Work place: Department of Information Technology, GITAM, Rushikonda, Visakhapatnam-45, AP, INDIA
E-mail: gvsrajkumar@gmail.com
Website:
Research Interests: Computer systems and computational processes, Computer Architecture and Organization, Computer Networks, Network Architecture, Network Security, Image Processing, Formal Methods, Cellular Automata, Formal Languages
Biography
Dr. GVS Raj Kumar is an Associate Professor working in the Department of Information Technology, GITAM, Rushikonda, Visakhapatnam-45, Andhra Pradesh, India. He got his PhD from Andhra University, Visakhapatnam. His subjects of specialisation are Image Processing, Network Security, Formal Languages, Automata Theory and Computer Networks. He has published many research papers in national and international journals and presented research articles in national and international conferences.
DOI: https://doi.org/10.5815/ijcnis.2018.05.03, Pub. Date: 8 May 2018
Providing security to mobile devices by means of password authentication using robust cryptographic techniques is vitally important today, because they protect sensitive data. Especially for pattern locking systems of Android, there is a lack of security awareness in the people about various pre-computation attacks such as dictionary attacks, rainbow tables and brute-forcing. Hash functions such as SHA-1 are not secure for pattern authentication, because they suffer from dictionary attacks. The latest OS versions of Android such as Marshmallow make use of salted hash functions for pattern locks, but they do need additional hardware support such as TEE (Trusted Execution Environment) and a Gatekeeper function. If random salts are used for pattern passwords, they are also vulnerable, because the stored salt may be compromised and consequently the passwords can be speculated using brute-forcing. To avoid such a security breaches on pattern passwords, many methodologies have been proposed so far such as an elliptic curve based salt generation techniques. But security is never easy to obtain 100%. The attacker may perform brute-forcing successfully on pattern password hashes by gaining some information about the application. Brute-forcing becomes harder always by using longer salts and passwords and by stretching the execution time of hash generation. Therefore the current research addresses these difficulties and finds a solution to these problems by extending the existing salt generation scheme, by generating a dynamic 128-bit pepper (or a long salt) value for SHA-1 hashes to avoid such attacks without using an added hardware, for mobile computers using elliptic curves. The current scheme employs genetic algorithms to generate the pepper and finally makes brute-forcing even harder for the cryptanalysts. A comparison of this new hashing technique, with the existing techniques such as SHA-1 and salted SHA-1 with respect to brute-force analysis, Strict Avalanche Criterion and execution times is also presented in this paper.
[...] Read more.Subscribe to receive issue release notifications and newsletters from MECS Press journals