SlideShare a Scribd company logo

FYP1 Presentation

Download as PPTX, PDF
F
faeezfez

This document discusses a study on using salting methods to protect images. Salting involves adding random bits or characters to a password before hashing it. This increases security by making pre-computed rainbow tables useless for cracking hashed passwords. The study aims to implement salting when encrypting and decrypting images stored in a database. The methodology involves researching salting techniques, developing salt and hash algorithms in MATLAB GUI, and testing the encryption/decryption and ability to withstand a demo attack. Preliminary results suggest salting adds an extra layer of security and forces attackers to brute force each password individually rather than using pre-computed tables.

1 of 13
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
A Study of Salting Method for Image Protection AHMAD FAEEZ LUKMAN 51262111325 Bachelor of Engineering Technology in Data Communications Advisor : Miss Siti Hajar Ab Aziz (SHAA)
#Introduction Password Protection - to ensure sensitive information is protected at all times from any kinds of attacks and breaches. Other than passwords, other important data that needs to be protected over the internet are templates. This includes any images and biometrics (fingerprints, face, iris, voice). Cryptography – a science of converting a plain text from a readable state into secret coding by using certain algorithms.
Hash Functions - most common algorithms used to encrypt passwords. - A fixed-length hash value is computed based on the plaintext and the process is a one-way function. Salt - cover up weaknesses produced by the hashes. - Consist of random bits that is added on to the original plaintext , making it long enough before being converted into a hash.
#Literature Review Based on a journal titled Biometric Template Security, January 2008 by authors Anil K. Jain, Karthik Nandakumar and Abhishek Nagar, they state that images or templates will be protected both on encryption and decryption side based on key matching and correct filename. And that the security of salting technique is actually on the confidentiality of the password. An author of the website Martjin’s C# Programming Blog in a post titled Creating Salted Hash Passwords in C#, mentioned that salting technique requires hackers to re-calculate the dictionary for each user password, thus greatly increasing the attack time.
#Problem Statement Images that are not securely kept in a server’s database can easily be captured by hackers and is subject to manipulation. Images usually encrypted with unsalted passwords, which is highly vulnerable to a hacker’s attack (Recent event – LinkedIn website hacked) This project targets to implement salting method into passwords that secure images kept in a database
#Methodology START RESEARCH AND LEARNING PROCESS CREATING SALT AND HASH ALGORITHMS IMPLEMENTATION OF ALGORITHMS IN MATLAB GUI IS ENCRYPTION AND NO DECRYPTION SUCCESFUL? YES PERFORMANCE EVALUATION : PERFORM A DEMO ATTACK YES IS ATTACK SUCCESSFUL? NO PRODUCING FINAL REPORT END
hash("hello" + "QxLUF1bgIAdeQX") Image: = Password : "hello" 9e209040c863f84a31e719795b257 User uploads 752 Salt is applied 3954739fe5ed3b58a75cff2127075e Password+Salt image and on password d1 converted into “lock” image by the server hash value with password "hello" + "QxLUF1bgIAdeQX" Hash value stored in server database User insert User can Password inserted is "hello" password to login and salted and hashed login retrieve again, and compared image with stored hash value
Expected Result : Encryption : User insert image and set plain password Decryption : User type in password, and the image inserted earlier should be displayed Attack : Attack should not be successful to gain password hashes from database Example of salting and hashing Password Salt Hash (Password+Salt) 2cf24dba5fb0a30e26e83b2ac hello 5b9e29e1b161e5c1fa7425e7 3043362938b9824 9e209040c863f84a31e71979 hello QxLUF1bgIAdeQX 5b2577523954739fe5ed3b58 a75cff2127075ed1 d1d3ec2e6f20fd420d50e2642 hello bv5PehSMfV11Cd 992841d8338a314b8ea157c9 e18477aaef226ab a49670c3c18b9e079b9cfaf51 hello YYLmfY6IehjZMQ 634f563dc8ae3070db2c4a85 44305df1b60f007
#Gantt Chart
Activities Wk Wk Wk Wk Wk Wk Wk Wk Wk Wk Wk Wk Wk Wk Wk 1-2 2-7 8 9 10 11-13 14 15-20 21-23 24-26 27-31 32-36 37 38-39 40 Identifying topic of research Gathering resources Change of project title Identifying new project / research Preparation for proposal Presentation Week Proposal Submission Extended Research Install / Learn Matlab GUI Developing Salt / Hash Algorithms Implementation and troubleshoot Perform attack and troubleshoot Report Submission
#Conclusion At this stage, I have learned through research and findings that by using the salting method implemented in a password, it can add an extra layer of security on the password and everything connected to it (images, personal information, sensitive information etc). Salting method is not 100% safe and cannot be cracked, but the hacker will for sure need much more time and cost to brute-force attack every single password in a database one by one, instead of pre-building up a lookup table beforehand. Next part of the project will be further researched, learning and implementing image protection using the salting method in MATLAB GUI, along with a demo password attack. The user- friendly GUI interface should enable users to enter password to protect an image, and later enter the same password to retrieve the image.
#Reference 1. Jain, A. K., Nandakumar, K., & Nagar, A. (2008). EURASIP Journal on Advances in Signal Processing, Special Issue on Biometrics : Biometric Template Security. 2. Ke, Y., Sukthankar, R., Huston, L. (2003). Efficient Near- duplicate Detection and Sub-image Retrieval, Intel 3. Creating Salted Hash Password in C#. (2008, December). Retrieved from http://www.dijksterhuis.org/creating-salted- hash-values-in-c/, 4. Kessler, G. C. (2012, July 17). An Overview of Cryptography. Retrieved from http://www.garykessler.net/library/crypto.html#hash 5. Ferguson, N. & Schneier, B. (2003). Practical Cryptograph. Wiley Publishing Inc. 6. Ullrich J. (2011, June 28). Hashing Passwords. Retrieved from http://www.dshield.org/diary.html?storyid=11110 7. Creating Salted Hash Passwords in C#. (2008, December 9). Retrieved from http://www.dijksterhuis.org/creating-salted- hash-values-in-c/
Thank You.

