Picpass Algorithm for Solution of Key Exchange Problem in Symmetric and Asymmetric Key Cryptography

In this dissertation a PicPass algorithm is proposed for the solution of Key Exchange problem using Symmetric and Asymmetric key cryptography. Diffie and Hellman proposed an algorithm for key exchange. But this algorithm suffers from Man-in middle attack. So to overcome this problem Seo proposed another algorithm that uses text password for the agreement between two parties. But again the password suffers from offline dictionary attack. In this, a PicPass Protocol i.e. picture is used as a password to make an agreement between two parties. The protocol contains two function i.e. picture function as well as distortion function is used to make picture in a compact size and then it is sent to receiver. Firstly the sender encrypts the Plain Text using Secret Picture and creates the Cipher Text using Symmetric key cryptography.Then the Secret Picture will be encrypted by covered picture resulting into Encrypted Picture.Now the Cipher Text and Encrypted Picture will be placed into digital envolpe and then the envelope will be send to the receiver. The receiver will receive the digital envelope, open it and then decrypt the Encrypted Picture using his Key Picture. This will result the receiver to get the Secret Picture. Now the receiver will open the Cipher Text using the Secret Picture and get the Plain Text. In between if any person wants to predict the Encrypted Picture then he cannot guess as the picture will only be decrypted using the Secret Key which will be only with the receiver. So in this dissertation, a picture is used as a password to authenticate key exchange is that gives practical solution against offline dictionary attacks only by using both private and public key cryptography.

An Implementation of Picpass Algorithm for the Solution of Key Exchange Problem

In this dissertation a PicPass algorithm is proposed for the solution of Key Exchange problem using Symmetric and Asymmetric key cryptography. Diffie and Hellman proposed an algorithm for key exchange. But this algorithm suffers from Man-in middle attack. So to overcome this problem Seo proposed another algorithm that uses text password for the agreement between two parties. But again the password suffers from offline dictionary attack. In this, a PicPass Protocol i.e. picture is used as a password to make an agreement between two parties. The protocol contains two function i.e. picture function as well as distortion function is used to make picture in a compact size and then it is sent to receiver. Firstly the sender encrypts the Plain Text using Secret Picture and creates the Cipher Text using Symmetric key cryptography. Then the Secret Picture will be encrypted by covered picture resulting into Encrypted Picture. Now the Cipher Text and Encrypted Picture will be placed into digital envelope and then the envelope will be send to the receiver. The receiver will receive the digital envelope, open it and then decrypt the Encrypted Picture using his Key Picture. This will result the receiver to get the Secret Picture. Now the receiver will open the Cipher Text using the Secret Picture and get the Plain Text. In between if any person wants to predict the Encrypted Picture then he cannot guess as the picture will only be decrypted using the Secret Key which will be only with the receiver. So in this dissertation, a picture is used as a password to authenticate key exchange is that gives practical solution against offline dictionary attacks only by using both private and public key cryptography.

ANALYZING PASSWORD DECRYPTION TECHNIQUES USING DICTIONARY ATTACK

To guard ourselves against a word attack or a breach, it is always important to have an awareness of the unremarkably used sorts of attacks. The most common type of attack is password guessing. Hackers can guess the passwords locally or remotely using either manually or through an automated approach. One such attack is Dictionary Attack. A dictionary attack tries to make an authentication mechanism fail by sequentially entering each word in a dictionary as a password or trying to find the decryption key of an encrypted message or document. In this paper, an empirical research on how dictionary attack works are performed. In addition to that, different techniques and approaches to the existing dictionary attacks are implemented to make the system more robust. Furthermore, a comparison of methods is performed to find which approach is better to protect the system.

A Review on Shoulder Surfing Attack in Authentication Technique using Cued Click Point (CCP)

Security important now a days. Users of primary preference to security. Authentication process provide security to the user. Authentication process of identifying the person’s identity or conforming the identity of person. There are various authentication method, but most commonly used method is textual password. Combination of alphabet and number create a secure password. But some drawbacks i.e. it easily guess by also called attacker. If it make complex then it hard to memorize. Also various attacks brute force attack, dictionary attack, social engineering attack, evesdropping, etc. of textual password graphical password system introduced. Graphical system is easy to memorize but it undergo shoulder surfing attack which big problem. any entity or person can observe users password directly or by using any device. So as an alternative Graphical Passwords are introduced to resist the Shoulder surfing attack. the above mentioned attacks the new scheme highlights cued click point (CCP), Using graphical password as input and grid lines for image point verification. This paper survey shoulder surfing attacks in graphical password approach.

Penetration Testing: Wireless Network Attacks Method on Kali Linux OS

This paper implements a wireless attack technique by cracking the password on kali Linux OS using Hashcat technique. This study identifies the security weakness, using brute-force attack for online attacking and straight attack for offline attacking. The brute-force attack is also recognized as a detailed search, where it attempts guessing the target password one password at a time until reaching the correct password, which is called a dictionary attack. then using hash algorithms to deal with MD5 hash algorithm and SHA-512 (Linux). In this article, we will learn about the various wireless attacks. These days, wireless networks are everywhere. With users being on the go like never before, having to remain stationary because of having to plug into an Ethernet cable to gain Internet access is not feasible. For this convenience, wireless connections are not as secure as Ethernet connections. In this article, we will explore various methods for manipulating wireless attacks and their techniques including several methods on Linux.

Enhancement of digital signature algorithm in bitcoin wallet

Bitcoin is a peer-to-peer electronic cash system largely used for online financial transactions. It gained popularity due to its anonymity, privacy, and comparatively low transaction cost. Its wallet heavily relies on Elliptic Curve Digital Signature Algorithm (ECDSA). Weaknesses in such algorithms can significantly affect the safety and the security of bitcoin wallets. In this paper, a secure key management wallet was designed based on several changes in the wallet parts. In the cold wallet, we employed an image-based passphrase to achieve a strong entropy source of master seed. The hot wallet, the proposed key_ Gen algorithm is modifying to the key generation step of the ECDSA that it is to generate a fresh key pair at each transaction. The final part ensures recovering all keys on both hot and cold wallets without daily backups in case of losing the wallet. The findings prove that the proposed cold wallet is resisting against a dictionary attack and overcoming the memorizing problem. The proposed hot wallet model acquires good anonymity and privacy for bitcoin users by eliminating transaction likability without additional cost. The execution time for signing a transaction of the proposed model is~70 millisecond, which is then important in the bitcoin domain.

Security Analysis on “Anonymous Authentication Scheme for Smart Home Environment with Provable Security”

As an important application of the Internet of Things, smart home has greatly facilitated our life. Since the communication channels of smart home are insecure and the transmitted data are usually sensitive, a secure and anonymous user authentication scheme is required. Numerous attempts have been taken to design such authentication schemes. Recently, Shuai et al. (Computer & Security 86(2019):132146) designed an anonymous authentication scheme for smart home using elliptic curve cryptography. They claimed that the proposed scheme is secure against various attacks and provides ideal attributes. However, we show that their scheme cannot resist inside attack and offline dictionary attack and also fails to achieve forward secrecy. Furthermore, we give some suggestions to enhance the security of the scheme. These suggestions also apply to other user authentication schemes with similar flaws.