Examining PBKDF2 security margin - Case study of LUKS

J 2019

Examining PBKDF2 security margin - Case study of LUKS

VISCONTI, Andrea, Ondrej MOSNÁČEK, Milan BROŽ a Václav MATYÁŠ

Základní údaje

Originální název

Examining PBKDF2 security margin - Case study of LUKS

Autoři

VISCONTI, Andrea (380 Itálie), Ondrej MOSNÁČEK (703 Slovensko, domácí), Milan BROŽ (203 Česká republika, domácí) a Václav MATYÁŠ (203 Česká republika, garant, domácí)

Vydání

Journal of Information Security and Applications, Elsevier Ltd. 2019, 2214-2126

Další údaje

Jazyk

angličtina

Typ výsledku

Článek v odborném periodiku

Obor

10200 1.2 Computer and information sciences

Stát vydavatele

Nizozemské království

Utajení

není předmětem státního či obchodního tajemství

Odkazy

URL

Impakt faktor

Impact factor: 2.327

Kód RIV

RIV/00216224:14330/19:00107341

Organizační jednotka

Fakulta informatiky

DOI

http://dx.doi.org/10.1016/j.jisa.2019.03.016

UT WoS

000467422300024

Klíčová slova anglicky

Password-Based Key Derivation Function 2 (PBKDF2);Iteration counts;GPU;Linux Unified Key Setup (LUKS)

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 10. 6. 2019 10:20, prof. RNDr. Václav Matyáš, M.Sc., Ph.D.

Anotace

V originále

Passwords are widely used to protect our sensitive information or to gain access to specific resources. They should be changed frequently and be strong enough to prevent well-known attacks. Unfortunately, user-chosen passwords are usually short and lack sufficient entropy. A possible solution to these problems is to adopt a Key Derivation Function (KDF) that allows legitimate users to spend a moderate amount of time on key derivation, while imposing CPU/memory-intensive operations on the attacker side. In this paper, we focus on long-term passwords secured by the Password-Based Key Derivation Function 2 (PBKDF2) and present the case study of Linux Unified Key Setup (LUKS), a disk-encryption specification commonly implemented in Linux based operating systems. In particular, we describe how LUKS protects long-term keys by means of iteration counts defined at runtime, and analyze how external factors may affect the iteration counts computation. In doing so, we provide means of evaluating the iteration count values defined at run-time and experimentally show to what level PBKDF2 is still capable of providing sufficient security margin for a LUKS implementation.

Návaznosti

GBP202/12/G061, projekt VaV

Název: Centrum excelence - Institut teoretické informatiky (CE-ITI) (Akronym: CE-ITI)

Investor: Grantová agentura ČR, Centrum excelence - Institut teoretické informatiky

Citovat

VISCONTI, Andrea, Ondrej MOSNÁČEK, Milan BROŽ a Václav MATYÁŠ. Examining PBKDF2 security margin - Case study of LUKS. Journal of Information Security and Applications. Elsevier Ltd., 2019, roč. 46, č. 1, s. 296-306. ISSN 2214-2126. Dostupné z: https://dx.doi.org/10.1016/j.jisa.2019.03.016.

@article{1516816,
   author = {Visconti, Andrea and Mosnáček, Ondrej and Brož, Milan and Matyáš, Václav},
   article_number = {1},
   doi = {http://dx.doi.org/10.1016/j.jisa.2019.03.016},
   keywords = {Password-Based Key Derivation Function 2 (PBKDF2);Iteration counts;GPU;Linux Unified Key Setup (LUKS)},
   language = {eng},
   issn = {2214-2126},
   journal = {Journal of Information Security and Applications},
   title = {Examining PBKDF2 security margin - Case study of LUKS},
   url = {http://dx.doi.org/10.1016/j.jisa.2019.03.016},
   volume = {46},
   year = {2019}
}

TY  - JOUR
ID  - 1516816
AU  - Visconti, Andrea - Mosnáček, Ondrej - Brož, Milan - Matyáš, Václav
PY  - 2019
TI  - Examining PBKDF2 security margin - Case study of LUKS
JF  - Journal of Information Security and Applications
VL  - 46
IS  - 1
SP  - 296-306
EP  - 296-306
PB  - Elsevier Ltd.
SN  - 22142126
KW  - Password-Based Key Derivation Function 2 (PBKDF2);Iteration counts;GPU;Linux Unified Key Setup (LUKS)
UR  - http://dx.doi.org/10.1016/j.jisa.2019.03.016
L2  - http://dx.doi.org/10.1016/j.jisa.2019.03.016
N2  - Passwords are widely used to protect our sensitive information or to gain access to specific resources. They should be changed frequently and be strong enough to prevent well-known attacks. Unfortunately, user-chosen passwords are usually short and lack sufficient entropy. A possible solution to these problems is to adopt a Key Derivation Function (KDF) that allows legitimate users to spend a moderate amount of time on key derivation, while imposing CPU/memory-intensive operations on the attacker side. In this paper, we focus on long-term passwords secured by the Password-Based Key Derivation Function 2 (PBKDF2) and present the case study of Linux Unified Key Setup (LUKS), a disk-encryption specification commonly implemented in Linux based operating systems. In particular, we describe how LUKS protects long-term keys by means of iteration counts defined at runtime, and analyze how external factors may affect the iteration counts computation. In doing so, we provide means of evaluating the iteration count values defined at run-time and experimentally show to what level PBKDF2 is still capable of providing sufficient security margin for a LUKS implementation.
ER  -

VISCONTI, Andrea, Ondrej MOSNÁČEK, Milan BROŽ a Václav MATYÁŠ. Examining PBKDF2 security margin - Case study of LUKS. \textit{Journal of Information Security and Applications}. Elsevier Ltd., 2019, roč.~46, č.~1, s.~296-306. ISSN~2214-2126. Dostupné z: https://dx.doi.org/10.1016/j.jisa.2019.03.016.

Podrobný výpis o publikaci