Security Analysis of MD5 Algorithm in Password Storage

2013 ◽  
Vol 347-350 ◽  
pp. 2706-2711 ◽  
Author(s):  
Mary Cindy Ah Kioon ◽  
Zhao Shun Wang ◽  
Shubra Deb Das
Keyword(s):  
Security Analysis ◽  
External Information ◽  
Security Risks ◽  
New Approach ◽  
Rainbow Table ◽  
Hashing Algorithm

Hashing algorithms are commonly used to convert passwords into hashes which theoretically cannot be deciphered. This paper analyses the security risks of the hashing algorithm MD5 in password storage and discusses different solutions, such as salts and iterative hashing. We propose a new approach to using MD5 in password storage by using external information, a calculated salt and a random key to encrypt the password before the MD5 calculation. We suggest using key stretching to make the hash calculation slower and using XOR cipher to make the final hash value impossible to find in any standard rainbow table.

scholarly journals Towards Secure Network Computing Services for Lightweight Clients Using Blockchain

2018 ◽  
Vol 2018 ◽  
pp. 1-12 ◽  
Author(s):  
Yang Xu ◽  
Guojun Wang ◽  
Jidian Yang ◽  
Ju Ren ◽  
Yaoxue Zhang ◽  
...  
Keyword(s):  
Service Providers ◽  
Security Analysis ◽  
Service Provisioning ◽  
Network Computing ◽  
Security Risks ◽  
Blockchain Technology ◽  
Computing Services ◽  
Viable Solution ◽  
Secure Network ◽  
Iot Devices

The emerging network computing technologies have significantly extended the abilities of the resource-constrained IoT devices through the network-based service sharing techniques. However, such a flexible and scalable service provisioning paradigm brings increased security risks to terminals due to the untrustworthy exogenous service codes loading from the open network. Many existing security approaches are unsuitable for IoT environments due to the high difficulty of maintenance or the dependencies upon extra resources like specific hardware. Fortunately, the rise of blockchain technology has facilitated the development of service sharing methods and, at the same time, it appears a viable solution to numerous security problems. In this paper, we propose a novel blockchain-based secure service provisioning mechanism for protecting lightweight clients from insecure services in network computing scenarios. We introduce the blockchain to maintain all the validity states of the off-chain services and edge service providers for the IoT terminals to help them get rid of untrusted or discarded services through provider identification and service verification. In addition, we take advantage of smart contracts which can be triggered by the lightweight clients to help them check the validities of service providers and service codes according to the on-chain transactions, thereby reducing the direct overhead on the IoT devices. Moreover, the adoptions of the consortium blockchain and the proof of authority consensus mechanism also help to achieve a high throughput. The theoretical security analysis and evaluation results show that our approach helps the lightweight clients get rid of untrusted edge service providers and insecure services effectively with acceptable latency and affordable costs.

Security Information and Event Management Implementation Guidance

2013 ◽  
pp. 94-115
Author(s):  
Yushi Shen ◽  
Yale Li ◽  
Ling Wu ◽  
Shaofeng Liu ◽  
Qian Wen
Keyword(s):  
Information Security ◽  
Security Analysis ◽  
The United States ◽  
Professional Judgment ◽  
Event Management ◽  
Security Risks ◽  
Customer Information ◽  
Simple Step ◽  
Security Information ◽  
Security As A Service

This chapter is about guidance and implementation prepared by the Cloud Security Alliance (CSA) Security as a Service (SecaaS) workgroup, which is made up of users and practitioners in the field of information security. In preparing this implementation guide, input has been sought from experts throughout Europe, the Middle East, and the United States. A lot of professional judgment and experience are applied in the architecture, engineering, and implementation of a Security Information and Event Management (SIEM) guide to ensure that it logs the information necessary to successfully increase visibility and remove ambiguity, surrounding the security events and risks that an organization faces. By providing SIEM as a service under SecaaS, the provider has to be able to accept log and event information, customer information and event feeds, and conduct information security analysis, correlation, and support incident response. By providing flexible real-time access to SIEM information, it allows the party consuming the SIEM service to identify threats acting against their environment cloud. This identification then allows for the appropriate action and response to be taken to protect or mitigate the threat. The simple step of increasing visibility and removing ambiguity is a powerful tool to understanding the information security risks that an organization is facing.

