Article: Dynamic key password authentication Journal: International Journal of Security and Networks (IJSN) 2019 Vol.14 No.2 pp.78 - 85 Abstract: Passwords still remain the most popular method of user authentication. Passwords appear to be the easiest way of registration and logging into remote services such as websites. However, passwords also appear to be the most insecure authentication method. One of the most popular attack techniques aimed at compromising passwords is to leak their hashes directly from their storage location to be cracked offline. The paper presents an authentication method with passwords, which complicates carrying out the attacks that succeed in extracting information sufficient for password cracking. The authentication method is called dynamic key password authentication (DKAuth). The method is based on a password 'blurring' using a number of network hosts. The 'blurring' is performed by encryption of password hash with a key that is not stored anywhere. The key is divided into parts and distributed among a number of different hosts. The key is modified for every password and changes due to change of the number of hosts in the system. Storage and authentication of a dynamic key is arranged so that it can never be recovered completely, that is even assuming cracking or rearrangement of each and every host where DKAuth key data is stored, an adversary will not be able to recover hashes and will have to crack them by brute-force attack. Practical implementation of DKAuth as an authentication service for external websites demonstrated low time and computational requirements for user registration and authentication. Inderscience Publishers - linking academia, business and industry through research

Title: Dynamic key password authentication

Authors: Mikhail Styugin

Addresses: Department of Research, Reshetnev Siberian State University of Science and Technology, Krasnoyarsk, Russia

Abstract: Passwords still remain the most popular method of user authentication. Passwords appear to be the easiest way of registration and logging into remote services such as websites. However, passwords also appear to be the most insecure authentication method. One of the most popular attack techniques aimed at compromising passwords is to leak their hashes directly from their storage location to be cracked offline. The paper presents an authentication method with passwords, which complicates carrying out the attacks that succeed in extracting information sufficient for password cracking. The authentication method is called dynamic key password authentication (DKAuth). The method is based on a password 'blurring' using a number of network hosts. The 'blurring' is performed by encryption of password hash with a key that is not stored anywhere. The key is divided into parts and distributed among a number of different hosts. The key is modified for every password and changes due to change of the number of hosts in the system. Storage and authentication of a dynamic key is arranged so that it can never be recovered completely, that is even assuming cracking or rearrangement of each and every host where DKAuth key data is stored, an adversary will not be able to recover hashes and will have to crack them by brute-force attack. Practical implementation of DKAuth as an authentication service for external websites demonstrated low time and computational requirements for user registration and authentication.

Keywords: authentication; Hash functions; passwords; password storage; secret sharing.

DOI: 10.1504/IJSN.2019.100090

International Journal of Security and Networks, 2019 Vol.14 No.2, pp.78 - 85

Accepted: 19 Dec 2018
Published online: 07 Jun 2019 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Dynamic key password authentication

Keep up-to-date