research-article

A Novel Memory-hard Password Hashing Scheme for Blockchain-based Cyber-physical Systems

Authors:

Jinjun ChenAuthors Info & Claims

ACM Transactions on Internet Technology (TOIT), Volume 21, Issue 2

Article No.: 42, Pages 1 - 21

https://doi.org/10.1145/3408310

Published: 08 March 2021 Publication History

Abstract

There has been an increasing interest of integrating blockchain into cyber-physical systems (CPS). The design of password hashing schemes (PHSs) is in the core of blockchain security. However, no existing PHS seems to meet both the requirements of sufficient security and small code size for blockchain-based CPSs. In this article, a novel memory-hard PHS based on the classic PBKDF2 is proposed. Evaluation results show that the proposed scheme is promising for blockchain-based CPS, as it manages to provide enhanced security in comparison to PBKDF2 with limited increase in code size.

References

[1]

Arogyalokesh. 2018. Understanding the Blockchain. Retrieved from https://mindmajix.com/understanding-the-blockchain.

[2]

1password support team. 2019. How PBKDF2 strengthens your Master Password. Retrieved from https://support.1password.com/pbkdf2/.

[3]

Dmitry Khovratovich Alex Biryukov. 2015. Argon2. Retrieved from https://www.password-hashing.net/submissions/specs/Argon-v3.pdf.

[4]

Roman Beck. 2018. Beyond bitcoin: The rise of blockchain world. IEEE Comput. 51, 2 (2018), 54–58.

[5]

Daniel J. Bernstein. 2007. The Salsa20 family of stream ciphers, eSTREAM project. Retrieved from http://cr.yp.to/papers.html#salsafamily.

[6]

Alex Biryukov. 2017. Proofs of work—The engines of trust. ERCIM News 2017, 110 (2017). Retrieved from https://ercim-news.ercim.eu/en110/special/proofs-of-work-the-engines-of-trust.

[7]

Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich. 2016. Argon2: New generation of memory-hard functions for password hashing and other applications. In Proceedings of the IEEE European Symposium on Security and Privacy. IEEE, 292–302.

[8]

Xingjuan Cai, Yun Niu, Shaojin Geng, Jiangjiang Zhang, Zhihua Cui, Jianwei Li, and Jinjun Chen. 2019. An under-sampled software defect prediction method based on hybrid multi-objective cuckoo search. Concurr. Comput.: Pract. Exper. (2019), e5478.

[9]

Jiwon Choe, Tali Moreshet, R. Iris Bahar, and Maurice Herlihy. 2019. Attacking memory-hard scrypt with near-data-processing. In Proceedings of the International Symposium on Memory Systems. ACM, 33–37.

Digital Library

[10]

Omar Choudary, Felix Gröbert, and Joachim Metz. 2012. Infiltrate the vault: Security analysis and decryption of lion full disk encryption. IACR Cryptology ePrint Archive 2012 (2012), 374. Retrieved from http://eprint.iacr.org/2012/374.

[11]

Michael Crosby, Pradan Pattanayak, Sanjeev Verma, and Vignesh Kalyanaraman. 2016. Blockchain technology: Beyond bitcoin. Appl. Innov. 2 (2016), 6–10.

[12]

Mianxiong Dong, Kaoru Ota, Laurence T. Yang, Anfeng Liu, and Minyi Guo. 2016. LSCD: A low-storage clone detection protocol for cyber-physical systems. IEEE Trans. CAD Integ Circ Syst 35, 5 (2016), 712–723.

Digital Library

[13]

Levent Ertaul, Manpreet Kaur, and Venkata Arun Kumar R. Gudise. 2016. Implementation and performance analysis of PBKDF2, Bcrypt, Scrypt algorithms. In Proceedings of the International Conference on Wireless Networks (ICWN’16). 66.

[14]

Christian Forler, Stefan Lucks, and Jakob Wenzel. 2014. Memory-demanding password scrambling. In Proceedings of the 20th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT’14) 2014 (Lecture Notes in Computer Science), Palash Sarkar and Tetsu Iwata (Eds.), Vol. 8874. Springer, 289–305.

[15]

Christian Forler, Stefan Lucks, and Jakob Wenzel. 2015. The Catena Password-Scrambling Framework. Retrieved from https://www.password-hashing.net/submissions/specs/Catena-v5.pdf.

[16]

Clemens Fruhwirth. 2018. LUKS1 On-Disk Format SpecificationVersion 1.2.3. Retrieved from https://gitlab.com/cryptsetup/cryptsetup/wikis/LUKS-standard/on-disk-format.pdf.

