This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Abstract - In security, it has active attackers who will seek out the most remote corner of the standard. Security also depends on the weakest link where any single mistake can be fatal. Protection is the most important element to make the important data or personal belonging become securely from unauthorized access or template theft. Template theft is the unauthorized use of an image, photograph, drawing, or illustration. Renowned media has had several questions about password security, one way encryption, password hashes, password similarity, the risks of having a database hacked, and the like. For this research, one element in cryptography field was used as a template protection method called salting technique. Salting method was chose as the research topic to enhance and tighten the security by increasing the difficulty for attackers. This research was made to overcome the weaknesses of the modern shadow password system, in which password hashes and other security information is stored in a non-public file is not entirely secure. Salting will increase the challenge for hackers to find out the real password for accessing information. The development of template protection is focus on developing salting algorithm along with password hashed to secure and creating authentication scheme to display the template in one system. All the development was conducted using MATLAB program and graphical user interface as a medium of protection system.
Keywords- Template security, salting, hash function, Template Protection System (TPS), string comparison, password strengthening, authentication
Data security is the means of ensuring that data is kept safe from corruption, stolen and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal information. Protection commonly relate with password as a procedure of authorization besides the use of biometric application or identity card.
Although passwords offer the weakest level of security, they are still the most used authentication factor. This is because they can be easily memorized by humans and further used for authentications without requiring the possession of additional devices such as smart-cards, mobile phones etc. that can be used to compute one-time password or at least store randomly generated keys. The main disadvantage of passwords is their lack of entropy which makes them vulnerable against exhaustive searches over the password space. Thus, an adversary can built a dictionary of passwords and search in it for the correct one if the protocol reveals all information necessary for the verification. Even more, in some situations, when randomness is absent in hiding the password, the adversary can save some of his computational time and use pre-computed dictionaries. These attacks are more severe, as a search over a pre-computed dictionary can be done in no time by using binary search. This normal or clear text password usually is strengthening by using hash function to hiding the real password. But even though the password has been hide, the attacker still work out to find the possible password.
Even a hash-encrypted password database is not entirely secure. A hacker can compile a list of, say, the 100,000 most commonly used passwords and compute a hash function from all of them. Hackers can then get hold of user account database and compare the hashed passwords in the database with his/her own list to see what matches.
Besides that, although application like biometrics is a powerful tool against authentication and has been widely deployed in various security systems, biometric characteristics are largely immutable, resulting in permanent biometric compromise when a template is stolen. One way to attack the biometric accuracy is by stolen or duplicating the biometric templates stored in the system database. Attacks on the template can be done in such ways as below:
(i) A template can be replaced by the fraud's template or a physical imitation can be created from the template to gain unauthorized access.
(ii) The stolen template can be reused by the adversary to gain unauthorized access. A potential violence of template identifiers is cross-matching or function steal where the template identifiers are used for purposes other than the intended purpose. As an example, a fingerprint template stolen from a bank's database may be used to fake a criminal fingerprint database or crosslink to person's health records.
Generally, cryptography is the most popular algorithm to protect data securely. Cryptography is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering . Applications of cryptography include ATM cards, biometric system, computer passwords, passport database and electronic commerce. Cryptology prior to the modern age was almost synonymous with encryption, the conversion of information from a readable state to nonsense. The sender retained the ability to decrypt the information and therefore avoid unwanted persons being able to read it.
For this research, one element in cryptography field was used as a protection method that was called salting technique. Image template protection was proposed to be strengthening by adding salt key during the encryption and decryption. This is basically a random number that is stored alongside the template that was encrypted with the password. Salt can be added to the hash to prevent a collision by uniquely identifying a user's password, even if another user in the system has selected the same password. The main objectives are to develop algorithm based on salting technique for security or protection for template/images, then to analyse and validate the developed salting method embedded to the template is able to be encrypted and decrypted only when the correct inserted salted hash password and clear text password is matched.
Introduction about Cryptography
Nowadays, the best ways to protect the templates are using Cryptography and Watermarking techniques. This thesis will discussed more detail on Cryptography where the template security will be based on password enhancement to allow only authorized person to view all the information in the template. The main goals of cryptography are:
The very first and intuitive goal of cryptography is the protection of confidentiality; anyone intercepting an encrypted message must be unable to recover the original message, without having access to the ciphering key. This confidentiality feature is obtained with encryption/ decryption schemes. Encryption, for instance, is a so-called primitive of cryptography, as example, one tool of the toolbox
The second, out of the three most important features, is integrity. This is to ensure the receiver that the message is the original one and has not been modified by a malicious third-person. The integrity primitive is the so-called hash function .