On Assessing Risk Assessments and Situating Security Advice: The Unsettling Quest for ‘Security Expertise’

2020 ◽  
pp. 127-142
Author(s):  
Judith Verweijen
Keyword(s):  
Democratic Republic ◽  
Security Analysis ◽  
Risk Assessments ◽  
Security Risks ◽  
Potential Harm ◽  
Republic Of The Congo ◽  
Security Advice

This chapter tackles the challenges of security in violent research contexts. It offers in-depth insights into how Judith Verwejien assessed security risks when she researched micro-dynamics of conflict in the eastern part of the Democratic Republic of the Congo (DRC). It also details practical forms of preparation for potential harm and how to avoid it, such as analyzing patterns of kidnappings or imaging an ambush and practising how to behave in such a situation. The chapter shows that the combination of good security analysis and realistic preparations can help minimize risks even in a highly violent context such as eastern DRC. It also analyzes what counts as knowledge on security dynamics and how does this knowledge translate into guidelines for action.

scholarly journals MBSEsec: Model-Based Systems Engineering Method for Creating Secure Systems

2020 ◽  
Vol 10 (7) ◽  
pp. 2574 ◽  
Author(s):  
Donatas Mažeika ◽  
Rimantas Butleris
Keyword(s):  
Systems Engineering ◽  
Impact Analysis ◽  
Early Stage ◽  
System Development ◽  
Security Analysis ◽  
Security Requirements ◽  
Security Risks ◽  
Secure Systems ◽  
Model Based ◽  
Analysis Process

This paper presents how Model-Based System Engineering (MBSE) could be leveraged in order to mitigate security risks at an early stage of system development. Primarily, MBSE was used to manage complex engineering projects in terms of system requirements, design, analysis, verification, and validation activities, leaving security aspects aside. However, previous research showed that security requirements and risks could be tackled in the MBSE model, and powerful MBSE tools such as simulation, change impact analysis, automated document generation, validation, and verification could be successfully reused in the multidisciplinary field. This article analyzes various security-related techniques and then clarifies how these techniques can be represented in the Systems Modeling Language (SysML) model and then further exploited with MBSE tools. The paper introduces the MBSEsec method, which gives guidelines for the security analysis process, the SysML/UML-based security profile, and recommendations on what security technique is needed at each security process phase. The MBSEsec method was verified by creating an application case study that reflects real-world problems and running an experiment where systems and security engineers evaluated the feasibility of our approach.

Security Analysis Method of Recognition-Based Graphical Password

2015 ◽  
Vol 72 (5) ◽  
Author(s):  
Touraj Khodadadi ◽  
Mojtaba Alizadeh ◽  
Somayyeh Gholizadeh ◽  
Mazdak Zamani ◽  
Mahdi Darvishi
Keyword(s):  
Security Analysis ◽  
Security Level ◽  
Analysis Method ◽  
New Approach ◽  
Graphical Password ◽  
Graphical Passwords ◽  
Authentication System

One of the most important primitive security mechanisms is the authentication system. Authentication through the use of password is a commonly utilized mechanism for authentication of users. In general, users utilize characters as their password; however, passwords based on texts are hard to recall and if the passwords are too simple and predictable, then there is the danger of being susceptible to threats. In order to overcome the problems with authentication, an alternative and new approach has been introduced utilizing images for passwords. The idea gains support from the knowledge that the human’s brain is highly capable of remembering many detailed images, however remembering texts are more difficult. Users who utilize the graphic authentication carry out certain functions on the images such as to click, drag, and movement of the mouse and so on. This research reviews several common Recognition-Based graphical password methods and analyzes their security based on the estimation criteria. Moreover, the research defines a metric that would make it possible for the analysis of the security level of the graphical passwords that are Recognition-Based. Finally, a table comparing the limits of each method based on the security level is presented. 

scholarly journals A Secure and Efficient Multi-Factor Authentication Algorithm for Mobile Money Applications

2021 ◽  
Vol 13 (12) ◽  
pp. 299
Author(s):  
Guma Ali ◽  
Mussa Ally Dida ◽  
Anael Elikana Sam
Keyword(s):  
Security Analysis ◽  
Public Key Cryptography ◽  
Personal Identification ◽  
Qr Code ◽  
Security Attacks ◽  
Mobile Money ◽  
Novel Approach ◽  
Overall Performance ◽  
One Time Password ◽  
Hashing Algorithm

With the expansion of smartphone and financial technologies (FinTech), mobile money emerged to improve financial inclusion in many developing nations. The majority of the mobile money schemes used in these nations implement two-factor authentication (2FA) as the only means of verifying mobile money users. These 2FA schemes are vulnerable to numerous security attacks because they only use a personal identification number (PIN) and subscriber identity module (SIM). This study aims to develop a secure and efficient multi-factor authentication algorithm for mobile money applications. It uses a novel approach combining PIN, a one-time password (OTP), and a biometric fingerprint to enforce extra security during mobile money authentication. It also uses a biometric fingerprint and quick response (QR) code to confirm mobile money withdrawal. The security of the PIN and OTP is enforced by using secure hashing algorithm-256 (SHA-256), a biometric fingerprint by Fast IDentity Online (FIDO) that uses a standard public key cryptography technique (RSA), and Fernet encryption to secure a QR code and the records in the databases. The evolutionary prototyping model was adopted when developing the native mobile money application prototypes to prove that the algorithm is feasible and provides a higher degree of security. The developed applications were tested, and a detailed security analysis was conducted. The results show that the proposed algorithm is secure, efficient, and highly effective against the various threat models. It also offers secure and efficient authentication and ensures data confidentiality, integrity, non-repudiation, user anonymity, and privacy. The performance analysis indicates that it achieves better overall performance compared with the existing mobile money systems.