More Related Content

PDF
NoSQL oder: Freiheit ist nicht schmerzfrei - IT Tage
Alexander Hendorf
 
PDF
Honey words
Sreya Sridhar PP
 
PPTX
MMD3033 FYP1 Presentation Slides
anucy
 
PDF
How to insert references and bibliography into your Word document
Sylvia Matovu
 
PDF
STUNN - Demo Day // Presentation
Slideist
 
PDF
FYP
Paul O'Connor
 
PDF
Passwords good badugly181212-2
Iftach Ian Amit
 
PDF
Data Storage and Security Strategies of Network Identity
Antiy Labs
 
NoSQL oder: Freiheit ist nicht schmerzfrei - IT Tage
Alexander Hendorf
 
Honey words
Sreya Sridhar PP
 
MMD3033 FYP1 Presentation Slides
anucy
 
How to insert references and bibliography into your Word document
Sylvia Matovu
 
STUNN - Demo Day // Presentation
Slideist
 
FYP
Paul O'Connor
 
Passwords good badugly181212-2
Iftach Ian Amit
 
Data Storage and Security Strategies of Network Identity
Antiy Labs
 

Similar to FYP1 Presentation (20)

ODP
User Credential handling in Web Applications done right
tladesignz
 
PPT
Kieon secure passwords theory and practice 2011
Kieon
 
PDF
Password (in)security
Enrico Zimuel
 
PDF
Cracking Salted Hashes
n|u - The Open Security Community
 
PPTX
Securing Passwords
Mandeep Singh
 
PDF
Proper passwordhashing
fangjiafu
 
PDF
2012 03 The Death of Passwords
Raleigh ISSA
 
PDF
Secure password storing with saltedpasswords in TYPO3
Steffen Gebert
 
ODP
An Introduction to Hashing and Salting
Rahul Singh
 
PPTX
Choosing strong passwords
Rich Gautier
 
PPTX
Secure passwords-theory-and-practice
Akash Mahajan
 
PDF
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
PPTX
TM112 Meeting12-Cryptography.pptx
MohammedYusuf609377
 