The third important one is authentication. This ensures the receiver that the message is really coming from the right sender, who could not be impersonated by a malicious third-person. The integrity primitives are the so-called Message Authentication Code (MAC) function or Digital Signature when using asymmetric primitives 
This notion is close to the previous one, here the goal being to directly authenticate our interlocutor and not a message. The person is generally authenticated with a secret that he or she possesses. This identification feature is based on the so-called Challenge-Response protocol .
Several other cryptographic goals could be achieved with classical prehistoric depending on the application needs. Here is a non-comprehensive list: secrecy like at electronic voting, commitment like in online gaming, non-repudiation in financial transactions, randomness in online gaming, zero-knowledge like in online user authentication, and availability of services .
Cryptography is the art and science of encryption. At least, that is how it started out. Nowadays it is much broader, covering authentication, digital signatures, and many more straightforward security functions. Cryptography is just a small part of much larger security system. Even though it is only a small part of the security system, it is the most significant part. Cryptography is the part that has to provide access to specific subjects but not to all. This is very challenging. Most parts of the security system are like walls and fences in that they are designed to keep everybody out. In simple definition, Cryptography is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce .
Cryptology prior to the modern age was almost the same with encryption, the conversion of information from a readable state to unreadable. The sender retained the ability to decrypt the information and therefore avoid unwanted persons being able to read or view it . The primary objective of cryptography is to enable two people to communicate over an insecure channel in such a way that an adversary cannot understand what is being said. Cryptography is historically used in military and diplomatic communications and more recently few tens of years, has found application in Information Technology security. An application in IT security includes communication encryption, digital signature, and user/device authentication.
Basic Primitives of Cryptography - Hash Function
Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hashing is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using the original value. It is also used in many encryption algorithms. Hashing is a one-way function and permanent because one is not able to retrieve the message from its hash value and is ideally collision-free, in other words, two different messages cannot have the same hash value. Basically, hashing is a lossy compression function. Figure 1 shows message X was protected by hashing during the transmission to the receiver side. Hashing took place initially to convert original message to message digest form, then comparison technique was used to match the hashing at the receiving end before the message X can be read by the recipient. Adversary cannot see the original message directly and only unknown integer was appearing during the transmission.
Figure 1: The integrity channel
Some well known solutions and very much used in IT are MD5 and SHA-1. The hash is used to ensure the message reliability, since the couple (message and hash value) can't be incorrect, in theory. Beyond cryptography, hashing is a classical technique to index data in arrays and is widely used in large database management systems. The password can act likes a message and it is good to hash, becoming password hashed. Table 1 shown the list of some algorithm that is often used in cryptography:
Table 1: Cryptographic Hash Function Algorithms
(c) Salting Method on Template Protection
Salt is a random string that is concatenated with passwords before being operated on by the hash function. The salt key is then stored in the user database. Salting key makes dictionary attacks practically impossible, as an attacker would have to try out the hashes for all possible salt values. In findings, the template protection methods can be classified into two categories namely, feature transformation approach and cryptosystem (helper data method). Salting falls under the feature transformation approach as categorized in Figure 2. Apart from salting, none of the other template protection schemes require any secret information (such as a key) that must be securely stored or presented during matching.
Figure 2: Categorization of template protection schemes.
To describe the salting method more clearly, Figure 3 demonstrated how the salting is applied along the template encryption and decryption with fingerprint image used as template image as an example to protect the identification privacy.
Figure 3: Authentication mechanism when the template is protected using a salting approach.
In the feature transform method, a transformation function (F) is applied to the image template (T) and only the transformed template (F (T; K)) is stored in the database as shown in Figure 2.4. The parameters of the salting function are typically derived from a random key (K) or password . The same transformation function is applied to query features (Q) and the transformed query (F (Q; K)) is directly matched against the transformed template (F (T; K)) . In salting, F is invertible, that is, if an adversary gains access to the key and the transformed template, the user can recover the original image template (or a close approximation of it) . Hence, the security of the salting technique is actually on the confidentiality of the key or password.
(d) Salting and stretching
To squeeze the most security out of a limited-entropy password or passphrase, two techniques can be used that are salting and stretching . The first is to add a salt. This is simply a random number that is stored alongside the data that was encrypted with the password. The recommended number of bit is 256-bit salt . The next step is to stretch the password. Stretching is essentially a very long computation. Let p be the password and s be the salt. Using any cryptographically strong hash function h, then compute
K (3) will be the key to actually encrypt the data. The parameter "r" is the number of iterations in the computation and should be as large as practical . In normal use, the stretching computation has to be repeated every time a password is used. This is at a point in time where the user has just entered a password. It has probably taken several seconds to enter the password, so using 200ms for password processing is quite acceptable. The rule to choose r such that computing K from (saltkey, password) takes 200-1000ms on the user's equipment. Computers get faster over time, so r should be increasing over time as well .
