Sage Journals: Discover world-class research

Abstract

In text-based authentication, the passwords along with user names are maintained in the Authentication Data Table (ADT). It is necessary to preserve the privacy of passwords in ADT to avoid offline attacks like brute force attacks, lookup table attacks, etc. In this paper, three password protection schemes, namely Encrypted Image Password (EIP), Dynamic Authentication Data Table (D-ADT), and Extended Encrypted Image Password (EEIP) are proposed for secure authentication. In EIP, the input passwords are first converted to hashed passwords and then transformed into images. Next, these image passwords are encrypted using a novel image password encryption system using chaos functions and confusion-diffusion mechanisms. In D-ADT, the hashed passwords are encrypted using a random key. The major highlight of this scheme is that during every log, the hashed password is encrypted with a new random key while keeping the plain password same as it is. So, during each login of the user, the old encrypted password is replaced with a new encrypted password in the authentication data table. The EEIP scheme combines both approaches. Passwords are converted to images and image passwords are encrypted with the new random key at every login. Performance and security analysis are carried out for the proposed algorithm concerning correlation analysis, differential analysis, entropy analysis, computation time, keyspace, and offline attack analysis.

Keywords

Authentication Chaos image encryption lookup table attack dictionary attack

1. Introduction

Nowadays, in this internet world, common people are becoming regular internet users as compared to the previous decade. Two reasons are behind this: i) availability of smartphones at lower prices because of growth in mobile technology and ii) growth in high-speed internet technology. Hence, businesses but also common people are also far more attracted to online. Today, the availability of mobile apps is increasing such that it is producing a remarkable change in the way common people feel and experience technology. People prefer online services in every sector like banking, shopping, transport, finance, health, marketing, and many more. So, people’s efforts are reduced, and comfort is guaranteed. However, while accessing such online services, the security protocol plays a key role. To access any device or service in this digital world, the first step is authentication i.e. validating the user. But it is observed that a secure authentication mechanism is still challenging because of the hacker’s intelligence. At the same time, the researchers are also continuously providing solutions for secure access through complex computational logic and different input factors. Anyhow all these are ongoing parallel activities taken by hackers and researchers. The solution methodologies include passwords, PINs, hashed passwords, salted passwords, key stretching, graphical passwords, one-time passwords, biometric passwords, and more variations of biometrics (fingerprint, iris, ECG, palm print, etc.). Among these various solutions, passwords and their variations are popular because of their convenience and easy implementation. Unfortunately, this becomes the greatest opportunity for cyber-criminals to focus on this area. Because users have to generate their passwords, there is often a chance that they are unable to create strong and secure credentials.

On the other hand, if passwords are highly secure, then there is a threat of attacks on ADT (Authentication Data Table) on the server side. ADT contains user credentials like user id and password. Hence, it is mandatory in high-security systems that the passwords need to be well protected against attacks. ADTs are much more vulnerable to precomputed table attacks. Due to the high availability of high computation processing units at a low cost, it is becoming easy to construct such precomputed tables. Also, on the internet, there are software tools available that convert a hash value to plain text (e.g., http://reverse-hash-lookup.online-domain-tools.com/). Using such tools, it is possible to create a precomputed table that consists of hashed passwords and corresponding plain passwords. If such precomputed tables are already created, then it is less challenging to find plain passwords from the ADT and break the security system. The attacker may apply faster search techniques like binary search to reveal passwords. After getting ADT, to reveal the passwords from ADT, an attacker may perform attacks such as brute force attack, dictionary attack, lookup table attack, reverse lookup table attack, rainbow table attack, or advanced dictionary attack. Depending on whether precomputation logic is used or not, these attacks are divided into two types: lookup and rainbow table attack comes under theprecomputation based attacks andremaining comes under non-precomputation based attacks. In the first type, because of the precomputation logic, both rainbow and lookup table attacks are easy ways to reveal passwords. In the second type, all four attacks simply try each given password from the password list. In the brute force attack, the password list contains all combinations of characters from a given character set, whereas the dictionary and reverse lookup table often contain frequently used passwords. The advanced dictionary contains the words based on the user practices to construct passwords.

The paper is organized as follows: in Section 2, the related work concerning the authentication and image cryptosystem techniques are discussed, in Section 3, the framework and working of proposed schemes are described. Performance and Security analysis is performed concerning the NIST randomness test, correlation analysis, differential analysis, information entropy analysis, the privacy of the ADT concerning off-line attacks, key space analysis, computational complexity analysis and comparison, and known/chosen plain text attack in Section 4. The conclusions are made in the last Section.

2. Literature survey

In this paper, three password protection schemes, namely Encrypted Image Password (EIP), Dynamic Authentication Data Table (D-ADT), and Extended Encrypted Image Password (EEIP) are proposed for secure authentication. The proposed methodologies use an image cryptosystem for password encryption. Hence, password-based authentication systems, traditional and existing chaos-based image encryption approaches are elaborated.

2.1. Backgound

Researchers have categorized authentication into five types: 1) text-based; 2) graphical-based; 3) biometrics-based; 4) Web-based; and 5) hardware-based solutions [4,5].