PDF
The slower the stronger a story of password hash migration
OWASP
 
PPT
Lect5 authentication 5_dec_2012-1
Khawar Nehal khawar.nehal@atrc.net.pk
 
PDF
Password Storage and Attacking in PHP
Anthony Ferrara
 
ODP
All Your Password Are Belong To Us
Charles Southerland
 
PPTX
Storing passwords-honey words
kandulasindhu
 
PDF
Password Storage And Attacking In PHP - PHP Argentina
Anthony Ferrara
 
PDF
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Fego Ogwara
 
User Credential handling in Web Applications done right
tladesignz
 
Kieon secure passwords theory and practice 2011
Kieon
 
Password (in)security
Enrico Zimuel
 
Cracking Salted Hashes
n|u - The Open Security Community
 
Securing Passwords
Mandeep Singh
 
Proper passwordhashing
fangjiafu
 
2012 03 The Death of Passwords
Raleigh ISSA
 
Secure password storing with saltedpasswords in TYPO3
Steffen Gebert
 
An Introduction to Hashing and Salting
Rahul Singh
 
Choosing strong passwords
Rich Gautier
 
Secure passwords-theory-and-practice
Akash Mahajan
 
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
TM112 Meeting12-Cryptography.pptx
MohammedYusuf609377
 
The slower the stronger a story of password hash migration
OWASP
 
Lect5 authentication 5_dec_2012-1
Khawar Nehal khawar.nehal@atrc.net.pk
 
Password Storage and Attacking in PHP
Anthony Ferrara
 
All Your Password Are Belong To Us
Charles Southerland
 
Storing passwords-honey words
kandulasindhu
 
Password Storage And Attacking In PHP - PHP Argentina
Anthony Ferrara
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Fego Ogwara
 
