2017. Proofs of work—The engines of trust. ERCIM News 2017, 110 (2017). Retrieved from https://ercim-news.ercim.eu/en110/special/proofs-of-work-the-engines-of-trust.Google ScholarGoogle Scholar
  7. Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich. 2016. Argon2: New generation of memory-hard functions for password hashing and other applications. In Proceedings of the IEEE European Symposium on Security and Privacy. IEEE, 292–302. DOI:https://doi.org/10.1109/EuroSP.2016.31Google ScholarGoogle ScholarCross RefCross Ref
  8. Xingjuan Cai, Yun Niu, Shaojin Geng, Jiangjiang Zhang, Zhihua Cui, Jianwei Li, and Jinjun Chen. 2019. An under-sampled software defect prediction method based on hybrid multi-objective cuckoo search. Concurr. Comput.: Pract. Exper. (2019), e5478. DOI:https://doi.org/10.1002/cpe.5478Google ScholarGoogle Scholar
  9. Jiwon Choe, Tali Moreshet, R. Iris Bahar, and Maurice Herlihy. 2019. Attacking memory-hard scrypt with near-data-processing. In Proceedings of the International Symposium on Memory Systems. ACM, 33–37. DOI:https://doi.org/10.1145/3357526.3357570 Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Omar Choudary, Felix Gröbert, and Joachim Metz. 2012. Infiltrate the vault: Security analysis and decryption of lion full disk encryption. IACR Cryptology ePrint Archive 2012 (2012), 374. Retrieved from http://eprint.iacr.org/2012/374.Google ScholarGoogle Scholar
  11. Michael Crosby, Pradan Pattanayak, Sanjeev Verma, and Vignesh Kalyanaraman. 2016. Blockchain technology: Beyond bitcoin. Appl. Innov. 2 (2016), 6–10.Google ScholarGoogle Scholar
  12. Mianxiong Dong, Kaoru Ota, Laurence T. Yang, Anfeng Liu, and Minyi Guo. 2016. LSCD: A low-storage clone detection protocol for cyber-physical systems. IEEE Trans. CAD Integ Circ Syst 35, 5 (2016), 712–723. DOI:https://doi.org/10.1109/TCAD.2016.2539327 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Levent Ertaul, Manpreet Kaur, and Venkata Arun Kumar R. Gudise. 2016. Implementation and performance analysis of PBKDF2, Bcrypt, Scrypt algorithms. In Proceedings of the International Conference on Wireless Networks (ICWN’16). 66.Google ScholarGoogle Scholar
  14. Christian Forler, Stefan Lucks, and Jakob Wenzel. 2014. Memory-demanding password scrambling. In Proceedings of the 20th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT’14) 2014 (Lecture Notes in Computer Science), Palash Sarkar and Tetsu Iwata (Eds.), Vol. 8874. Springer, 289–305. DOI:https://doi.org/10.1007/978-3-662-45608-8_16Google ScholarGoogle ScholarCross RefCross Ref
  15. Christian Forler, Stefan Lucks, and Jakob Wenzel. 2015. The Catena Password-Scrambling Framework. Retrieved from https://www.password-hashing.net/submissions/specs/Catena-v5.pdf.Google ScholarGoogle Scholar
  16. Clemens Fruhwirth. 2018. LUKS1 On-Disk Format SpecificationVersion 1.2.3. Retrieved from https://gitlab.com/cryptsetup/cryptsetup/wikis/LUKS-standard/on-disk-format.pdf.Google ScholarGoogle Scholar
  17. Jairo Giraldo, David I. Urbina, Alvaro Cardenas, Junia Valente, Mustafa Amir Faisal, Justin Ruths, Nils Ole Tippenhauer, Henrik Sandberg, and Richard Candell. 2018. A survey of physics-based attack detection in cyber-physical systems. ACM Comput. Surv. 51, 4 (2018), 76:1–76:36. DOI:https://doi.org/10.1145/3203245 Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Jeremi Gosney. 2015. Pufferfish2. Retrieved from https://github.com/epixoip/pufferfish.Google ScholarGoogle Scholar
  19. Reuben Grinberg. December 9, 2011. Bitcoin: An innovative alternative digital currency. Hastings Sci. Technol. Law J. Vol. 4 (Dec. 9, 2011).Google ScholarGoogle Scholar
