Optimization of PBKDF2-HMAC-SHA256 and PBKDF2-HMAC-LSH256 in CPU Environments

Choi, Hojin; Seo, Seog Chung

doi:10.1007/978-3-030-65299-9_24

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12583))

Included in the following conference series:

International Conference on Information Security Applications

711 Accesses
2 Citations

Abstract

Password-Based Key-Derivation Function 2 (PBKDF2) is commonly employed to derive secure keys from a password in real life such as file encryption and implementation of authentication systems. Nevertheless, owing to the limited entropy of the password, the security of the generated keys is lower than that of the normally generated keys. To address this, issue increase the number of iterative operations during the PBKDF2 may increase. However, the higher the number of iterative operations, the more time it takes to generate the key. This paper presents various techniques for optimizing the performance of PBKDF2. The main idea of our proposed methods is to reduce redundant block operations and to optimize Pseudo Random Function (PRF) itself by combining operations and making full use of fixed values within PBKDF2. As the underlying hash function in PRF, we utilize two algorithms: Hash-based Message Authentication Code-Secure Hash Algorithm 256 (HMAC-SHA256) and HMAC-Lightweight Secure Hash 256 (HMAC-LSH256) (SHA256 is the most widely used hash function and LSH256 was recently developed hash function in South Korea). With the proposed techniques, the proposed implementation of PBKDF2-HMAC-SHA256 provides a performance enhancement of about 135.27% over the reference implementation provided by Korea Internet & Security Agency (KISA) and about 80.21% over OpenSSL. Concerning PBKDF2-HMAC-LSH256, the proposed implementation provides a huge performance enhancement of about 330.48% over the reference implementation provided by KISA. With the proposed implementation, more iteration operations can be possible for higher security. Furthermore, we can use the proposed techniques to optimize PBKDF2 performance on embedded MCUs.

This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. 2019R1F1A1058494).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Kim, D.-C., Hong, D., Lee, J.-K., Kim, W.-H., Kwon, D.: LSH: a new fast secure hash function family. In: Lee, J., Kim, J. (eds.) ICISC 2014. LNCS, vol. 8949, pp. 286–313. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15943-0_18
Chapter Google Scholar
RFC2898.: PKCS #5 : Password-Based Cryptography Specification Version 2.0. https://dl.acm.org/doi/book/10.17487/RFC2898
RFC8018.: PKCS #5 : Password-Based Cryptography Specification Version 2.1. http://www.rfc-editor.org/info/rfc8018
Visconti, A., Gorla, F.: Exploiting an HMAC-SHA-1 optimization to speed up PBKDF2. In: IEEE Transactions on Dependable and Secure Computing (Early Access). https://ieeexplore.ieee.org/document/8514806
Iuorio, A.F., Visconti, A.: Understanding optimizations and measuring performances of PBKDF2. In: Woungang, I., Dhurandher, S.K. (eds.) WIDECOM 2018. LNDECT, vol. 27, pp. 101–114. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-11437-4_8
Chapter Google Scholar
Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 570–596. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_19
Chapter Google Scholar
FIPS PUB 180–4.: Secure Hash Standard (SHS). https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
NIST: Special Publication 800–132, Recommendation for Password-Based Key Derivation Part 1: Storage Applications. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf
NIST: Research Results on SHA-1 Collisions. https://csrc.nist.gov/News/2017/Research-Results-on-SHA-1-Collisions
Steube, J.: Optimising computation of hash-algorithms as an attacker. https://hashcat.net/events/p13/js-ocohaaaa.pdf
Korea Internet & Security Agency (KISA): KISA-SHA256 Open Source Code. https://seed.kisa.or.kr/kisa/Board/21/detailView.do
Korea Internet & Security Agency (KISA): KISA-LSH256 Open Source Code. https://seed.kisa.or.kr/kisa/Board/22/detailView.do
OpenSSL: OpenSSL 1.1.1d version. https://www.openssl.org/source/old/1.1.1/openssl-1.1.1d.tar.gz
The List of Approved Cryptographic Algorithm List. https://www.nis.go.kr:4016/AF/1_7_3_2.do

Download references

Author information

Authors and Affiliations

Department of Information Security, Cryptology, and Mathematics, Kookmin University, Seoul, South Korea
Hojin Choi & Seog Chung Seo

Authors

Hojin Choi
View author publications
You can also search for this author in PubMed Google Scholar
Seog Chung Seo
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Seog Chung Seo .

Editor information

Editors and Affiliations

Soonchunhyang University, Asan, Korea (Republic of)
Ilsun You

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Choi, H., Seo, S.C. (2020). Optimization of PBKDF2-HMAC-SHA256 and PBKDF2-HMAC-LSH256 in CPU Environments. In: You, I. (eds) Information Security Applications. WISA 2020. Lecture Notes in Computer Science(), vol 12583. Springer, Cham. https://doi.org/10.1007/978-3-030-65299-9_24

Download citation

DOI: https://doi.org/10.1007/978-3-030-65299-9_24
Published: 09 December 2020
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65298-2
Online ISBN: 978-3-030-65299-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics