Password-based key derivation functions (KDFs) are used to generate secure keys of arbitrary length implemented in many security-related systems. The strength of these KDFs is the ability to provide countermeasures against brute-force/dictionary attacks. One of the most implemented KDFs is PBKDF2. In order to slow attackers down, PBKDF2 uses a salt and introduces computational intensive operations based on an iterated pseudorandom function. Since passwords are widely used to protect personal data and to authenticate users to access specific resources, if an application uses a small iteration count value, the strength of PBKDF2 against attacks performed on low-cost commodity hardware may be reduced. In this paper we introduce the cryptographic algorithms involved in the key derivation process, describing the optimization techniques used to speed up PBKDF2-HMAC-SHA1 in a GPU/CPU context. Finally, a testing activity has been executed on consumer-grade hardware, and experimental results are reported.

Understanding Optimizations and Measuring Performances of PBKDF2 / A.F. Iuorio, A. Visconti (LECTURE NOTES ON DATA ENGINEERING AND COMMUNICATIONS TECHNOLOGIES). - In: 2nd International Conference on Wireless Intelligent and Distributed Environment for Communication / [a cura di] I. Woungang, S.K. Dhurandher. - [s.l] : Springer, 2019. - ISBN 9783030114367. - pp. 101-114 (( Intervento presentato al 2. convegno International Conference on Wireless Intelligent and Distributed Environment for Communication tenutosi a Toronto nel 2018 [10.1007/978-3-030-11437-4_8].

Understanding Optimizations and Measuring Performances of PBKDF2

A. Visconti
2019

Abstract

Password-based key derivation functions (KDFs) are used to generate secure keys of arbitrary length implemented in many security-related systems. The strength of these KDFs is the ability to provide countermeasures against brute-force/dictionary attacks. One of the most implemented KDFs is PBKDF2. In order to slow attackers down, PBKDF2 uses a salt and introduces computational intensive operations based on an iterated pseudorandom function. Since passwords are widely used to protect personal data and to authenticate users to access specific resources, if an application uses a small iteration count value, the strength of PBKDF2 against attacks performed on low-cost commodity hardware may be reduced. In this paper we introduce the cryptographic algorithms involved in the key derivation process, describing the optimization techniques used to speed up PBKDF2-HMAC-SHA1 in a GPU/CPU context. Finally, a testing activity has been executed on consumer-grade hardware, and experimental results are reported.
passwords; PBKDF2; HMAC-SHA1; optimizations; CPU-intensive operations; performance testing
Settore INF/01 - Informatica
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
2019-161_IACR.pdf

accesso riservato

Tipologia: Pre-print (manoscritto inviato all'editore)
Dimensione 955.09 kB
Formato Adobe PDF
955.09 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/2434/644281
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? ND
social impact