  20. Muneeb Ul Hassan, Mubashir Husain Rehmani, and Jinjun Chen. 2019. DEAL: Differentially private auction for blockchain based microgrids energy trading. IEEE Trans. Serv. Comput. (2019), 1–1. DOI:https://doi.org/10.1109/TSC.2019.2947471Google ScholarGoogle Scholar
  21. Muneeb Ul Hassan, Mubashir Husain Rehmani, and Jinjun Chen. 2020. Differential privacy techniques for cyber physical systems: A survey. IEEE Commun. Surv. Tutor. 22, 1 (2020), 746–789. DOI:https://doi.org/10.1109/COMST.2019.2944748Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. George Hatzivasilis, Ioannis Papaefstathiou, and Charalampos Manifavas. 2015. Password hashing competition—Survey and benchmark. IACR Cryptology ePrint Archive 2015 (2015), 265. Retrieved from http://eprint.iacr.org/2015/265Google ScholarGoogle Scholar
  23. Wu Hongjun. 2015. POMELO: A Password Hashing Algorithm. Retrieved from https://www.password-hashing.net/submissions/specs/POMELO-v1.pdf.Google ScholarGoogle Scholar
  24. Kaixing Huang, Chunjie Zhou, Yuanqing Qin, and Weixun Tu. 2020. A game-theoretic approach to cross-layer security decision-making in industrial cyber-physical systems. IEEE Trans. Industr. Electron. 67, 3 (2020), 2371–2379. DOI:https://doi.org/10.1109/TIE.2019.2907451Google ScholarGoogle ScholarCross RefCross Ref
  25. Abdulmalik Humayed, Jingqiang Lin, Fengjun Li, and Bo Luo. 2017. Cyber-physical systems security—A survey. IEEE Internet Things J. 4, 6 (2017), 1802–1831. DOI:https://doi.org/10.1109/JIOT.2017.2703172Google ScholarGoogle ScholarCross RefCross Ref
  26. Marcos A. Simplicio Jr, Leonardo C. Almeida, Ewerton R. Andrade, Paulo C. F. dos Santos, and Paulo S. L. M. Barreto. 2015. The Lyra2 reference guide. Retrieved from https://www.password-hashing.net/submissions/specs/Lyra2-v3.pdf.Google ScholarGoogle Scholar
  27. Burt Kaliski. 2000. PKCS #5: Password-based cryptography specification version 2.0. RFC 2898 (2000), 1–34. DOI:https://doi.org/10.17487/RFC2898Google ScholarGoogle Scholar
  28. Siddhartha Kumar Khaitan and James D. McCalley. 2015. Design techniques and applications of cyberphysical systems: A survey. IEEE Syst. J. 9, 2 (2015), 350–365. DOI:https://doi.org/10.1109/JSYST.2014.2322503Google ScholarGoogle ScholarCross RefCross Ref
  29. Hugo Krawczyk, Mihir Bellare, and Ran Canetti. 1997. HMAC: Keyed-hashing for message authentication. RFC 2104 (1997), 1–11. DOI:https://doi.org/10.17487/RFC2104Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Xueping Liang, Sachin Shetty, Deepak K. Tosh, Juan Zhao, Danyi Li, and Jihong Liu. 2018. A reliable data provenance and privacy preservation architecture for business-driven cyber-physical systems using blockchain. Int. J. Inf. Sec. Priv. 12, 4 (2018), 68–81. DOI:https://doi.org/10.4018/IJISP.2018100105Google ScholarGoogle ScholarCross RefCross Ref
  31. Katja Malvoni, Solar Designer, and Josip Knezovic. 2014. Are your passwords safe: Energy-efficient bcrypt cracking with low-cost parallel hardware. In Proceedings of the 8th USENIX Workshop on Offensive Technologies, Sergey Bratus and Felix “FX” Lindner (Eds.). USENIX Association. Retrieved from https://www.usenix.org/conference/woot14/workshop-program/presentation/malvani. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Robert Mitchell and Ing-Ray Chen. 2013. A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. 46, 4 (2013), 55:1–55:29. DOI:https://doi.org/10.1145/2542049 Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Colin Percival. 2009. Stronger Key Derivation via Sequential Memory-hard Functions. BSDCan.Google ScholarGoogle Scholar
  34. Alexander Peslyak. 2015. Escrypt—A password hashing competition submission. Retrieved from https://www.password-hashing.net/submissions/specs/yescrypt-v2.pdf.Google ScholarGoogle Scholar
  35. Thomas Pornin. 2015. The MAKWA Password Hashing Function. Retrieved from https://www.password-hashing.net/submissions/specs/Makwa-v1.pdf.Google ScholarGoogle Scholar