Text-based authentication using a password is more popular because of its low cost and easy implementation. The Authentication Data Table (ADT) is available on the server. It contains user credentials such as userid, password, and additional informative attributes. The way in which the user credentials are stored in ADT is important from a security point of view. But, it is observed that passwords are easily cracked because of users’ careless nature [2]. Generally, the user selects familiar words which are easy to remember as a password, and the same password is continued for different systems. The ADT contains userids and passwords which could be stolen by attackers in case of a weak security system or compromised system. Attackers continuously try to leak the security of the system, and at the same time, the corresponding application system should also focus on how to strengthen the security. In reality, the systems that are not strengthening their security protocols regularly are more vulnerable. Since the same passwords are usually used by the user for a long time, attackers may access high-security systems using cracked passwords. Next, after getting ADT, attackers may proceed for off-line attacks [24]. Normally, the ADT contains passwords in the hashed form. Hashed passwords are generated using a cryptographic hash function [3]. The hash function is a one-way mapping function that transforms any length of data into fixed-length data. It is difficult to find plain values directly from hashed values because of one-way mapping. But, researchers found that hashed passwords are not protected well against precomputation table attacks, such as lookup table attacks and rainbow table attacks [22]. Due to decreasing costs and the high availability of high computing, processing, and storage resources, the creation of precomputed tables is possible. These kinds of precomputations are used in the lookup table and rainbow table. So, the above two attacks are increased to more extent. Hence, an attacker could become more successful in cracking the hashed passwords. To protect from such precomputation attacks, the salting of passwords [26] is done. Salt is an array of characters that are inserted into the plain value and then hashed which acts as a noise. The size of the salt and the strength of password security are directly proportional, i.e., if salt is more, then security is also more. Next, to improve the level of security, salt can be dynamic [7]. On the other hand, it is observed that salted passwords are not strong under dictionary attacks. In these attacks, an attacker attempts all the possible passwords from the predefined list, i.e., the dictionary. To protect from a dictionary attack, the key stretching method is useful. In this, weak passwords are converted to enhanced passwords. But, these mechanisms are vulnerable to attacks like Narrow-Pipe Attack [12]. Luo et. al. [17], given an Encrypted Negative Password (ENP) solution. In this, the hash value of the original password is calculated. Next, the negative password is calculated. At last, the negative password is converted into an Encrypted Negative Password using an asymmetric cryptosystem. ENP could protect against lookup table attacks and dictionary attacks. But, the generation of negative passwords is time-consuming. All these techniques with their own advantages and limitations are summarised in Table 1.

Table 1
Summary of existing methodologies

S. No. Scheme Methodology Advantages/Limitations

1 Ref. [3] Hashed Passwords 1. Easy to implement

2. Faster

3. Vulnerable to Precomputation attacks

2 Ref. [26] Salted Passwords 1. Easy to implement

2. Speed is inversely proportional to the size of salt

3. Vulnerable to dictionary attack

3 Ref. [7] Dynamic salted Passwords 1.Run time salt generation

2. Vulnerable to dictionary attack

4 Ref. [6] Key stretching 1. Similar to salting

2. Speed is inversely proportional to the size of stretching

3. Vulnerable to Narrow pipe attack

5 Ref. [17] Cryptographic Hash, Negative Password 1. No offline attacks

2. High processing time, computationally expensive

S. No.	Scheme	Methodology	Advantages/Limitations
1	Ref. [3]	Hashed Passwords	1. Easy to implement
2. Faster
3. Vulnerable to Precomputation attacks
2	Ref. [26]	Salted Passwords	1. Easy to implement
2. Speed is inversely proportional to the size of salt
3. Vulnerable to dictionary attack
3	Ref. [7]	Dynamic salted Passwords	1.Run time salt generation
2. Vulnerable to dictionary attack
4	Ref. [6]	Key stretching	1. Similar to salting
2. Speed is inversely proportional to the size of stretching
3. Vulnerable to Narrow pipe attack
5	Ref. [17]	Cryptographic Hash, Negative Password	1. No offline attacks
2. High processing time, computationally expensive

2.2. Image cryptosystem

In the proposed system, plain passwords are converted into images, then image passwords are encrypted using a novel image encryption system. Hence, various image encryption techniques are studied here.

Mostly, image encryption follows a chaotic map-based confusion-diffusion model. The idea is based on Fridrich’s substitution-permutation network [10]. Fridrich’s model consists of two phases- confusion and diffusion. In confusion, the pixels of the image are repositioned, and in diffusion, pixel values are modified. The confusion and diffusion operations are made reversible so that decryption is possible. Chaotic map functions are used to generate keystreams required for confusion and diffusion operations. Confusion-diffusion operations are repetitively executed for m and n times to increase the security level. The 1D, 2D, and 3D variations of chaotic functions have been used in different systems. As dimensions increase, the complex, chaotic behavior produced by the chaotic system also increases and the guessing of chaotic behavior becomes complex. On the other hand, the implementation cost of these more dimensional techniques is high due to their complexity [11]. 1D chaos is preferable because of its simplicity, but it has drawbacks like, (1) limited domain for chaos generated values (2) low computational complexity leading to cryptanalysis using correlation and repetitive functions, and (3) the chaos function spreads output sequence values non uniformly [32]. The common approach to encrypt an image is as follows: a two-dimensional digital image is transformed into a byte array, and the required keystreams for confusion and diffusion are produced by chaotic functions. As an example, for confusion, 2-D maps such as the Arnold Cat map, and Henon map are used in [21]. Also, to increase the quality of the cipher image, the rounds of confusion-diffusion are increased. Due to this, the computation time grows. On the other hand, to achieve similar results in fewer confusion/diffusion rounds, operations on the bits are defined. [14,27,31,33] designed the cryptosystem that operates on the bits. In this system, first, the input image is transformed into a bitstream. Next, confusion and diffusion operations are applied. 3-D map along with gray code logic for image encryption is applied in [8]. Next, a Five-dimensional multi-wing hyper-chaos-based system is designed by Li et al. [14]. Here, the keystream is produced by a hyper-chaotic system where the key is derived from the original image. Next, bit/pixel level confusion and diffusion are applied. However, the computational time complexity of such a more dimensional chaotic system is much more. To decrease computational complexity, Zhi–Liang et al. [34] proposed a solution using the logic of bit positions of the pixel. According to information theory, in the image, the most significant 4 bits of pixel contain around 94.125% information. Taking advantage of this, confusion of most significant bits is done while a group of least significant 4 bits is treated as one unit and repositioned individually. Using a Logistic map, each pixel is changed during diffusion. Next, a more efficient method based on BBD (Binary Bit-plane Decomposition) is proposed in [27,31,33].

In addition to the above methodologies, a random number embedding and DNA-level self-adaptive confusion-diffusion is applied in [29]. The magic square theorem is applied for confusion at the pixel level and the octree principle is invoked to achieve pixel bit shifting in [28]. Block-based preprocessing, postprocessing, and shuffling are used in [16]. But, it may require padding because of the fixed size of the blocks. An input image-related rows and columns shuffling, a pixel-level roll shift, and a bit-level cyclic shift are applied in [15]. Focusing on medical image encryption, simple random shuffling, and XOR operations are used in [20] for encryption logic.

Hence, from the above, it is observed that various researchers have designed various logic. The core part is confusion and diffusion of image components that can be block, pixel, or bit. Every method has pros as well as cons. The limitation includes small key space, high computational power, suffering from differential attack and chosen/plain text attacks, fixed keys, etc.

To overcome limitations of the existing authentication schemes as shown in the Table 1, in this paper, three password-based authentication methodologies are designed and implemented for secure authentication through SHA256 and novel image cryptosystem. The proposed scheme EIP is based on image encryption using Fridrich’s confusion-diffusion model. Here, input passwords are initially converted to hashed passwords using the Secure Hash Algorithm (SHA256) and then embedded into the binary image. Next, these image passwords are encrypted using a novel image password encryption system to get grayscale Encrypted Image Passwords as a result. Arnold’s cat map and logistic map are used to generate encryption key streams. The control parameters used for these Chaotic maps are calculated from the value of the hashed password. In the second scheme, D-ADT, initially, input passwords are hashed using SHA256, and the hash value of passwords is ciphered using Random Key. The Random Key is generated using the RANDOM() function. Random Key is encrypted with the key calculated from the hashed password. In this case, the ADT preserves three values, i.e., UserID, Encrypted Password, and Encrypted Random Key. The major highlight of this scheme is that during every login, the hash value of the password is ciphered using a new random key while keeping the plain password the same as it is. The third scheme, EEIP, is a combination of the above two approaches. Here, the passwords are converted to images, and image passwords are encrypted with a new random key at every login. The ADT contains UserID, Encrypted Image Password, and Encrypted Random Key.

2.3. Motivation and contribution

Existing methodologies like hashed password [3], salted password [26], dynamic salted password [7], key stretching [6] are vulnerable to precomputation table attacks, dictionary attacks, and Narrow pipe attack. The overhead of Encrypted Negative Password scheme (ENP) [17], is the generation of negative database for the passwords.

The process of generating negative database passwords is complex and time consuming. The proposed EIP uses a simple and effective procedure of image password. In various authentication techniques, the authentication data table is static. Hence, ADT offline attacks are possible. To overcome these attacks, Dynamic ADT (D-ADT) scheme is proposed. Next, to increase the level of security, the EIP and D-ADT are combined together and a novel Extended EIP (EEIP) scheme is proposed. This EEIP can be used in an application where high security is required like defence, finance etc. To design the above algorithms, a novel image cryptosystem is proposed. Here the key parameters depend on the input image.

The contributions of the proposed paper are:

Passwords are well protected in ADT against offline attacks using novel encryption techniques.

Proposed EIP and EEIP are alternative schemes for Encrypted Negative Password (ENP). ENP requires a negative database password to generate ENP. The process of generating negative database passwords is complex. The proposed EIP uses a simple and effective procedure of image password.

Decryption of encrypted passwords is not required during authentication; rather, a comparison is made in the cipher domain itself.

A novel image cryptosystem whose encryption parameters depend on input image is implemented to achieve a higher level of security.

Passwords are stored in encrypted image form, and encrypted image passwords change during every login by keeping the plain password the same as it is.

3. Proposed system design

In the following subsequent subsections, the proposed three authentication schemes are described and compared.

3.1. Scheme 1-encrypted image password

Figure 1 shows the flow of the proposed Encrypted Image Password (EIP). Initially, the user gives a plain password which is hashed, and the corresponding bitstream is generated. Using this bitstream, three keys are generated. These keys are used to create encrypted image passwords. The detailed working flow of the proposed system is described through subsequent subsections.

Fig. 1.

Data flow diagram of encrypted image password (EIP).

3.1.1. Registration of user

The registration process for a new user is done as given below:

On the user machine, the user inputs the credentials, including UserId and Password. Next, the entered credentials are sent to the Authentication Server (AS) through a secure channel.

AS calculates the hash value of UserID using SHA256 and searches UserId in the ADT for the calculated hash. If UserId already exists, AS rejects the registration request and returns a Negative Acknowledgment to the client. Otherwise, step (iii) is executed.

The received password is hashed using SHA256 and hashed password of length w is obtained.

$w \times w$ image password is generated from the hashed password using the proposed algorithm $passwordToImage$ .

Image password is encrypted to get EIP using the proposed $imagePasswordEncrypt$ algorithm using $hKey$ as the key parameter. $hKey$ is produced from $hashedPassword$ .

AS inserts a record for UserId in the authentication data table and returns Positive Acknowledgment to the client.

Algorithm 1:

PasswordToImage

Algorithm 2:

ImagePasswordEncrypt

3.1.2. User authentication

On the user machine, the user inputs the credentials, including UserId and Password. Next, the entered credentials are sent to the Authentication Server (AS) through a secure channel.

AS calculates the hash of UserId using SHA256 and searches UserId in ADT for the calculated hash. If the user does not exist, it stops the authentication process and returns a Negative Acknowledgment to the client. Otherwise, step (iii) is executed.

The encrypted image password is found from ADT named EIP1.

The received password is hashed using SHA256, and $hashedPassword$ of length w is obtained. Also, $hKey$ is produced from $hashedPassword$ .

$w \times w$ image password is generated from $hashedPassword$ using proposed Algorithm 1 $passwordToImage$ .

Image password is encrypted through Algorithm 2 $ImagePasswordEncrypt$ using $hKey$ , and EIP2 is obtained.

EIP1 and EIP2 are compared by taking bitwise XOR. If the XOR operation gives ZERO, then return Positive Acknowledgment. Otherwise, return Negative Acknowledgment. The advantage is that the comparison is made in an encrypted domain, and there is no need for decryption for matching.

Image password could be obtained through the following steps as denoted in Fig. 1. First, the received password is hashed using SHA256. Next, the hashed password, i.e., w-bit sequence, is transformed into $w \times w$ binary image password. To convert hashed password to a binary image password, initially, two keys (Key1 and Key2) are derived from $hKey$ using mathematical operations. Key1 and Key2 are used to calculate the control values of two different chaotic maps. By executing these chaotic functions iteratively, two sequences are generated. The first sequence is called as Shuffling Index, and it contains random integer values ranging from (0 to $w - 1$ ) of length w. Similarly, the second bitstream of length $w \times w$ is generated and converted into $w \times w$ binary image. Next, the original bits of $hashedPassword$ are embedded row-wise according to Shuffling Index to obtain a binary image. Thus, $imagePassword$ is generated. Finally, $imagePassword$ is encrypted using Algorithm 2 $ImagePasswordEncrypt$ to get EIP. Table 2 gives the intermediate result of the image password.

Table 2
Generation of image password

InputPassword ‘plainPassword’

HashedPassword 101010011110101110011011100100111111000110110101000101001110110011 001001001000100001111110110100100000111000111100011001111101111001 100001000011111110010111011111110110110101010111110001100000101000 00111101001010100110100001000100110010110010111001111000

ShufflingIndex [0, 77, 127, 91, 228, 31, 75, 17, 160, 50, 219, 41, 1, 84, 210, 216, 159, 104, 43, 73, 152, 119, 197, 116, 20,44, 242, 53, 9, 26,174, 110, 58, 79, 176, 10, 201, 244, 161, 182, 112, 105, 141, 193, 153, 82, 27, 148, 100, 47, 145, 63, 37, 18,224, 170, 162, 179,188,218, 231, 181, 194, 54, 103, 184, 122, 109, 106, 254, 62, 2, 243, 67, 19, 154, 92, 131, 172, 151, 86, 255, 156, 38, 238, 36, 64, 21, 163, 93, 68, 207, 35, 57, 150, 230, 204, 158, 89, 187, 203, 185, 32, 94, 39, 6, 241, 225, 140, 80, 251, 177, 78, 129, 101, 250, 65, 34, 83, 205, 98, 248, 175, 113, 164, 69, 114, 168, 59, 222, 235, 202, 149, 49, 137, 209, 29, 126, 189, 74, 22, 190, 143, 227, 111, 229, 128, 236, 13, 232, 239, 214, 95, 215, 87, 142, 14, 130, 45, 186, 40, 198, 60, 117, 245, 4, 55, 56, 76, 144, 46, 42,136, 125, 191, 252, 107, 199, 246, 183, 173, 135, 30, 124, 171, 99, 169, 118, 157, 51, 192, 249, 200, 52, 120, 90, 11, 132, 247, 15,155, 217, 133, 23, 97, 24, 206, 33, 180, 221, 71,134, 166, 3, 48, 121, 211, 66, 146, 195, 208, 72, 70, 7, 165, 25, 196, 139, 12, 8, 226, 253, 240, 123, 85, 147, 138, 234, 96, 233, 115, 81, 167, 178, 28, 223, 102, 16, 212, 237, 220, 61, 213, 108, 88, 5]

Image Matrix before embed hashedPassword) Row0 ’1’101100000011011111110101000110010011001110010011001011011100101 010100100000000001001

011011011011110100000101010101110011010010110111011010010011110111 11111001000101000101

100110001010101000100111010101111011001011011000001010000001110111 1000010000011011010

$\dots$ $\dots$

Row255 10100’0’1000000111011011010010111010110001000101001111101000010110 011000001101100111011001000100101000110010101111101010100010100101 1111000001011001010111011110001000111111 1100100011101011011011011 1010111110101100100000000011011101111110111111001111011011000

Image Matrix after embed hashedPassword Row0 110110000001101111111010100011001001100111001001100101101110010101 01001000000000010111

010010110110110111101000001010101011100110100101110100100111101111 1111001000101000101

100110001010101000100111010101111011001011011000001010000001110111 1000010000011011010

$\dots$ $\dots$

Row255 101000100000011101101101001011101011000100010100111110100001011001 100000110110011101100100010010100011001010111110101010001010010111 110000010110010101110111100010001111111110010001110101101101101110 10111110101100100000000011011101111110111111001111011011000

3.1.3. Image password cryptosystem

The block diagram of the proposed image password cryptosystem is shown in Fig. 2. The cryptosystem is based on Fridrich’s confusion-diffusion model. It uses two chaotic maps, viz. Arnold cat map and Logistic map to generate keystreams.

Fig. 2.

Image password encryption.

Arnold’s cat map: This map is two-dimensional that forms the torus into itself and is given below: $\begin{array}{l} (1) & [\begin{matrix} x_{i + 1} \\ y_{i + 1} \end{matrix}] = [\begin{matrix} 1 & b \\ a & ab + 1 \end{matrix}] [\begin{matrix} x_{i} \\ y_{i} \end{matrix}] mod N \end{array}$ where a and b are the positive integers that act as input arguments of the function.

Logistic Map: This map can generate chaotic behavior using: $\begin{array}{l} (2) & t_{n + 1} = μ t_{n} (1 - t_{n}) \end{array}$ where $t_{n}$ is a number between $(0, 1)$ which denotes the ratio of the existing population to the maximum possible population. The values of interest for the control parameter μ lie between $[0, 4]$ .

For image password encryption, initially, the image password is converted into a bit image. Using Arnold’s cat map (1), keys $xKeyStream$ and $yKeyStream$ are generated. Keys are controlled by input values $x, y, a$ , and b which are derived from hashedPassword’s $hKey$ . Binary image password $BitIP$ is confused to $cBitIP$ as follows: $\begin{array}{l} (3) & cBitIP [s, r] \leftarrow BitIP [xKeyStream [s], yKeyStream [r]] \end{array}$ where s and r are row-column indices. Next, bits of $cBitIP$ are encoded into pixels to get confused image password and transformed into pixel list as $pList$ . Diffusion keystream is generated from Logistic map (2). Next, $pList$ is diffused using Logistic map sequence $logisticKeyStream$ and XOR operation as follows: $\begin{array}{l} (4) & dList [i] \leftarrow pList [i] \oplus logisticKeyStream [i] \end{array}$ Finally, $dList$ is transformed into 2-D to get an encrypted image password $EIP$ . Confusion-diffusion rounds are repetitively executed for m and n times to get more secure $EIP$ . Figure 3 shows the sample image password and the corresponding encrypted image password.

Fig. 3.

Image password and encrypted image password.