Emerging Discourses on Security—From ‘Traditional’ to ‘Worldly’ and Beyond: An Innovative Indian Perspective

2018 ◽  
Vol 4 (2) ◽  
pp. 177-194
Author(s):  
Narottam Gaan
Keyword(s):  
Security Analysis ◽  
Modern Science ◽  
The State ◽  
New Materialism ◽  
Human Beings ◽  
New Approach ◽  
Security Models ◽  
Human Material ◽  
Living Material ◽  
Indian Perspective

In the traditional conceptualisation of security, human beings remain predominantly at the centre stage claiming all privileges of military apparatus of the state by virtue of being ‘superior’ to all other living forms. Realist and neo-realist conceptualisations of the state see human kind as the sole reference point and subject of security. It is argued that the security of the state impregnates the individuals against all kinds of threats from the outside ‘other’. With the emergence of non-traditional security paradigms and the broadening of the ambit of security to bring human beings directly to the mainstream, and include non-human material beings, the new materialism and worldly approaches obtain a different kind of prominence in the canon of security analysis. In this new approach, we can find the conceptualisation of ‘being together’ of human beings, other non-human living forms and the non-living material world being part of one whole world. This so-called ‘worldly approach’, articulates and emphasizes the realisation and feeling of human beings for the ‘other’, but falls short of suggesting any means by which human beings could expand themselves to include all-living and non-living forms to create new security models. This article analyses the relevance and applicability of ancient Indian wisdom substantiated by modern science to the analysis of state security.

scholarly journals Running ALICE Grid Jobs in Containers A new approach to job execution for the next generation ALICE Grid framework

2020 ◽  
Vol 245 ◽  
pp. 07052
Author(s):  
Maxim Storetvedt ◽  
Latchezar Betev ◽  
Håvard Helstrup ◽  
Kristin Fanebust Hetland ◽  
Bjarte Kileng
Keyword(s):  
High Performance ◽  
Next Generation ◽  
Security Risks ◽  
Alice Experiment ◽  
Reliable Communication ◽  
New Approach ◽  
High Scalability ◽  
New Framework

The new JAliEn (Java ALICE Environment) middleware is a Grid framework designed to satisfy the needs of the ALICE experiment for the LHC Run 3, such as providing a high-performance and high-scalability service to cope with the increased volumes of collected data. This new framework also introduces a split, two-layered job pilot, creating a new approach to how jobs are handled and executed within the Grid. Each layer runs on a separate JVM, with a separate authentication token, allowing for a finer control of permissions and improved isolation of the payload. Having these separate layers also allows for the execution of job payloads within containers. This allows for the further strengthening of isolation and creates a cohesive environment across computing sites, while avoiding the resource overhead associated with traditional virtualisation. This contribution presents the architecture of the new split job pilot found in JAliEn, and the methods used to achieve the execution of Grid jobs while maintaining reliable communication between layers. Specifically, how this is achieved despite the possibility of a layer being run in a separate container, while retaining isolation and mitigating possible security risks. Furthermore, we discuss how the implementation remains agnostic to the choice of container platform, allowing it to run within popular platforms such as Singularity and Docker.

scholarly journals RoundPIN: Shoulder Surfing Resistance for PIN Entry with Randomize Keypad

2021 ◽  
Vol 11 (6) ◽  
pp. 697-702
Author(s):  
Seerwan Waleed Jirjees ◽  
Ahmed Raoof Nasser ◽  
Ali Majeed Mahmood
Keyword(s):  
Performance Evaluation ◽  
Pilot Study ◽  
User Satisfaction ◽  
Selection Process ◽  
Security Analysis ◽  
Acceptable Level ◽  
New Approach ◽  
Shoulder Surfing ◽  
High Level

The security of a PIN is largely supported by the authentication process in ATM. Most authentication methods like traditional are based on using PIN as direct entry and this technique has been shown lots of drawbacks such as vulnerability to password space, and shoulder-surfing. In this paper, a new approach is proposed called RoundPIN depends on the appearance of the numerical password through one of the buttons after selecting it by the user and it is done through a number of rounds, the numbers are arranged randomly on the keypad. Due to the variable aspect of the chosen button and the random appearance of the numbers in each connection session and also the selection process will take place through three buttons three auxiliary, the proposed approach can maintain high secure session to enter the PIN to resist shoulder surfing, which is difficult for attackers to observe a user's PIN. The performance evaluation of the proposed approach is achieved in two parts, the first one is based on security analysis. Then a pilot study of thirty users is conducted to evaluate the useability of the proposed approach. It is noticed that the proposed approach can maintain a high level of security as well as acceptable level of useability and user satisfaction compared the conventional keypad system.

Sign in / Sign up

Export Citation Format

Share Document