Recent Innovations in Wireless Network Security

Volume 3 Issue 1
DOI: [Link]

Enhanced Authentication Mechanism using Negative Password:

An Approach for Intrusion Detection
Shiva Kumar G V1, Dr Devananda S N2, Suhas G K3*
1,3
Research Scholar, Department of Computer Science and Engineering,
Visvesvaraya Technological University, Belagavi, India.
1
Assistant Professor, Department of Computer Science and Engineering,
SJC Institute of Technology, Chikkabalapur, India.
2
Professor, Department of Electronics and Communication Engineering,
PES Institute of Technology and Management, Shivamogga, India & Research Supervisor,
Visvesvaraya Technological University, Belagavi, India.
3
Assistant Professor, Department of Computer Science and Engineering,
HKBK College of Engineering, Bangalore, India.

*Corresponding Author
E-mail Id:-suhask300@[Link]

ABSTRACT
Password protection schemes (such as hash passwords, salt passwords, key expansion)
cannot resist lookup table or dictionary attacks.. Secure secret key stockpiling might be a
crucial perspective in frameworks upheld secret phrase confirmation, which stays the chief
generally utilized verification strategy, regardless of some security flaws. The aim of this
research paper is twofold: first, to improve security in authentication mechanism by passing
the received password from source node to hash function and convert it into ENP. Second to
perform repeated operation of encryption to further improve security using ENP passwords.

Keywords:-Hash password, salt password, key stretching, Encrypted Negative Password

(ENP)

INTRODUCTION password is being changed. It is difficult to

Following over technology used on the obtain a password from a highly secure
web, an enormous number of services on system. On the one hand, in a highly
online are set up during which password secure system, it is difficult to steal
authentication is the most typically used personal information from an identity
authentication technique as it’s cost- verification data sheet that contains user
effective and simple to deploy nature. As a names and passwords. On the contrary,
result, the term “password security” during the login attempt, due to the limited
continuously attracts great concern with number of logins, it is difficult to conduct
the pursuit of research, education, online guessing attacks. In any case, the
scholarship and industry. Despite much password will also leak out from the "weak
prominent research implementation done system. " Some changes to the programs in
on password security, because of the user’s the system or their data updates or repairs
careless behaviors passwords are still have been used, or the patches have been
being hacked. For instance, users tend to improved or run faster. This includes
choose simple passwords or might users fixing security vulnerabilities and other
use a common password for the different errors. If the vulnerabilities are
accounts to remember the password or it perpetually found in the systems and if the
can be the reduced frequency at which the system is not patched to resist attacks, it

HBRP Publication Page 1-7 2021. All Rights Reserved Page 1

 Recent Innovations in Wireless Network Security
Volume 3 Issue 1
DOI: [Link]

provides the attacker a chance to illegally EXISTING WORK

access to the “weak systems”. Additional [1]Hashing technique guard against of
vulnerability is caused by some old retrieving the passwords of every user in
systems due to low- maintenance. Finally, the system by illegally access to the
after getting information from the database. There are many password
authentication data table from the old security mechanisms among them hashing
is the most common technique used for the
system, the attacker will get access to the
authentication. Small changes made to the
high-security system through the cracked password results in completely different
password from a low-security system and hashed password. Password hashing can
perform an offline attack. Passwords be implemented by using cryptographic
within the authentication data table in hash function. There are many hash
always in the form of hashed passwords. functions available like SHA256, SHA512
However, hashed passwords cannot etc. its disadvantage is Disadvantage is
overcome “precomputation attacks”. The cannot resist lookup table attack. [2]
few cases of precomputation attacks are Pattern-lock graphical authentication
“rainbow table attack”, “lookup table method is a couple of random or
attack”. First, adversaries perform a unarranged pictures produced by
lookup table, where the key hash values of developer. User is first asked to select a
elements in a password and corresponding certain number of images of his choice.
Later for attaining the authentication user
frequently-used plain passwords are
is asked to recognize the images selected
created. After gaining access to the by users for the authentication.
authentication data table from old-security Disadvantage is that extra storage required
the attackers try to attempt to look for the to store the pre computed images selected
plain passwords within the lookup table by by the user along with the plain text
matching hashed passwords in the password. Also, it is not efficient for the
authentication data table and therefore the developer to create a program and its time-
keys within the lookup table. Finally, if the consuming process for the user for the
password is matched the attackers log into selection process. [3] Salting method is
higher security systems through cracked proposed to increase the efficiency of the
usernames and passwords and get more password. The users usually use the simple
sensitive information about users and password so that it can be remembered but
obtain some benefits. A new password this provides the probability of an attacker
to steal the password. To overcome this
protection scheme called “Encrypted
problem an extra fixed random bit is added
negative password” is proposed which to the password to make a complex
includes both generation of algorithms like password key stretching is stronger than
NDB and verification algorithms like AES salted password. [4] Key stretching is a
algorithm and MD5 algorithm. The complex process where is difficult for the
complexities of the attack from the attacker to crack the enhanced password.
password protection scheme like” hashed key stretching can be performed by
password”, “key stretching” and “salted applying hash function or a block cipher
password”, and “Encrypted negative continuously Disadvantage is an extra bit
password” are analyzed and compared. are added which is a burden for
The results show that the Encrypted programmers to develop.[5] Diffie–
negative password overcomes lookup table Hellman key exchange uses public-key
attacks without the addition of extra cryptography approach. The goal is to
securely exchanging cryptographic keys.
elements like in salt password and
Disadvantage of Diffie–Hellman key
overcome the dictionary attack. exchange is cannot resist Man in the
middle attack. [6] Designing password