3.2. Scheme 2-protecting password by dynamic ADT

In this approach, a trick based on the user’s login is used to change the encrypted password without modifying the original plain password. Figure 4 describes the flow of this scheme. At every successful login, a plain password is hashed using SHA256. The $rKey$ is obtained by applying SHA256 to the random number using the RANDOM() function. This $rKey$ is used as a key to encrypt $hashedPassword$ to obtain encrypted password. Next, $hKey$ is calculated from $hashedPassword$ , and using this $hKey$ as key $rKey$ is encrypted using AES with base64. The ADT contains three attributes i.e. $UserId, EncryptedPassword$ and $Encrypted rKey$ . In the registration process, a record is appended in ADT for a new user using the above three attributes.

Fig. 4.

Flow of ADT update during each successful login.

During authentication(login), the user gives plain UserId and Password. The password is hashed, and the corresponding $hKey$ is obtained. For a given valid UserID, the encrypted password and encrypted $rKey$ are searched from ADT. Using $hKey$ , encrypted $rKey$ is decrypted and plain $rKey$ is obtained. Now, using plain $rKey$ , encrypted password is decrypted. If the decrypted password is matched with $hashedPassword$ then login is successful. Table 3 illustrates how the encrypted passwords are changing in ADT without changing plain passwords during login of a particular user. Algorithm 3 shows working of Dynamic ADT.

Table 3

Dynamic ADT method-ADT update during login

	Login1
UserId	NitTrichy
Password	Tiruchirappalli
hashedUserId	0dfea81a5d7358e8469b4743d325f17728fd954ba194cc5fc41ca5ada4c5ac1c
hashedPassword	2357c4411be2e220bf481f177ae883c336d7cac02dddd53716ac985cf19cc820
hKey	2ac0c03a9ec254d573b1213fd81a73b73eefb760c9a3a6f416cc1cfd80d5d497
rKey	e48e5ad8fb52e0bb4a2a99ac0c1e55625ccb5ea7049e02bed5bab6ba90eefa7a
Encrypted Password	jKA/jFjki0zhit/LvILVLMZ3x9UwnYkll4UIEK0iY95jJN9Qspyhro998LwJPTBYCa9Pb4DtuQGI tBpM96oqcLj0qdEdbf/v55oF4aijvhU=
Encrypted rKey	nJ2lG5ElohSqPa11Z/Fzg9aJDCYIXveMZJi+eZJBkatXJquWZ1+DwoJOsYsclBd3qO/VA4OaDQKYilvNXSY6NaW7BtpUq1Ef5AG4YMKBzuk=
	Login2
User Id	NitTrichy
Password	Tiruchirappalli
hashedUserId	0dfea81a5d7358e8469b4743d325f17728fd954ba194cc5fc41ca5ada4c5ac1c
hashedPassword	2357c4411be2e220bf481f177ae883c336d7cac02dddd53716ac985cf19cc820
hKey	2ac0c03a9ec254d573b1213fd81a73b73eefb760c9a3a6f416cc1cfd80d5d497
rKey	4a95ca7fed6126c6270b38de5cc7e076c4a505f7e7f370166deb599ba3ec892f
Encrypted Password	RDOoMX34wHC2kAu+XiYanRAGq5tJopVKJRzgKs7/+kwlEQhO+Ja86Ym/j4hRmbwH2miCRIjubu5mJy+ad+Ko2DE5JkNNSlt/Z4Vz4cprA/I=
Encrypted rKey	L32STu0CF+tCWkS4BRkMzgMo6O6zEHhtTySjHUMKPofPRwKdDGlG9yy5ZITaBd7YsUlDjQPKD+S5HF7yKzqdVdja5sjeQlXSwQI09ps/Kj0=
	Login3
User Id	NitTrichy
Password	Tiruchirappalli
hashedUserId	0dfea81a5d7358e8469b4743d325f17728fd954ba194cc5fc41ca5ada4c5ac1c
hashedPassword	2357c4411be2e220bf481f177ae883c336d7cac02dddd53716ac985cf19cc820
hKey	2ac0c03a9ec254d573b1213fd81a73b73eefb760c9a3a6f416cc1cfd80d5d497
rKey	87f8ff24845f4dc4354be4df0dfc1a59219ce69c8945d68e67499c2acf2f165e
Encrypted Password	mFW9i4K719CwF4nMPwQTHiW6YcMSCffvUfGD6wRMTWOuaW2IduyyhCjdLm0VMQOLc2HtEcQrHse1bsMiVVV2ZpEbb8iYxU8Nd7EfDAE4D/M=
Encrypted rKey	PXMItHJJ4j74VTixhmB5BJLOAnU4tXDJdN2HN+4tZ0L6+4jfEhRGeTj1hTsryEa0wGLuC22QIzQpeKxQrwSWfFFPRn6nHdOyBhkRxcMcEaU=

Algorithm 3:

Dynamic ADT

3.3. Scheme 3-extended EIP

In this solution, the previous two approaches are combined. In EIP, during image password encryption, the $hKey$ is used as encryption key which is generated from $hashedPassword$ . To achieve more level of security instead of $hashedPassword$ , a random number-based $rKey$ is used as encryption key similar to the D-ADT approach. So, it is required to preserve the value of $rKey$ also. Now, the ADT consists of three attributes i.e. $UserId, encryptedImagePassword$ and $encryptedrKey$ . The advantage of this scheme is that the EIP changes during each login while keeping the plain password as it is. Table 4 demonstrates the update of ADT during logins of a particular user at different times. $UserId$ is user name, $encryptedImagePassword$ is the EIP obtained by executing algorithm $imagePasswordEncrypt$ where encryption key is $rKey$ . The $imagePasswordEncrypt$ requires two input parameters i.e. $imagePassword$ and $rKey$ . $rKey$ is encrypted using symmetric key cryptography (e.g.AES), and the key is calculated from $hashedPassword$ . Thus, encrypted $rKey$ is obtained. In the registration process, a record is appended in ADT for a new user using the above three attributes.

Algorithm 4 shows working of Extented EIP. Table 5 illustrates the instances of ADT at different times.