[17]

Jairo Giraldo, David I. Urbina, Alvaro Cardenas, Junia Valente, Mustafa Amir Faisal, Justin Ruths, Nils Ole Tippenhauer, Henrik Sandberg, and Richard Candell. 2018. A survey of physics-based attack detection in cyber-physical systems. ACM Comput. Surv. 51, 4 (2018), 76:1–76:36.

Digital Library

[18]

Jeremi Gosney. 2015. Pufferfish2. Retrieved from https://github.com/epixoip/pufferfish.

[19]

Reuben Grinberg. December 9, 2011. Bitcoin: An innovative alternative digital currency. Hastings Sci. Technol. Law J. Vol. 4 (Dec. 9, 2011).

[20]

Muneeb Ul Hassan, Mubashir Husain Rehmani, and Jinjun Chen. 2019. DEAL: Differentially private auction for blockchain based microgrids energy trading. IEEE Trans. Serv. Comput. (2019), 1–1.

[21]

Muneeb Ul Hassan, Mubashir Husain Rehmani, and Jinjun Chen. 2020. Differential privacy techniques for cyber physical systems: A survey. IEEE Commun. Surv. Tutor. 22, 1 (2020), 746–789.

Digital Library

[22]

George Hatzivasilis, Ioannis Papaefstathiou, and Charalampos Manifavas. 2015. Password hashing competition—Survey and benchmark. IACR Cryptology ePrint Archive 2015 (2015), 265. Retrieved from http://eprint.iacr.org/2015/265

[23]

Wu Hongjun. 2015. POMELO: A Password Hashing Algorithm. Retrieved from https://www.password-hashing.net/submissions/specs/POMELO-v1.pdf.

[24]

Kaixing Huang, Chunjie Zhou, Yuanqing Qin, and Weixun Tu. 2020. A game-theoretic approach to cross-layer security decision-making in industrial cyber-physical systems. IEEE Trans. Industr. Electron. 67, 3 (2020), 2371–2379.

[25]

Abdulmalik Humayed, Jingqiang Lin, Fengjun Li, and Bo Luo. 2017. Cyber-physical systems security—A survey. IEEE Internet Things J. 4, 6 (2017), 1802–1831.

[26]

Marcos A. Simplicio Jr, Leonardo C. Almeida, Ewerton R. Andrade, Paulo C. F. dos Santos, and Paulo S. L. M. Barreto. 2015. The Lyra2 reference guide. Retrieved from https://www.password-hashing.net/submissions/specs/Lyra2-v3.pdf.

[27]

Burt Kaliski. 2000. PKCS #5: Password-based cryptography specification version 2.0. RFC 2898 (2000), 1–34.

[28]

Siddhartha Kumar Khaitan and James D. McCalley. 2015. Design techniques and applications of cyberphysical systems: A survey. IEEE Syst. J. 9, 2 (2015), 350–365.

[29]

Hugo Krawczyk, Mihir Bellare, and Ran Canetti. 1997. HMAC: Keyed-hashing for message authentication. RFC 2104 (1997), 1–11.

Digital Library

[30]

Xueping Liang, Sachin Shetty, Deepak K. Tosh, Juan Zhao, Danyi Li, and Jihong Liu. 2018. A reliable data provenance and privacy preservation architecture for business-driven cyber-physical systems using blockchain. Int. J. Inf. Sec. Priv. 12, 4 (2018), 68–81.

[31]

Katja Malvoni, Solar Designer, and Josip Knezovic. 2014. Are your passwords safe: Energy-efficient bcrypt cracking with low-cost parallel hardware. In Proceedings of the 8th USENIX Workshop on Offensive Technologies, Sergey Bratus and Felix “FX” Lindner (Eds.). USENIX Association. Retrieved from https://www.usenix.org/conference/woot14/workshop-program/presentation/malvani.

Digital Library

[32]

Robert Mitchell and Ing-Ray Chen. 2013. A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. 46, 4 (2013), 55:1–55:29.

Digital Library

[33]

Colin Percival. 2009. Stronger Key Derivation via Sequential Memory-hard Functions. BSDCan.

[34]

Alexander Peslyak. 2015. Escrypt—A password hashing competition submission. Retrieved from https://www.password-hashing.net/submissions/specs/yescrypt-v2.pdf.

[35]

Thomas Pornin. 2015. The MAKWA Password Hashing Function. Retrieved from https://www.password-hashing.net/submissions/specs/Makwa-v1.pdf.