HBRP Publication Page 1-7 2021. All Rights Reserved Page 2

 Recent Innovations in Wireless Network Security
Volume 3 Issue 1
DOI: [Link]

policies for strength and usability Bad PROPOSED WORK

practice of passwords used by users The proposed is twofold: the registration
includes reduced frequent password phase and authentication phase. While
changes, the same password used across receiving our structure to secure passwords
different accounts, bad practice of writing in a verification information table, the
down passwords, simple passwords. It cryptographic hash work and a symmetric-
should include the combination of all key calculation, ought to fulfill the
lower and uppercase letters, numbers and condition that the key size of the hash
special character and sharing passwords function of the chosen cryptographic hash
with others.[7] Multi factor authentication work is equivalent to the key size of the
(MFA) is most popular authentication chose symmetric-key calculation. The
mechanism. The objective of MFA is to hashed secret word is changed over into a
make a layered guard and make it harder negative secret phrase utilizing a NDB
for an unapproved individual to get to an algorithm. The negative secret phrase is
objective like secret phrase. Client can be encoded to an ENP utilizing the chose
conceded solely after proof has been symmetric-key Algorithm. The username
given. The three most regular and the subsequent ENP are put away in
classifications are frequently depicted as the validation information table and if the
something you know (the information mentioning secret phrase matches with the
factor), something you have (the belonging secret word in the confirmation
element) and something you are (the information table by unscrambling, at that
inherence factor). Disadvantage is point the client is effectively verified.
availability and can be tuned versus users.

Fig.1:-High level block diagram of the Registration phase

Fig.2:-High level block diagram of Authentication phase

HBRP Publication Page 1-7 2021. All Rights Reserved Page 3

 Recent Innovations in Wireless Network Security
Volume 3 Issue 1
DOI: [Link]

ENP Algorithm processes of MD5 algorithm as a secret

In ENP user provides the password which key and then perform permutation to get
is then converted into a hashed password complex relations by random arrangements
and then to a negative password. The plain and the generation of negative password is
password “password” which is provided as done through the prefix algorithm where
input is converted into an output as 0,1,* is represented and AES encryption to
Encrypted Negative Password through the provide password protection.

HBRP Publication Page 1-7 2021. All Rights Reserved Page 4

 Recent Innovations in Wireless Network Security
Volume 3 Issue 1
DOI: [Link]

AES Encryption Algorithm sub-processes. Add round key, Mix

AES uses 128-bit keys for carrying out the columns, Shift rows, Byte substitution
process. Each round comprises of four

Fig.3:-AES Structure

Negative Database Generation (NDB)

Fig.4:-Representation of NDB

In the NDB, 𝑈 represents a “Universal set” Hashing Algorithm

which denotes set of n, the number of MD5 Algorithm was created with the most
elements with input 0’s and 1’s. Value “x” intention of safety since it takes a
belongs to the universal set which contribution of any size and delivers a
represents a positive database, then NDB yield 128-bit hash value. Input of any size
stores the (U −DB) in the form of 0,1 & undergoes 4 steps and predefined tasks: (1)
*.The bit 1 is equal to symbol “1”, the bit Padding bits append original message is
0 or 1 either is equal symbol “*” and bit 0 padded such that its length in bits is
equal to symbol “0”. The symbols “0” or congruent to 448 modulo 512 (2) Append
“1” are known as specified positions. The Length. 64 bits are inserted at the end
symbols “*” is known as unspecified which is used to record the length of the
positions. original input. Modulo 2^64. (3): MD
buffer Initialization. (4) Processing the text
message in 16-word block.