Table 4
Extended EIP-ADT update during login

Login User Id Password rKey EIP

First Time NitTrichy Tiruchirappalli 96a6263803174d8deed802b3d218d83e6ef4b3402c66 cc8e6842b0622774bc08

Second Time NitTrichy Tiruchirappalli c5395cfaa14a4796da8561560261d1f59a9eae3cc952 c127f32aae167676499b

Third Time NitTrichy Tiruchirappalli 9148c0deedb6a2e2c92ce0a9070ac489c8909de22697 a14ad70135d417016f2d

Login	User Id	Password	rKey
First Time	NitTrichy	Tiruchirappalli	96a6263803174d8deed802b3d218d83e6ef4b3402c66 cc8e6842b0622774bc08
Second Time	NitTrichy	Tiruchirappalli	c5395cfaa14a4796da8561560261d1f59a9eae3cc952 c127f32aae167676499b
Third Time	NitTrichy	Tiruchirappalli	9148c0deedb6a2e2c92ce0a9070ac489c8909de22697 a14ad70135d417016f2d

Table 5

Extended EIP-ADT

User Id	encrypted rKey	EIP
	Instance 1
NitTrichy	7TtWqjsupUe5TXm5 J8V1QC5IKs/XkaL4GJySnKTIXgc8H6e3fxZnf6 cAJWQPXHUBdhptezExDa9rXnA/ifZVji/+yIl4YGebyC8H6NO61NY=
IITBombay	cV5IplzwsgpL2485ZMg2SUCbKFklO+vTWNEeXjRTwbvJ7E3Iv42CIGW +gzU3mTn33RntHYF91yh9FBB859ndRi23yKhwiPoUQ1rMzAbrNhI=
IITMadras	T5cpDAi1Z5K20ys3B6qp/ckWcvfh9+VYM41JlTsw8c+ZV84ydTMfjqNR/x fNQpdcePdFvZX2wCAIroDoY5Dz3BU4j8GcG62dYbFemRzhtmY=
	Instance 2
NitTrichy	8gMyueAARsm54vh8a7NzLGLGGOk5ALMMcqAIfAhz2U7PGkxUL1Z0L hWdL5XpsANAOFIN6PGU4B/49T8GV1SJkT1a93nkg+PV4sYQYimvfMQ=
IITBombay	5TO/henPt1Ce/eOojVR1dyCGaz/Vs8lEYeOPJKjBLagaLxIK90bO/ZMu ZxIeKRicY6gmH4DbqMjT+c1MfAtJSu+kTEmazkoOWAY82RpKUyQ=
IITMadras	U7a2I6L+kaXKp+R3xQ77/KMCzR9OXvv9UrRMVVejVP0CVf8SXleC KmHv7JgjerFCjK04hp8Zn/mULyLz5DM+aMFqHBMtBgPR3U2F6hDE1s8=
	Instance 3
NitTrichy	7TtWqjsupUe5TXm5 J8V1QC5IKs/XkaL4GJySnKTIXgc8H6e3fxZnf 6cAJWQPXHUBdhptezExDa9rXnA/ifZVji/+yIl4YGebyC8H6NO61NY=
IITBombay	cV5IplzwsgpL2485ZMg2SUCbKFklO+vTWNEeXjRTwbvJ7E3Iv42CIGW +gzU3mTn33RntHYF91yh9FBB859ndRi23yKhwiPoUQ1rMzAbrNhI=
IITMadras	A99dMF4a0cixtDMlg7MMFJpWpUSvz7yRGW9V8DdNrE2pu4AW66DC iNmWJ/AhB5ugPocUzpbY1rDmxmx7OhMLQKahw1GPexM9uQcc0ffUPq0=

Algorithm 4:

Extended EIP

3.4. Comparative analysis of proposed schemes

The proposed schemes are compared with key points as described in Table 6. From this table, it is observed that the EEIP is advantageous in high-security systems because of its enough key space and complex encryption logic. On the other hand, EIP is advantageous in applications where the login frequency is less. In the case of D-ADT, the key space is less, so it is not preferred for high-security systems. If frequent logins are required in a single day, then D-ADT is advantageous.

Table 6
Comparative analysis

Parameter EIP D-ADT EEIP

ADT Attributes UserID, EIP UserID, Encrypted Password, Encrypted rKey UserID, EIP, Encrypted rKey

Matching Speed Faster than EEIP, Slower than D-ADT Faster as compared to EIP and EEIP Slower than EIP and D-ADT

Suitability For less login applications For frequent login applications For frequent login applications

Applications Income tax Email Banking

Limitations 1. Size of encrypted password is more 1. Key space is limited 1. Size of encrypted password is more

2. Additional attribute need to be preserved 2. Additional attribute need to be preserved

Advantages Less attributes in ADT Dynamic ADT Dynamic ADT

Parameter	EIP	D-ADT	EEIP
ADT Attributes	UserID, EIP	UserID, Encrypted Password, Encrypted rKey	UserID, EIP, Encrypted rKey
Matching Speed	Faster than EEIP, Slower than D-ADT	Faster as compared to EIP and EEIP	Slower than EIP and D-ADT
Suitability	For less login applications	For frequent login applications	For frequent login applications
Applications	Income tax	Email	Banking
Limitations	1. Size of encrypted password is more	1. Key space is limited	1. Size of encrypted password is more
2. Additional attribute need to be preserved	2. Additional attribute need to be preserved
Advantages	Less attributes in ADT	Dynamic ADT	Dynamic ADT

4. Performance and security analysis

The proposed system is implemented on Ubuntu 16.04 LTS OS using Python 3.6.3 in a PC having an Intel Core i5-4570, 3.20 GHz × 4, 16 GB RAM, and MySQL 5.5 as a back end.

Algorithms 1 and 2 show the time complexity of password-to-image conversion as $O (w^{2})$ . For image password encryption, the time complexity is $O (mn)$ where m is the number of confusion phase rounds, and n is the number of diffusion phase rounds.

4.1. NIST (national institute of standards and technology) randomness test

The NIST [23] created a statistical test suite with 15 distinct sub-tests to assess the randomness of the binary sequence. For the randomness test, NIST employs the $alpha = 0.01$ threshold level. For each binary sequence, the $P$ -value is calculated separately for each sub-test. If the $P$ -value obtained is $⩾ α$ , then the randomness sub-test is passed.