[36]

Niels Provos and David Mazières. 1999. A future-adaptable password scheme. In Proceedings of the FREENIX Track: 1999 USENIX Annual Technical Conference. USENIX, 81–91. Retrieved from http://www.usenix.org/events/usenix99/provos.html.

Digital Library

[37]

Nakamoto Satoshi. 2008. Bitcoin A Peer-to-Peer Electronic Cash System. Retrieved from http://Bitcoin.Orgbitcoin.pdf.

[38]

Bruce Schneier. 1993. Description of a new variable-length key, 64-bit block cipher (Blowfish). In Proceedings of the Cambridge Security Workshop: Fast Software Encryption (Lecture Notes in Computer Science), Ross J. Anderson (Ed.), Vol. 809. Springer, 191–204.

Digital Library

[39]

Lui Sha, Sathish Gopalakrishnan, Xue Liu, and Qixin Wang. 2008. Cyber-physical systems: A new frontier. In Proceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, Mukesh Singhal, Giovanna Di Marzo Serugendo, Jeffrey J. P. Tsai, Wang-Chien Lee, Kay Römer, Yu-Chee Tseng, and Han C. W. Hsiao (Eds.). IEEE Computer Society, 1–9.

Digital Library

[40]

Steven Thomas. 2014. battcrypt (Blowfish All The Things). Retrieved from https://www.password-hashing.net/submissions/specs/battcrypt-v0.pdf.

[41]

Steve Thomas. 2015. Parallel. Retrieved from https://www.password-hashing.net/submissions/specs/Parallel-v1.pdf.

[42]

Meltem Sönmez Turan, Elaine Barker, William Burr, and Lily Chen. 2010. Recommendation for password-based key derivation. NIST Spec. Public. 800 (2010), 132.

[43]

Andrea Visconti, Ondrej Mosnáček, Milan Brož, and Vashek Matyáš. 2019. Examining PBKDF2 security margin—Case study of LUKS. J. Inf. Sec. Applic. 46 (2019), 296–306.

[44]

Penghong Wang, Jianrou Huang, Zhihua Cui, Liping Xie, and Jinjun Chen. 2019. A Gaussian error correction multi-objective positioning model with NSGA-II. Concurr. Comput.: Pract. Exper. (2019), e5464.

[45]

Jun Wu, Mianxiong Dong, Kaoru Ota, Jianhua Li, and Zhitao Guan. 2018. Big data analysis-based secure cluster management for optimized control plane in software-defined networks. IEEE Trans. Netw. Serv. Manag. 15, 1 (2018), 27–38.

[46]

Zhenyu Zhou, Bingchen Wang, Mianxiong Dong, and Kaoru Ota. 2020. Secure and efficient vehicle-to-grid energy trading in cyber physical systems: Integration of blockchain and edge computing. IEEE Trans. Syst., Man. Cyber.: Syst. 50, 1 (2020), 43–57.

Cited By

Jha BGarg SSinghal T(2024)Role of Blockchain Technology for User Data Security in MetaverseNew Business Frontiers in the Metaverse10.4018/979-8-3693-2422-6.ch012(174-196)Online publication date: 14-Jun-2024
https://doi.org/10.4018/979-8-3693-2422-6.ch012
Corbett MShang JJi B(2024)GazePair: Efficient Pairing of Augmented Reality Devices Using Gaze TrackingIEEE Transactions on Mobile Computing10.1109/TMC.2023.325584123:3(2407-2421)Online publication date: Mar-2024
https://doi.org/10.1109/TMC.2023.3255841
Tahlil TMovin SBhuiyan SAlahi M(2024)Gasless On-Chain Password Manager: A Comparative Analysis Across EVM-Based Platforms2024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)10.1109/ICBC59979.2024.10634380(611-614)Online publication date: 27-May-2024
https://doi.org/10.1109/ICBC59979.2024.10634380
Show More Cited By

Index Terms

A Novel Memory-hard Password Hashing Scheme for Blockchain-based Cyber-physical Systems
1. Security and privacy
  1. Cryptography
    1. Key management
    2. Symmetric cryptography and hash functions
      1. Hash functions and message authentication codes

Recommendations

Blockchain Enabled Cyber-Physical Society Framework
Abstract
Blockchain is a disrupting technology that is transforming the technological ecosystem that drives and governs the transactions. Establishing the distributed trust in the cyber-physical society without any intermediaries has the potential to ...
Design Patterns for Cyber-Physical Systems: The Case of a Robotic Greenhouse
SBESC '11: Proceedings of the 2011 Brazilian Symposium on Computing System Engineering

