Abstract
The main goal of narrating the password-management protocol is to reduce the prevalent attacks on cyber-physical systems such as the hacking of databases of User-ID-Password pairs and side-channel analysis. The architecture uses a hash function to hash the password and user ID has weakness can help to crack the password. So, the architecture utilizes both hash function and the Addressable Physical unclonable function (PUF) Generator (APG) to authenticate clients on the network without keeping the real format of passwords in the database. The hash function and APG together are more difficult to attack because they are unclonable, have a high level of randomness, and do not depend on storing information. This paper shows a simulation prototype for how the password manager protocol can work depending on the SHA-3-512 and SRAM PUF. Furthermore, the paper shows how to encrypt the database content of password manager by using the SRAM PUF and provides a software solution of the noise of SRAM PUF to reduce the rate of false rejections for the real user and false acceptance for the not existing user.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Coates, M.: “darkreading.com,” Safely Storing User Passwords: Hashing vs. Encrypting, 4 June 2014. https://www.darkreading.com/safely-storing-user-passwords-hashing-vs-encrypting/a/d-id/1269374. Accessed 20 Dec 2018
Gordon, W.: “Life hacker,” How Your Passwords Are Stored on the Internet (and When Your Password Strength Doesn’t Matter), 20 June 2012. https://lifehacker.com/how-your-passwords-are-stored-on-the-internet-and-when-5919918. Accessed 28 Aug 2018
Higgins, K.J.: Dark reading, 8 May 2008. https://www.darkreading.com/risk/hackers-choice-top-six-database-attacks/d/d-id/1129481. Accessed 25 Oct 2018
Cambou, B.: Physically unclonable function based password generation scheme. United States of America Patent D2016-011, September 2016
Cambou, B.: Addressabke PUF generators for database-free password management system. In: Advances in Intelligent Systems and Computing, Flagstaff (2018)
Cambou, B.: Password manager combining hashing functions and ternary PUFs. In: Intelligent Computing-Proceedings of the Computing Conference. Springer, Cham (2019)
Mohammadinodoushan, M., Cambou, B., Philabaum, C., Hely, D., Booher, D.: Implementation of password management system using ternary addressable PUF generator. In: IEEE SECON 2019: IEEE STP-CPS Workshop, June 2019, to appear
Assiri, S., Cambou, B., Booher, D.D., Miandoab, D.G., Mohammadinodoushan, M.: Key exchange using ternary system to enhance security. In: IEEE 9th Annual Computing systems and Conference (CCWC), Las Vegas (2019)
Cambou, B.F.: Encoding ternary data for PUF environments. USA Patent US20180131529A1, 09 November 2016
Booher, D.D., Cambou, B., Carlson, A.H., Philabaum, C.: Dynamic key generation for polymorphic encryption. In: IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, pp. 0482–0487 (2019)
Technology, Information Technology Laboratory National Institute of Standards and, “Team Keccak,” August 2015. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf. Accessed 12 Nov 2018
IT security community Blog: IT security community Blog, 13 September 2013. https://security.blogoverflow.com/2013/09/about-secure-password-hashing/. Accessed 22 Feb 2019
Arias, D.: auth0.com hashing passwords: one-way road to security, 25 April 2018. https://auth0.com/blog/hashing-passwords-one-way-road-to-security/. Accessed 4 Feb 2019
Keane, J.: Security researcher dumps 427 million hacked myspace passwords online, July 2016. https://www.digitaltrends.com/social-media/myspace-hack-password-dump/
Blocki, J., Harsha, B., Zhou, S.: On the economics of offline password cracking. In: IEEE Symposium on Security and Privacy (SP) (2018)
Zhang, Z., Yang, K., Hu, X., Wang, Y.: Practical anonymous password authentication and TLS with anonymous client authentication. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1179–1191. ACM (2016)
Tsai, J.-L.: Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput. Secur. 27(3–4), 115–121 (2008)
Balakrishnan, H., Popa, R.A., Zeldovich, N.: Methods and apparatus for securing a database. USA Patent US13/357,988, 25 January 2012
Gabel, D., Liard, B., Orzechowski, D.: Cyber risk: why cyber security is important, 1 July 2015. https://www.whitecase.com/publications/insight/cyber-risk-why-cyber-security-important
Bob, R., Phil, H., Walt, S., Bill, W.: “OUCH!,” SANS, October 2013. https://www.phas.ubc.ca/sites/default/files/shared/it-service-catalogue/ouch/ouch-201310_en.pdf. Accessed 5 Oct 2018
Cambou, B., Afghah, F., Sonderegger, D., Taggart, J., Barnaby, H., Kozicki, A.M.: Ag conductive bridge RAMs for physical unclonable functions. In: 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean (2017)
Korenda, A., Afghah, F., Cambou, B.: A secret key generation scheme for internet of things using ternary-states ReRAM-based physical unclonable functions. In: Submitted to International Wireless Communications and Mobile Computing Conference (IWCMC 2018) (2018)
Cambou, B., Orlowski, M.: Design of PUFs with ReRAM and ternary states. In: CISR 2016, April 2016
Cambou, B., Afghah, F.: Physically unclonable functions with multi-states and machine learning. In: 14th International Workshop on Cryptographic Architectures Embedded in Logic Devices (CryptArchi), France (2016)
Acknowledgments
The author is thanking the contribution of several graduate students at the cyber-security lab at Northern Arizona University, in particular, Christopher Philabaum, Vince Rodriguez, Ian Burke, and Dina Ghanaimiandoab. Also, the author is thanking the contribution of Jazan University.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Assiri, S., Cambou, B., Booher, D.D., Mohammadinodoushan, M. (2020). Software Implementation of a SRAM PUF-Based Password Manager. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Intelligent Computing. SAI 2020. Advances in Intelligent Systems and Computing, vol 1230. Springer, Cham. https://doi.org/10.1007/978-3-030-52243-8_26
Download citation
DOI: https://doi.org/10.1007/978-3-030-52243-8_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-52242-1
Online ISBN: 978-3-030-52243-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)