The salt stops the attacker from taking advantage of an economy scale when the user is attacking a large number of passwords simultaneously. Suppose there are million users in the system, and each user stores an encrypted file that contains his/her keys. Each file encrypted with the user's stretched password. If the security creator did not use a salt, then the attacker can attack as follows: guess a password p, compute the stretched key K, and try to decrypt each of the key files using K. The stretch function only needs to be computed once for every password, and the resulting stretched key can be used in an attempt to decrypt each of the files.
This is no longer possible when the security creator add the salt to the stretching function. All the salts are random values, so each user will use a different salt value. Next the attacker needs to compute the stretching function once for each password/file combination, rather than once for each password. This is more complex for the attacker, and it comes at a very small price for the users of the system.
(e) Salted Hash Password
Authentication is important when the template is protected by password. Firstly, some definition related to this field will be elaborated based on salting. For the normal login system, users have to insert their username and password to login the system. Actually the password entered by the user is known as clear text password. This clear text is the unencrypted characters create by the user itself. Hashing is a process that follows a mathematical formula to convert a user's password or clear text into an encrypted alphanumeric value. Despite its harder-to-crack encryption, hashing has security weaknesses. Salt is a symbolic term for a random array of characters that will be attached to a password to strengthen it against hackers. Salt also can be concatenated with the hash becoming salted hashing. Salted hashing is a technique to make passwords harder to crack. It consists of adding a salt value to a password, and then hashing it.
Stored passwords for logins should be hashed and salted. Hashing is a one way mechanism to produce approximately unique value based on the given input . This is useful since the authorized user can store the hash and validate the password whenever needed without storing the actual password . The same input will always produce the same hash value which is useful for validating password logins. The weaknesses of hashing will appear when people could determine that user "A" password must be the same as user "B" password since they have the same hashed value . This can be worst and danger when the matching hashes across thousands of passwords and hackers can therefore use a common password list to start identifying passwords while their looking at system user table with thousands of records looking for hashed passwords with the same value . Thus, this can be overcome using salting which means adding a known random value to each password before hashing and form unique hashed values that can be prevented cross-referencing or dictionary attacks . Figure 4 shows the differences between hash passwords with salted hash password.
Figure 4: Comparison between only hash password and salted hash password
The software that has been used in this project is MATLAB 7.10.0 (R2010a). The first part of the research is the arrangement of the graphical user interfaces before the development of salting algorithm took place in the MATLAB GUI function. The arrangement of the graphical user interfaces means the physical layout of template protection system was created at the beginning. The GUI for template protection system was created in two versions. The version A was created for administrator and programmer usage and version B was created for the general user. Between these two versions does not have so much differences, the thing that make it different is on the display of the generated salted hash password and some information about the logical data type comparison. For administrator and programmer usage, the generated salted hash was allowed to be display and for normal user, this generated salted hash was hiding for the security reason. In addition, TPS version A will give information about the logical data type based on Boolean operators and Matlab built in comparing strings function. The GUI components that were used for both versions are roughly about 4 Edit Text, 7 Static Text, 5 Push Button and 5 Axes. Most of the components are using callback to handles the events.
The main idea on developing this TPS is divided into 3 sections, which are initial identification matching part based on template in database, protection part and authentication part to enable TPS user to view the selected person data.
Initial Identification Matching Part
As planned, the TPS user should enter the identification number and password of the selected person that want to be display, pressing ENTER than the system will check either the both particular are correct and matched to the template database or not. So, to develop that idea, the usage of Edit Text component was used to allow the user inserting those particular. The algorithm was created under the pushbutton "ENTER" callback which named as function pushbutton1_Callback (hObject, ~, ~) in MATLAB m files. To implement the matching process between the inserted particular with the template in TPS database, the comparing string function called strcmp was used during the if-else statement. Strcmp compares the string to each element of the cell array. For example, to make the only one identification number and password that can match to the certain template, both particular should be same as created in the algorithm.
The matching process took place when strcmp ('860923435255', icnumber) compares string '860923435255' to the each element of cell array icnumber, where the string is a character vector (or a 1-by-1 cell array) and icnumber is a cell array of strings and act as input. The function returns the template path, a logical array that is the same size as icnumber and contains logical 1 (true) for those elements of icnumber that are a match, and logical 0 (false) for those elements that are not. This strcmp function is case sensitive in matching strings, so if the user inserts as not the same as the original identification number and password, it cannot match with any path of the template. For the identification number, the Edit Text box was tag as "icnumber" and handles the get (hObject) function. Get (hObject) method will returns a structure whose field names are the object's property names and whose values are the current values of the corresponding properties. This technique was same going with the password entry and matching process, the important is the tag name to identify the graphics objects with a user-specified label. The tag name for the Edit Text box to insert password is "password".