Cyber-physical systems (CPS) are a new discipline of research that involves electrical engineering, electronics, computer science, control and communications interacting with physical processes. This leads to a co-managed domain where both worlds (cyber ...
A Flexible Instant Payment System Based on Blockchain
Information Security and Privacy
Abstract
Improving the throughput of blockchain systems such as Bitcoin and Ethereum has been an important research problem. Off-chain payments are one of the most promising technologies to tackle this challenge. Once a payment channel, however, is ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet Technology

ACM Transactions on Internet Technology Volume 21, Issue 2

June 2021

599 pages

ISSN:1533-5399

EISSN:1557-6051

DOI:10.1145/3453144

Editor:
Ling Liu
Georgia Institute of Technology, USA

Issue’s Table of Contents

Copyright © 2021 Association for Computing Machinery.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 March 2021

Accepted: 01 June 2020

Revised: 01 April 2020

Received: 01 November 2019

Published in TOIT Volume 21, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Refereed

Funding Sources

National Science Foundation of Fujian Province of China
National Natural Science Foundation of China (NSFC)

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
260
Total Downloads

Downloads (Last 12 months)34
Downloads (Last 6 weeks)1

Reflects downloads up to 23 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jha BGarg SSinghal T(2024)Role of Blockchain Technology for User Data Security in MetaverseNew Business Frontiers in the Metaverse10.4018/979-8-3693-2422-6.ch012(174-196)Online publication date: 14-Jun-2024
https://doi.org/10.4018/979-8-3693-2422-6.ch012
Corbett MShang JJi B(2024)GazePair: Efficient Pairing of Augmented Reality Devices Using Gaze TrackingIEEE Transactions on Mobile Computing10.1109/TMC.2023.325584123:3(2407-2421)Online publication date: Mar-2024
https://doi.org/10.1109/TMC.2023.3255841
Tahlil TMovin SBhuiyan SAlahi M(2024)Gasless On-Chain Password Manager: A Comparative Analysis Across EVM-Based Platforms2024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)10.1109/ICBC59979.2024.10634380(611-614)Online publication date: 27-May-2024
https://doi.org/10.1109/ICBC59979.2024.10634380
Alkaeed MQayyum AQadir J(2024)Privacy preservation in Artificial Intelligence and Extended Reality (AI-XR) metaverses: A surveyJournal of Network and Computer Applications10.1016/j.jnca.2024.103989231(103989)Online publication date: Nov-2024
https://doi.org/10.1016/j.jnca.2024.103989
Kone VDhulavvagol PTotad S(2024)Sharding-Powered Proof of Stake (SPPS): A Scalable and Secure Solution for Blockchain in Supply Chain ManagementInnovations in Cybersecurity and Data Science10.1007/978-981-97-5791-6_54(741-757)Online publication date: 13-Dec-2024
https://doi.org/10.1007/978-981-97-5791-6_54
Sureja NSureja H(2024)Futuristic Blockchain Applications of the MetaverseUnderstanding the Metaverse10.1007/978-981-97-2278-5_10(215-237)Online publication date: 29-Aug-2024
https://doi.org/10.1007/978-981-97-2278-5_10
Mohammed SRalescu A(2023)Future Internet Architectures on an Emerging Scale—A Systematic ReviewFuture Internet10.3390/fi1505016615:5(166)Online publication date: 29-Apr-2023
https://doi.org/10.3390/fi15050166
Huynh-The TGadekallu TWang WYenduri GRanaweera PPham Qda Costa DLiyanage M(2023)Blockchain for the metaverse: A ReviewFuture Generation Computer Systems10.1016/j.future.2023.02.008143(401-419)Online publication date: Jun-2023
https://doi.org/10.1016/j.future.2023.02.008
Venugopal JSubramanian APeatchimuthu J(2023)The realm of metaverse: A surveyComputer Animation and Virtual Worlds10.1002/cav.215034:5Online publication date: 2-Mar-2023
https://doi.org/10.1002/cav.2150
Mishra SArora HParakh GKhandelwal J(2022)Contribution of Blockchain in Development of Metaverse2022 7th International Conference on Communication and Electronics Systems (ICCES)10.1109/ICCES54183.2022.9835986(845-850)Online publication date: 22-Jun-2022
https://doi.org/10.1109/ICCES54183.2022.9835986

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents