Abstract

Password-Based Key Derivation Function 2 (PBKDF2) is widely used cryptographic algorithm in order to generate secure keys to a password in various occasions. For example, it is used for file encryption and implementation of authentication systems, and so on. However, the generated derived key has a lower entropy than a general cryptography key, so its use is limited. To compensate for this the number of iteration counts of PBKDF2 should be increased. As the number of repetitive tasks increases, the entropy of the derived key increases, but it takes more time to generate the derived key. We present various optimization methods of PBKDF2. The main idea of our proposed method is reducing redundant block operations and optimizing the internal process of underlying Pseudo Random Function (PRF). In other words, we integrate several redundant operations and make full use of constant values used in PBKDF2. We use two HMAC algorithms: one using SHA-2 family and one using LSH family as the PRF of PBKDF2 (SHA-2 family is the most widely used hash functions, and LSH family is the latest hash function recently developed in South Korea). With our techniques, our implementations outperform Korea Internet & Security Agency (KISA) implementation by 121.26%, 325.91%, and 231.89% for using SHA256, LSH256, and LSH512 respectively; and also outperform <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">OpenSSL</i> implementation by 39.59% using SHA512. In addition, we show that the internal process of PBKDF2 can be computed independently. With our multi thread technique, our PBKDF2 implementations outperform KISA implementation by 2,152.66%, 1,986.85%, and 1,591.36% for using SHA256, LSH256, and LSH512 respectively; and our PBKDF2-HMAC-SHA512 implementation outperforms <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">OpenSSL</i> implementation by 523.57%. With our proposed implementation techniques, higher security can be achieved with more iteration operations. Furthermore, our optimization techniques can be easily expanded to optimize the performance of PBKDF2 on GPGPU and embedded devices.

Highlights

  • The technology of cloud server and cloud computing has been continuously developed

  • We present optimization methods for HMAC-SHA-2 Family and HMAC-Lightweight Secure Hash (LSH) Family, a Pseudo Random Function (PRF) approved by Korean Cryptographic Module Validation Program (KCMVP) in Central Processing Unit (CPU) environment [5] (LSH is a lightweight hash function developed in South Korea in 2014)

  • PARALLEL OPTIMIZATION TECHNIQUE FOR Password-Based Key Derivation Function 2 (PBKDF2) we propose an optimization method that can parallelize the internal process of PBKDF2 using multithread, which can enhance the performance of the proposed PBKDF2 implementation

Read more

Summary

INTRODUCTION

The technology of cloud server and cloud computing has been continuously developed. These technologies are convenient and provide many services to users. We present optimization methods for HMAC-SHA-2 Family and HMAC-Lightweight Secure Hash (LSH) Family, a PRF approved by KCMVP in Central Processing Unit (CPU) environment [5] (LSH is a lightweight hash function developed in South Korea in 2014). By applying the multi threading method, our PBKDF2 implementation outperforms KISA implementation by 2,152.66%, 1,986.85% and 1,591.36% for using SHA256, LSH256 and LSH512; and our PBKDF2-HMAC-SHA512 implementation provides about 523.57% performance enhancement compared with the reference implementation of OpenSSL. We only proposed the PBKDF2-HMAC-SHA256 and PBKDF2-HMAC-LSH256 optimization methods. We have added a PBKDF2 performance of the enhanced level of security of the hash function and propose a parallel processing method using multi-threads; the performance of PBKDF2 applying this method is included. The security requirements of BR technique have been added

CONTRIBUTIONS The contribution of this paper is as follows:
Findings
PERFORMANCE ANALYSIS

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.