Bh Padma

Work place: Department Computer Applications, Gayatri Vidya Parishad College for PG Courses, Rushikonda, Visakhapatnam-45, AP, INDIA

E-mail: padma.bhogaraju@gmail.com

Website:

Research Interests: Hardware Security, Information Security, Network Architecture, Network Security

Biography

Bh Padma is working as a Senior Assistant Professor in the Department of Computer Applications, Gayatri Vidya Parishad College for Degree and PG Courses, Rushikonda, Visakhapatnam, Andhra Pradesh, India. She obtained her Master of Technology Degree from Jawaharlal Nehru Technological University, Kakinada and pursuing her PhD from GITAM. She has publications in many refereed journals and conferences that include Cryptography and Network Security.

Author Articles
A Novel Approach to Thwart Security Attacks on Mobile Pattern Authentication Systems

By Bh Padma GVS Raj Kumar

DOI: https://doi.org/10.5815/ijcnis.2018.05.03, Pub. Date: 8 May 2018

Providing security to mobile devices by means of password authentication using robust cryptographic techniques is vitally important today, because they protect sensitive data. Especially for pattern locking systems of Android, there is a lack of security awareness in the people about various pre-computation attacks such as dictionary attacks, rainbow tables and brute-forcing. Hash functions such as SHA-1 are not secure for pattern authentication, because they suffer from dictionary attacks. The latest OS versions of Android such as Marshmallow make use of salted hash functions for pattern locks, but they do need additional hardware support such as TEE (Trusted Execution Environment) and a Gatekeeper function. If random salts are used for pattern passwords, they are also vulnerable, because the stored salt may be compromised and consequently the passwords can be speculated using brute-forcing. To avoid such a security breaches on pattern passwords, many methodologies have been proposed so far such as an elliptic curve based salt generation techniques. But security is never easy to obtain 100%. The attacker may perform brute-forcing successfully on pattern password hashes by gaining some information about the application. Brute-forcing becomes harder always by using longer salts and passwords and by stretching the execution time of hash generation. Therefore the current research addresses these difficulties and finds a solution to these problems by extending the existing salt generation scheme, by generating a dynamic 128-bit pepper (or a long salt) value for SHA-1 hashes to avoid such attacks without using an added hardware, for mobile computers using elliptic curves. The current scheme employs genetic algorithms to generate the pepper and finally makes brute-forcing even harder for the cryptanalysts. A comparison of this new hashing technique, with the existing techniques such as SHA-1 and salted SHA-1 with respect to brute-force analysis, Strict Avalanche Criterion and execution times is also presented in this paper.

[...] Read more.
Other Articles