When the authorized user insert the correct identification number and password, and the ENTER pushbutton handle the event, the function axes was used to display the status of database matching. The user acceptance icon in jpeg format was used to display when the correct inserted particular was detected while the invalid user icon was used to display at the axes when any one of the particular was wrong and cannot be match with the template database.
Password Strengthening Area - Salt key generator, password hashing, and salted hash password.
After the successful of matching inserted password and identification number by the TPS user, the password was proposed in this project to be strengthening to improve the security level during the authentication. As the main objective, salting method was applied in this part. As a review, salt is a random string of data used to modify a password hash. Salt can be added to the hash to prevent a collision by uniquely identifying a user's password, even if another user in the system has selected the same password. Salt can also be added to make it more difficult for an attacker to break into a system by using password hash-matching strategies because adding salt to a password hash prevents an attacker from testing known dictionary words across the entire system.
In developing the algorithm, salt was created in the separate MATLAB m files. The m file was named as random string. This algorithm was created to generate random string that will represent as a salt key. The algorithm was developed by using the selection scale of ASCII code. ASCII stands for American Standard Code for Information Interchange. Computers can only understand numbers, so an ASCII code is the numerical representation of a character such as 'a' or '@' or an action of some sort. The string was generated on certain length randomly based on scale setting in the algorithm.
Although the salt key algorithm was ready to be concatenate, the salt was not concatenate directly to the clear text password. To make the password more protected, the clear text input password was converted first into a message digest using any of several common hash algorithms. The hashing algorithm was named as "function h = hash (inp,meth)" in MATLAB m files. TPS administrator can select any one of the hash algorithm to be used by changing the "meth" to MD2, MD5, SHA1, SHA256, SHA384, or SHA512 types. This flexible selection was created by using java package called "java.securty". "java.security. Message Digest.getInstance (String algorithm)" was imported to the hash function MATLAB m files where this method will compute the input into the selected hash algorithm.
Once the password hashed produced from the hash function algorithm, the generated salt key will be combine with password hash. In this thesis, in producing the salted hash password, it is not ended once it is combined. After those two particular was combine, the concatenated salt with password hash will go through the second round of hashing. This technique was done to make sure each time the salted hash password generate, all the string was not repeated even in certain area along the password.
The most important point in this template protection system is during authentication. This part is created to make sure only the correct salted hash password can allow the template to be display. The algorithm was created to handle the matching between inserted and the generated password. A few methods from MATLAB function such as string comparison, relational operation, and test operations function was applied in this algorithm that will give a proof in term of logical results either true (1) or false (0). These three methods were used along with the branching statements method. Branches are Matlab statements that permit the algorithm to select and execute specific sections of code while skipping other sections of code . To enhance the security of TPS, input access limitation was applied during the authentication event. Count method was used in the algorithm to make sure only two trial in inserting initial clear text password and salted hash password are allow. If user inserted the wrong particular in the third time, the error window will appear with buzzer sounds and the system will terminate automatically. Figure 5 shows the general TPS development and Figure 6 shows the overall operations in TPS.
Figure 5: Flow Chart of General TPS Development
Figure 6: Flow Chart of overall operations in TPS
Result and Discussion
Developed Template Protection System (TPS) Version A (administrator) and Version B (authorize user) was successfully executed in MATLAB. The algorithm was initially display the login window before entering the main TPS. During this login event, authorize user such as staff and administrator have to insert their own identification number to enter the system. The login window is illustrated in Figure 7 and once the correct id inserted, the TPS window will appear as in Figure 8 for administrator and Figure 9 for authorize user.
Figure 7: TPS Login windows
Figure 8: Template Protection System Version A
Figure 9: Template Protection System Version B
Figure 8 and Figure 9 shows the TPS that are ready to be filled with identification number, password, and the rest of protection procedure until the system authenticated and allow the user to access for template and information. Version A was created for administrator used and Version B is for general authorize user. The detail differences between these two versions will be demonstrated in this chapter soon.