  36. Niels Provos and David Mazières. 1999. A future-adaptable password scheme. In Proceedings of the FREENIX Track: 1999 USENIX Annual Technical Conference. USENIX, 81–91. Retrieved from http://www.usenix.org/events/usenix99/provos.html. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Nakamoto Satoshi. 2008. Bitcoin A Peer-to-Peer Electronic Cash System. Retrieved from http://Bitcoin.Orgbitcoin.pdf.Google ScholarGoogle Scholar
  38. Bruce Schneier. 1993. Description of a new variable-length key, 64-bit block cipher (Blowfish). In Proceedings of the Cambridge Security Workshop: Fast Software Encryption (Lecture Notes in Computer Science), Ross J. Anderson (Ed.), Vol. 809. Springer, 191–204. DOI:https://doi.org/10.1007/3-540-58108-1_24 Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Lui Sha, Sathish Gopalakrishnan, Xue Liu, and Qixin Wang. 2008. Cyber-physical systems: A new frontier. In Proceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, Mukesh Singhal, Giovanna Di Marzo Serugendo, Jeffrey J. P. Tsai, Wang-Chien Lee, Kay Römer, Yu-Chee Tseng, and Han C. W. Hsiao (Eds.). IEEE Computer Society, 1–9. DOI:https://doi.org/10.1109/SUTC.2008.85 Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Steven Thomas. 2014. battcrypt (Blowfish All The Things). Retrieved from https://www.password-hashing.net/submissions/specs/battcrypt-v0.pdf.Google ScholarGoogle Scholar
  41. Steve Thomas. 2015. Parallel. Retrieved from https://www.password-hashing.net/submissions/specs/Parallel-v1.pdf.Google ScholarGoogle Scholar
  42. Meltem Sönmez Turan, Elaine Barker, William Burr, and Lily Chen. 2010. Recommendation for password-based key derivation. NIST Spec. Public. 800 (2010), 132.Google ScholarGoogle Scholar
  43. Andrea Visconti, Ondrej Mosnáček, Milan Brož, and Vashek Matyáš. 2019. Examining PBKDF2 security margin—Case study of LUKS. J. Inf. Sec. Applic. 46 (2019), 296–306.Google ScholarGoogle Scholar
  44. Penghong Wang, Jianrou Huang, Zhihua Cui, Liping Xie, and Jinjun Chen. 2019. A Gaussian error correction multi-objective positioning model with NSGA-II. Concurr. Comput.: Pract. Exper. (2019), e5464. DOI:https://doi.org/10.1002/cpe.5464Google ScholarGoogle Scholar
  45. Jun Wu, Mianxiong Dong, Kaoru Ota, Jianhua Li, and Zhitao Guan. 2018. Big data analysis-based secure cluster management for optimized control plane in software-defined networks. IEEE Trans. Netw. Serv. Manag. 15, 1 (2018), 27–38. DOI:https://doi.org/10.1109/TNSM.2018.2799000Google ScholarGoogle ScholarCross RefCross Ref
  46. Zhenyu Zhou, Bingchen Wang, Mianxiong Dong, and Kaoru Ota. 2020. Secure and efficient vehicle-to-grid energy trading in cyber physical systems: Integration of blockchain and edge computing. IEEE Trans. Syst., Man. Cyber.: Syst. 50, 1 (2020), 43–57. DOI:https://doi.org/10.1109/TSMC.2019.2896323Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. A Novel Memory-hard Password Hashing Scheme for Blockchain-based Cyber-physical Systems

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Internet Technology
        ACM Transactions on Internet Technology  Volume 21, Issue 2
        June 2021
        599 pages
        ISSN:1533-5399
        EISSN:1557-6051
        DOI:10.1145/3453144
        • Editor:
        • Ling Liu
        Issue’s Table of Contents

        Copyright © 2021 Association for Computing Machinery.

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 8 March 2021
        • Accepted: 1 June 2020
        • Revised: 1 April 2020
        • Received: 1 November 2019
        Published in toit Volume 21, Issue 2

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format .

      View HTML Format
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!