Homomorphic Password Manager Using Multiple-Hash with PUF

Sareh Assiri, Bertrand Cambou

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In the proposed homomorphic methods, the server authenticates clients without ever knowing their passwords. During enrollment, the users subject their passwords to multiple hashing cycles, typically 1000 times, and communicate the resulting message digests to the server. Rather than storing these message digests, the server uses them to find addresses in the physical unclonable functions, which generate data streams that are stored for future authentication. The authentication cycles use the following steps: i) The users hash their passwords multiple times, at levels lower than the one used during enrollment; ii) The server generates data streams from the physical elements at the address extracted from the message digest and compares it to the data streams stored during enrollment, and iii) The server reiterates the previous step by incrementally hashing the resulting message digest to find a match, or it rejects the password. During subsequent authentication cycles, the users again hash their passwords multiple times, but at levels lower than the ones used during the previous cycles. Thereby it becomes pointless for third parties to intercept previously hashed passwords; they are never used twice. Hacking a database containing the data streams extracted from the physical unclonable functions during enrollment is also pointless without also having access to the devices. In this entire homomorphic protocol, the users are the only ones who know their passwords. This paper presents a prototype demonstrating the functionality of an example of a homomorphic password manager protocol with SHA-3–512 hashing algorithm exploiting the physical randomness of static random-access memories.

Original languageEnglish (US)
Title of host publicationAdvances in Information and Communication - Proceedings of the 2021 Future of Information and Communication Conference, FICC
EditorsKohei Arai
PublisherSpringer Science and Business Media Deutschland GmbH
Pages772-792
Number of pages21
ISBN (Print)9783030730994
DOIs
StatePublished - 2021
EventFuture of Information and Communication Conference, FICC 2021 - Virtual, Online
Duration: Apr 29 2021Apr 30 2021

Publication series

NameAdvances in Intelligent Systems and Computing
Volume1363 AISC
ISSN (Print)2194-5357
ISSN (Electronic)2194-5365

Conference

ConferenceFuture of Information and Communication Conference, FICC 2021
CityVirtual, Online
Period4/29/214/30/21

Keywords

  • Authentication
  • Hash function
  • Homomorphy
  • Password management
  • Physical unclonable function

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Homomorphic Password Manager Using Multiple-Hash with PUF'. Together they form a unique fingerprint.

Cite this