Ad

FYP1 Presentation

  • 1. A Study of Salting Method for Image Protection AHMAD FAEEZ LUKMAN 51262111325 Bachelor of Engineering Technology in Data Communications Advisor : Miss Siti Hajar Ab Aziz (SHAA)
  • 2. #Introduction Password Protection - to ensure sensitive information is protected at all times from any kinds of attacks and breaches. Other than passwords, other important data that needs to be protected over the internet are templates. This includes any images and biometrics (fingerprints, face, iris, voice). Cryptography – a science of converting a plain text from a readable state into secret coding by using certain algorithms.
  • 3. Hash Functions - most common algorithms used to encrypt passwords. - A fixed-length hash value is computed based on the plaintext and the process is a one-way function. Salt - cover up weaknesses produced by the hashes. - Consist of random bits that is added on to the original plaintext , making it long enough before being converted into a hash.
  • 4. #Literature Review Based on a journal titled Biometric Template Security, January 2008 by authors Anil K. Jain, Karthik Nandakumar and Abhishek Nagar, they state that images or templates will be protected both on encryption and decryption side based on key matching and correct filename. And that the security of salting technique is actually on the confidentiality of the password. An author of the website Martjin’s C# Programming Blog in a post titled Creating Salted Hash Passwords in C#, mentioned that salting technique requires hackers to re-calculate the dictionary for each user password, thus greatly increasing the attack time.
  • 5. #Problem Statement Images that are not securely kept in a server’s database can easily be captured by hackers and is subject to manipulation. Images usually encrypted with unsalted passwords, which is highly vulnerable to a hacker’s attack (Recent event – LinkedIn website hacked) This project targets to implement salting method into passwords that secure images kept in a database
  • 6. #Methodology START RESEARCH AND LEARNING PROCESS CREATING SALT AND HASH ALGORITHMS IMPLEMENTATION OF ALGORITHMS IN MATLAB GUI IS ENCRYPTION AND NO DECRYPTION SUCCESFUL? YES PERFORMANCE EVALUATION : PERFORM A DEMO ATTACK YES IS ATTACK SUCCESSFUL? NO PRODUCING FINAL REPORT END
  • 7. hash("hello" + "QxLUF1bgIAdeQX") Image: = Password : "hello" 9e209040c863f84a31e719795b257 User uploads 752 Salt is applied 3954739fe5ed3b58a75cff2127075e Password+Salt image and on password d1 converted into “lock” image by the server hash value with password "hello" + "QxLUF1bgIAdeQX" Hash value stored in server database User insert User can Password inserted is "hello" password to login and salted and hashed login retrieve again, and compared image with stored hash value
  • 8. Expected Result : Encryption : User insert image and set plain password Decryption : User type in password, and the image inserted earlier should be displayed Attack : Attack should not be successful to gain password hashes from database Example of salting and hashing Password Salt Hash (Password+Salt) 2cf24dba5fb0a30e26e83b2ac hello 5b9e29e1b161e5c1fa7425e7 3043362938b9824 9e209040c863f84a31e71979 hello QxLUF1bgIAdeQX 5b2577523954739fe5ed3b58 a75cff2127075ed1 d1d3ec2e6f20fd420d50e2642 hello bv5PehSMfV11Cd 992841d8338a314b8ea157c9 e18477aaef226ab a49670c3c18b9e079b9cfaf51 hello YYLmfY6IehjZMQ 634f563dc8ae3070db2c4a85 44305df1b60f007
  • 10. Activities Wk Wk Wk Wk Wk Wk Wk Wk Wk Wk Wk Wk Wk Wk Wk 1-2 2-7 8 9 10 11-13 14 15-20 21-23 24-26 27-31 32-36 37 38-39 40 Identifying topic of research Gathering resources Change of project title Identifying new project / research Preparation for proposal Presentation Week Proposal Submission Extended Research Install / Learn Matlab GUI Developing Salt / Hash Algorithms Implementation and troubleshoot Perform attack and troubleshoot Report Submission
  • 11. #Conclusion At this stage, I have learned through research and findings that by using the salting method implemented in a password, it can add an extra layer of security on the password and everything connected to it (images, personal information, sensitive information etc). Salting method is not 100% safe and cannot be cracked, but the hacker will for sure need much more time and cost to brute-force attack every single password in a database one by one, instead of pre-building up a lookup table beforehand. Next part of the project will be further researched, learning and implementing image protection using the salting method in MATLAB GUI, along with a demo password attack. The user- friendly GUI interface should enable users to enter password to protect an image, and later enter the same password to retrieve the image.
  • 12. #Reference 1. Jain, A. K., Nandakumar, K., & Nagar, A. (2008). EURASIP Journal on Advances in Signal Processing, Special Issue on Biometrics : Biometric Template Security. 2. Ke, Y., Sukthankar, R., Huston, L. (2003). Efficient Near- duplicate Detection and Sub-image Retrieval, Intel 3. Creating Salted Hash Password in C#. (2008, December). Retrieved from http://www.dijksterhuis.org/creating-salted- hash-values-in-c/, 4. Kessler, G. C. (2012, July 17). An Overview of Cryptography. Retrieved from http://www.garykessler.net/library/crypto.html#hash 5. Ferguson, N. & Schneier, B. (2003). Practical Cryptograph. Wiley Publishing Inc. 6. Ullrich J. (2011, June 28). Hashing Passwords. Retrieved from http://www.dshield.org/diary.html?storyid=11110 7. Creating Salted Hash Passwords in C#. (2008, December 9). Retrieved from http://www.dijksterhuis.org/creating-salted- hash-values-in-c/

Editor's Notes

  • #4: Crptography = cryptologyThe best way to encrypt dataHash weakness = Fixed length =
  • #6: Hashed passwords used to protect the images, if any, is vulnerable to Rainbow Table Attack by hackers. Implementation of salt in these passwords may cripple this type of attack. Cari research paper for hashing only Limitations make me come out with salting methodWhy salting method – length, randomness eleborate objective
  • #7: RAINBOW ATTACK USING OPHCRACK
  • #8: Only user will know the password inserted
  • #12: Progress until week 10Expected result ( Matlab GUI , coding)