HBRP Publication Page 1-7 2021. All Rights Reserved Page 5

 Recent Innovations in Wireless Network Security
Volume 3 Issue 1
DOI: [Link]

Fig.5:-MD5 Algorithm

RESULTS AND DISCUSSIONS results show that the Encrypted Negative

In this section the attack related Password can overcome precomputation
complexity of “hashed password”, “salted attack without using the salt and provide
password”, “key stretching” and the stronger protection for the password under
“Encrypted Negative Password”. The dictionary attack.

Table 1:-Comparison of attack complexity

CONCLUSION Materials 347. 2706-2711p. Trans

A new password protection scheme has Tech Publications Ltd.
been presented known “Encrypted 2. Andriotis, P., Tryfonas, T., &
Negative Password” which overcomes the Oikonomou, G. (2014, June).
existing technique for securing the Complexity metrics and user strength
password, and protect against the existing perceptions of the pattern-lock
password attack based on authentication graphical authentication method.
framework based ENP. In the future, In International conference on human
different techniques of Negative Data Base aspects of information security,
generation algorithms will be researched privacy, and trust. 115-126p.
and implement to the Encrypted Negative Springer, Cham.
Password to further improve password 3. Boonkrong, S., & Somboonpattanakit,
security and multiple iterations can be C. (2016). Dynamic salt generation
carried out to form complex relationship to and placement for secure password
crack the password. storing. IAENG International Journal
of Computer Science, 43(1), 27-36p.
REFERENCES 4. Kelsey, J., Schneier, B., Hall, C., &
1. Ah Kioon, M. C., Wang, Z. S., & Deb Wagner, D. (1997, September). Secure
Das, S. (2013). Security analysis of applications of low-entropy keys.
MD5 algorithm in password storage. In International Workshop on
In Applied Mechanics and Information Security .121-134p.
Springer, Berlin, Heidelberg.

HBRP Publication Page 1-7 2021. All Rights Reserved Page 6

 Recent Innovations in Wireless Network Security
Volume 3 Issue 1
DOI: [Link]

5. Van Oorschot, P. C., & Wiener, M. J. 11. Zviran, M., & Haga, W. J. (1999).
(1996, May). On Diffie-Hellman key Password security: an empirical
agreement with short exponents. study. Journal of Management
In International Conference on the Information Systems, 15(4), 161-185.
Theory and Applications of 12. Gokhale, M. A. S., & Waghmare, V.
Cryptographic Techniques.332-343p. S. (2016). The shoulder surfing
Springer, Berlin, Heidelberg. resistant graphical password
6. Shay, R., Komanduri, S., Durity, A. authentication technique. Procedia
L., Huh, P., Mazurek, M. L., Segreti, Computer Science, 79, 490-498.
S. M., ... & Cranor, L. F. (2016). 13. Jablon, D. P. (1996). Strong
Designing password policies for password-only authenticated key
strength and usability. ACM exchange. ACM SIGCOMM Computer
Transactions on Information and Communication Review, 26(5), 5-26.
System Security (TISSEC), 18(4), 1- 14. Jose, J., Tomy, T. T., Karunakaran,
34. V., Varkey, A., & Nisha, C. A. (2016,
7. Multi Factor Authentication [Online] March). Securing passwords from
[Link] dictionary attack with character-tree.
efinition/multifactor-authentication- In 2016 International Conference on
MFA Wireless Communications, Signal
8. Global Information Assurance Processing and Networking
Certification Paper: Dec. 15, 2012. (WiSPNET) (2301-2307p). IEEE.
[Online]. 15. Arora, A., Nandkumar, A., & Telang,
[Link] R. (2006). Does information security
uthentication-mechanisms- attack frequency increase with
best/101431 vulnerability disclosure? An empirical
9. Wang, D., He, D., Cheng, H., & analysis. Information Systems
Wang, P. (2016, June). fuzzyPSM: A Frontiers, 8(5), 350-362.
new password strength meter using
fuzzy probabilistic context-free Cite this article as: Shiva Kumar G
grammars. In 2016 46th Annual V, Dr Devananda S N, & Suhas G K.
IEEE/IFIP International Conference (2021). Enhanced Authentication
on Dependable Systems and Networks Mechanism using Negative Password:
(DSN) (pp. 595-606). IEEE. An Approach for Intrusion Detection.
10. Sun, H. M., Chen, Y. H., & Lin, Y. H. Recent Innovations in Wireless
(2011). oPass: A user authentication Network Security, 3(1), 1–7.
protocol resistant to password stealing [Link]
and password reuse attacks. IEEE 4
Transactions on Information
Forensics and Security, 7(2), 651-663.

HBRP Publication Page 1-7 2021. All Rights Reserved Page 7