The user should follow the step where identification number and password should be entering first, and then they are allowed to generate the salted hash password. For version B, the authorize user have to copy or remember the generated password before they click the protect template. This because once the protect template clicked, the generated password will disappear from MATLAB command window. Version A just for administrator where they can straightly copy the salted hash password on the GUI even after they click the protect template button. The generated salted hash password will be use during the authentication to display the template. When the user insert the salted hash password on the right below if TPS window, they should press "Show User Data" button to display the template. Notice that all the buttons are enable to press except the reset button. The reset button only can be use when the users want to clear the entire fill in TPS after accessing the secure template. If the user does not follow the procedure for both versions; like straight away generate the salted hash password without inserting the earlier particular, the error window will appear on the GUI, as shown in Figure 10.
Figure 10: Example of TPS error window
When the user insert the salted hash password and pressing the "Show User Data" button, the TPS will display the selected template based on the identification number and password that the user inserted, as shown in Figure 11 and Figure 12.
Figure 11: Authenticated template display (TPS Version A)
Figure 12: Authenticated template display (TPS Version B)
During the development of TPS, the arrangement of salt key with hash password was analyze to achieve the best password security. The salt key was not ended when concatenate with the hash password as state in the theory. The enhancement has been created to prevent the possibility to hackers for guessing and attacking. After both particular was concatenate, it was hash again for the second round. By applying this second hashing, the generated salted hash password was not repeated. The clear demonstration and comparison about the first and second level hashing are shown in Table 2, Table 3, and Figure 13.
Besides the salt key arrangement, once the TPS was completely developed, both TPS version was undergo a few test called System Accuracy Test (SAT). To make sure all the button and security arrangement was in order. The SAT's done to TPS are:
If identification number or password is wrong, the error profile icon should be display, invalid sound should appear, generated salted hash password was inactive, and the input access limitation should count in the MATLAB command window when the button ENTER was press. Result : PASS
SAT on TPS Version B, the salted hash password can only be generating once and the generated salted hash password should display in asterisk on the TPS. After the salted hash appear on the command window, the generate button should be inactive. SAT result: PASS
SAT on TPS Version B. Once protect template button is pressed, the encrypted template is display and the generated salted hash disappear in MATLAB command window. Result: PASS
SAT on both versions. To display the template, user should insert salted hash password that they generate. If the incorrect salted hash is inserted for less than 3 times, TPS will display wrong password icon, the template was not display, the reset button stay inactive and error window with invalid password sound should appear. Result : PASS
SAT - If the incorrect salted hash is inserted more than 3 times, the system will terminate and error window should appear with buzzer sound. Result: PASS
If the correct salted hash password is inserted, TPS should display when the "Show User Data" button was press. At the same time, authenticate icon should be display, accessing data sound and reset button is active. For this SAT, Christina Mariasara profile is tested to be display; with her identification number is "AS8921N121" and password "M29886tinasara". Result: All authentication are matched and success.
SAT on logical data type results - On TPS Version A, a logical data type values should be display on the MATLAB workspace and command window. The correct logical value will indicate the correct arrangement and function used in the algorithm. There are three types of logical data method used in TPS, which are string comparison function, Boolean/relational operators, and test operation function. All these three method give correct results when some cases apply to the inserted salted hash password during the authentication. Figure 14 shows the result of logical data comparison using Boolean/relational operators, which give value "1" (TRUE) for the correct matching and "0" (FALSE) for the incorrect matching. For this example, the matching correlation was zero because only 23 bits of character was correct out of 32 bits password character. Result: PASS
Figure 14: Logical results in sparsity pattern plot
Users tend to choose weak passwords; still there are a number of improvements that can be used in practice to increase their strengths. Since passwords continue to be used, password strengthening techniques are playing an important role in security. Hopefully by using this salting method will contribute to the strengthening of the security to access the information on the template. The strong protection will make the hackers more difficult to attack or to guess the password. For future development, this salting method can be enhancing by combining with hardware security such as fingerprint sensor while protecting the template.
A single template protection approach may not be sufficient to meet all the application requirements. Hence, hybrid schemes that make use of the advantages of the different template protection approaches must be developed. For example, a scheme that secures a "salted" template using a biometric cryptosystem (e.g., ) may have the advantages of both salting (which provides high diversity and revocability) and biometric cryptosystem (which provides high security) approaches. Finally, with the growing interest in multi-biometric and multifactor authentication systems, schemes that simultaneously secure multi-biometric templates and multiple authentication factors (biometrics, passwords, etc.) need to be developed.
TABLE 2(Example of generated salt key concatenate with hash password), TABLE 3(Example of generated salted hash password) and Figure 13(Protection area where the salted hash was generate)
This research was supported by Assoc. Prof. Dr. Nooritawati Md. Tahir, as a project supervisor from Electrical Faculty of UITM. Specially thanks for the feedback and useful suggestions along the development of this project.