NIST gives two methods for interpreting test results [23]:

(i) Calculation of the pass rate $(P_{r})$ of passing sequences in the sub-test. $\begin{array}{l} (5) & \overline{P} \pm 3 \sqrt{\frac{\overline{P} (1 - \overline{P})}{\hat{m}}} \end{array}$ where $\overline{P} = 1 - α$ , If $(P_{r})$ comes down outside the appropriate proportion, then it shows that the test sequence is not sufficiently random.

(ii) To calculate the $P$ -value distribution and to check $P$ -values are within the range [0, 1] and to verify whether it is uniform or not.

Table 7
NIST randomness test

S. No Test $P - value$ Outcome

1 Runs 0.489825 passed

2 Frequency 0.776582 passed

3 Block frequency ( $\hat{M} = 20, 000$ ) 0.667610 passed

4 Longest runs of ones 0.101325 passed

5 Overlapping templates ( $\hat{M} = 9$ ) 0.109511 passed

6 Non-overlapping templates ( $\hat{M} = 9$ ) 0.801607 passed

7 Rank 0.531891 passed

8 Approximate entropy ( $\hat{M} = 10$ ) 0.790215 passed

9 Serial ( $\hat{M} = 16$ ) 0.465287 passed

10 Spectral DFT 0.706582 passed

11 Linear complexity ( $\hat{M} = 500$ ) 0.898556 passed

12 Maurers universal 0.624482 passed

13 Cumulative sums 0.599451 passed

14 Random excursions 0.169565 passed

15 Random excursions variant 0.525478 passed

S. No	Test	$P - value$	Outcome
1	Runs	0.489825	passed
2	Frequency	0.776582	passed
3	Block frequency ( $\hat{M} = 20, 000$ )	0.667610	passed
4	Longest runs of ones	0.101325	passed
5	Overlapping templates ( $\hat{M} = 9$ )	0.109511	passed
6	Non-overlapping templates ( $\hat{M} = 9$ )	0.801607	passed
7	Rank	0.531891	passed
8	Approximate entropy ( $\hat{M} = 10$ )	0.790215	passed
9	Serial ( $\hat{M} = 16$ )	0.465287	passed
10	Spectral DFT	0.706582	passed
11	Linear complexity ( $\hat{M} = 500$ )	0.898556	passed
12	Maurers universal	0.624482	passed
13	Cumulative sums	0.599451	passed
14	Random excursions	0.169565	passed
15	Random excursions variant	0.525478	passed

The range [0, 1] is partitioned into 10 equal sub-ranges and $F_{kq}$ denotes the frequency of $P$ -values falling within the $k^{th}$ sub-range. Let $\hat{M}$ be the sample size and the $P - value$ is calculated using, $\begin{array}{l} (6) & χ^{2} = \sum_{kq = 1}^{10} \frac{{(F_{kq} - \hat{M} / 10)}^{2}}{\hat{M} / 10} \end{array}$ and $\begin{array}{l} (7) & P - {value}_{u} = igamc (\frac{9}{2}, \frac{χ^{2}}{2}) \end{array}$

If $P$ -value $_{u} ⩾ 0.0001$ , a sequence could be regarded as a uniform distribution.

For the experiment, the random number sequence of length $256 \times 256$ is generated using (1). Table 7 shows the results obtained from the randomness test. As seen from Table 7, the proposed keystream generation passes all tests. So, it can be utilized for image encryption.

4.2. Correlation analysis

The correlation among connected pixels of the encrypted images is calculated through a random selection of 6000 samples of connected pixels from the encrypted $imagePasswords$ . If correlation along vertically, horizontally, and diagonally is around zero, then the level of security of the cryptosystem is considered as good. Table 8 shows the correlation values of the proposed methodology for input and corresponding cipher images.

Table 8
Correlation analysis

Correlation of encryptedImagePassword

S. No. Password Horizontal Vertical Diagonal

1 Password123 0.004422 −0.017514 0.007780

2 Raj@123 0.005954 −0.025438 −0.038372

3 google@1999 −0.007635 0.005434 0.008452

4 s0ftwa6e −0.003732 −0.045612 0.001231

		Correlation of encryptedImagePassword
1	Password123	0.004422	−0.017514	0.007780
2	Raj@123	0.005954	−0.025438	−0.038372
3	google@1999	−0.007635	0.005434	0.008452
4	s0ftwa6e	−0.003732	−0.045612	0.001231

4.3. Differential analysis

A number of Pixels Change Rate (NPCR) and Unified Average Changing Intensity (UACI) are the testing methods to check the sensitivity of a little modification in the plain image as given by (8) and (10). Assume, ${PI}_{1}$ is an input $imagePassword$ and ${EP}_{1}$ is the obtained $encryptedImagePassword$ . ${PI}_{2}$ is input $imagePassword$ with a little modification and ${EP}_{2}$ is the obtained $encryptedImagePassword$ . $\begin{array}{l} (8) & NPCR = \frac{\sum_{α β} ψ (α, β)}{width \times height} \\ (9) & ψ (α, β) = \{\begin{matrix} 0 & if {EP}_{1} (α, β) = {EP}_{2} (α, β) \\ 1 & if {EP}_{1} (α, β) \neq {EP}_{2} (α, β) \end{matrix} \\ (10) & UACI = \frac{1}{width \times height} \sum_{α = 1}^{width} \sum_{β = 1}^{height} \frac{| {EP}_{1} (α, β) - {EP}_{2} (α, β) |}{255} \end{array}$ The obtained results are shown in Table 9. From the results, it is concluded that a random one-bit change in the input $imagePassword$ produces a major change in the encrypted $imagePassword$ .

