fyp1 presentation
DESCRIPTION
TRANSCRIPT
A Study of Salting Method for Image Protection
AHMAD FAEEZ LUKMAN51262111325
Bachelor of Engineering Technology in Data CommunicationsAdvisor : Miss Siti Hajar Ab Aziz (SHAA)
#IntroductionPassword Protection - to ensure sensitive
information is protected at all times from any kinds of attacks and breaches.
Other than passwords, other important data that needs to be protected over the internet are templates. This includes any images and biometrics (fingerprints, face, iris, voice).
Cryptography – a science of converting a plain text
from a readable state into secret coding by using certain algorithms.
Hash Functions - most common algorithms used to encrypt passwords.
- A fixed-length hash value is computed based on the plaintext and the process is a one-way function.
Salt - cover up weaknesses produced by the hashes. - Consist of random bits that is added on to the original plaintext , making it long enough before being converted into a hash.
#Literature ReviewBased on a journal titled Biometric Template Security,
January 2008 by authors Anil K. Jain, Karthik Nandakumar and Abhishek Nagar, they state that images or templates will be protected both on encryption and decryption side based on key matching and correct filename. And that the security of salting technique is actually on the confidentiality of the password.
An author of the website Martjin’s C# Programming Blog in a post titled Creating Salted Hash Passwords in C#, mentioned that salting technique requires hackers to re-calculate the dictionary for each user password, thus greatly increasing the attack time.
#Problem Statement
Images that are not securely kept in a server’s database can easily be captured by hackers and is subject to manipulation.
Images usually encrypted with unsalted passwords, which is highly vulnerable to a hacker’s attack (Recent event – LinkedIn website hacked)
This project targets to implement salting method into passwords that secure images kept in a database
END
START
RESEARCH AND LEARNING PROCESS
PRODUCING FINAL REPORT
PERFORMANCE EVALUATION : PERFORM A DEMO ATTACK
IMPLEMENTATION OF ALGORITHMS IN MATLAB GUI
CREATING SALT AND HASH ALGORITHMS
IS ENCRYPTION AND DECRYPTION SUCCESFUL?
IS ATTACK SUCCESSFUL?
NO
YES
NO
YES
#Methodology
User uploads image and
“lock” image with password
Salt is applied on
password by the server
Password+Salt converted
into hash value
Hash value stored in server
database
User insert password to
login
Password inserted is salted and hashed
again, and compared with stored hash
value
User can login and retrieve image
Password : "hello"
"hello" + "QxLUF1bgIAdeQX"
hash("hello" + "QxLUF1bgIAdeQX") = 9e209040c863f84a31e719795b2577523954739fe5ed3b58a75cff2127075ed1
"hello"
Image:
Expected Result :Encryption : User insert image and set plain passwordDecryption : User type in password, and the image
inserted earlier should be displayedAttack : Attack should not be successful to gain
password hashes from database
Password Salt Hash (Password+Salt)
hello2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
hello QxLUF1bgIAdeQX9e209040c863f84a31e719795b2577523954739fe5ed3b58a75cff2127075ed1
hello bv5PehSMfV11Cdd1d3ec2e6f20fd420d50e2642992841d8338a314b8ea157c9e18477aaef226ab
hello YYLmfY6IehjZMQa49670c3c18b9e079b9cfaf51634f563dc8ae3070db2c4a8544305df1b60f007
Example of salting and hashing
#Gantt Chart
Activities Wk 1-2
Wk2-7
Wk8
Wk9
Wk10
Wk11-13
Wk14
Wk15-20
Wk21-23
Wk24-26
Wk27-31
Wk32-36
Wk37
Wk38-39
Wk40
Identifying topic of research
Gathering resources
Change of project title
Identifying new project / research
Preparation for proposal
Presentation Week
Proposal Submission
Extended Research
Install / Learn Matlab GUI
Developing Salt / Hash Algorithms
Implementation and troubleshoot
Perform attack and troubleshoot
Report Submission
#ConclusionAt this stage, I have learned through research and findings that by
using the salting method implemented in a password, it can add an extra layer of security on the password and everything connected to it (images, personal information, sensitive information etc).
Salting method is not 100% safe and cannot be cracked, but the hacker will for sure need much more time and cost to brute-force attack every single password in a database one by one, instead of pre-building up a lookup table beforehand.
Next part of the project will be further researched, learning and implementing image protection using the salting method in MATLAB GUI, along with a demo password attack. The user-friendly GUI interface should enable users to enter password to protect an image, and later enter the same password to retrieve the image.
#Reference1. Jain, A. K., Nandakumar, K., & Nagar, A. (2008). EURASIP Journal
on Advances in Signal Processing, Special Issue on Biometrics : Biometric Template Security.
2. Ke, Y., Sukthankar, R., Huston, L. (2003). Efficient Near-duplicate Detection and Sub-image Retrieval, Intel
3. Creating Salted Hash Password in C#. (2008, December). Retrieved from http://www.dijksterhuis.org/creating-salted-hash-values-in-c/,
4. Kessler, G. C. (2012, July 17). An Overview of Cryptography. Retrieved from http://www.garykessler.net/library/crypto.html#hash
5. Ferguson, N. & Schneier, B. (2003). Practical Cryptograph. Wiley Publishing Inc.
6. Ullrich J. (2011, June 28). Hashing Passwords. Retrieved from http://www.dshield.org/diary.html?storyid=11110
7. Creating Salted Hash Passwords in C#. (2008, December 9). Retrieved from http://www.dijksterhuis.org/creating-salted-hash-values-in-c/
Thank You.