Table 9
Differential analysis

Sr. No. Password NPCR UACI

1 Password123 99.5437 33.3851

2 Raj2123 99.6112 33.0264

3 google@1999 99.2284 34.0142

4 s0ftwa6e 99.5921 33.5487

Sr. No.	Password	NPCR	UACI
1	Password123	99.5437	33.3851
2	Raj2123	99.6112	33.0264
3	google@1999	99.2284	34.0142
4	s0ftwa6e	99.5921	33.5487

4.4. Analysis of information entropy

Information entropy measures randomness. For gray images, if the pixel spread is uniform, then the highest entropy is eight. Assume $J$ is the number of gray levels and $P r (J_{i})$ is the probability of $i^{th}$ gray level then entropy is calculated using (11). Table 10 shows the entropy of encrypted image passwords and it is noticed that the values are nearer to standard entropy value. $\begin{array}{l} (11) & E = \sum_{i} P r (J_{i}) {log}_{2} (\frac{1}{P r (J_{i})}) \end{array}$

Table 10
Information entropy analysis

Sr. No. Password encryptedImagePassword Entropy

1 Password1232 7.9989

2 Raj123 7.9974

3 google@1999 7.9977

4 s0ftware 7.9981

Sr. No.	Password	encryptedImagePassword Entropy
1	Password1232	7.9989
2	Raj123	7.9974
3	google@1999	7.9977
4	s0ftware	7.9981

4.5. Analysis of computation time

To analyze computational time, the notations used are described in Table 11. All the operations are executed on the same machine as specified at the beginning of this section. The comparison of computation time analysis of the proposed system (D-ADT) and other systems is shown in Table 12. From the comparison, it is noticed that the proposed D-ADT is almost faster than other systems. The major highlight of the scheme is the passwords are updated during each login without changing the original password. Ultimately, the level of security is very high.

Table 11
Notations

S. No. Notation Operation Approximate time to compute(Sec)

1 $T_{CHash}$ Cryptographic Hash 2.384185791015625e-06

2 $T_{PED}$ Paillier Encryption-Decryption 0.08961009979248047

3 $T_{SED}$ Symmetric Encryption-Decryption 0.0007462501525878906

4 $T_{hKey}$ hKey generation 3.457069396972656e-05

5 $T_{rKey}$ rKey generation 2.2411346435546875e-05

6 $T_{NegPass}$ Negative Password 2.2411346435546875e-05

7 $T_{PKED}$ Public key encryption/decryption 0.00399077665

8 $T_{ME}$ Modular exponetiation 0.00408687945829821

9 $T_{PA}$ Point addition 2.9853078e-05

10 $T_{HMAC}$ HMAC 4.7682e-06

11 $T_{BP}$ Bilinear Pairing 0.006023480472375280

12 $T_{PM}$ Point Multiplication 0.0023077391302367215

S. No.	Notation	Operation	Approximate time to compute(Sec)
1	$T_{CHash}$	Cryptographic Hash	2.384185791015625e-06
2	$T_{PED}$	Paillier Encryption-Decryption	0.08961009979248047
3	$T_{SED}$	Symmetric Encryption-Decryption	0.0007462501525878906
4	$T_{hKey}$	hKey generation	3.457069396972656e-05
5	$T_{rKey}$	rKey generation	2.2411346435546875e-05
6	$T_{NegPass}$	Negative Password	2.2411346435546875e-05
7	$T_{PKED}$	Public key encryption/decryption	0.00399077665
8	$T_{ME}$	Modular exponetiation	0.00408687945829821
9	$T_{PA}$	Point addition	2.9853078e-05
10	$T_{HMAC}$	HMAC	4.7682e-06
11	$T_{BP}$	Bilinear Pairing	0.006023480472375280
12	$T_{PM}$	Point Multiplication	0.0023077391302367215

Table 12

Analysis of computation time during authentication

S. No.	Scheme	Computation Time(Sec)	Cryptographic primitive	ADT	Multifactor
1	Ref. [17]	$T_{CHash} + T_{NP} + T_{ENP} \approx 0.01743054389953613$	Cryptographic Hash, Negative Password	Static	No
2	Ref. [9]	$2 T_{CHash} + 2 T_{PED} \approx 0.17922496795654297$	Paillier Cryptosystem	Static	No
3	Ref. [13]	$4 T_{SED} + 8 T_{PM} + 19 T_{CHash} \approx 0.0214922$	Symmtric Encryption	Static	No
4	Ref. [1]	$4 T_{ME} + 4 T_{PKED} + 2 T_{CHash} \approx 0.039309763$	Public Key Encryption	Static	No
5	Ref. [30]	$10 T_{PM} + 2 T_{SED} + 5 T_{CHash} \approx 0.0245818125$	Symmetric Encryption	Static	No
6	Ref. [25]	$4 T_{ME} + 4 T_{PKED} + 2 T_{HMAC} \approx 0.0320172763$	Public Key Encryption	Static	No
7	Ref. [19]	$6 T_{ME} + 4 T_{SED} + 2 T_{HMAC} + 2 T_{CHash} \approx 0.02707341$	Symmetric Encryption	Static	No
8	Ref. [18]	$10 T_{PM} + 4 T_{PA} + 2 T_{HMAC} + 8 T_{CHash} \approx 0.0245818125$	Elliptic Curve Point arithmetic	Static	No
9	Proposed system	$2 T_{CHash} + 1 T_{hKey} + 1 T_{rKey} + 4 T_{SED} \approx 0.0030579566955566406$	Symmetric Encryption	Dynamic	No

4.6. The privacy of ADT

ADT contains user credentials. Suppose, the hacker has pre-obtained the ADT. To reveal the hashed/ciphered passwords, the off-line attacks which could be made available are given below:

Bruteforce attack

Here, the attacker has to check all possible combinations of symbols to reveal the password. But, to make such an attack is very hard.

Dictionary attack

The attacker creates a dictionary consisting of familiar words or words of daily routine. Next, the matching of words from the dictionary to ADT is done.

Advanced Dictionary attack

In this attack, an attacker has to create a dictionary containing words that are predicted by the users’ nature of designing passwords.

Lookup table attack

In this attack, initially, an attacker prepares a list of passwords. The list normally consists of regularly used passwords. Next, he constructs the lookup table containing tuples of hashed passwords and its password in the plain form of the prepared list. An attacker applies a search operation between the lookup table and ADT entries.

Rainbow table attack

Rainbow tables consist of hash chains. Through alterations of the hash and reduction function, a series of alternating passwords and hash values are produced. Only the initial and the endmost plain value produced is entered in the rainbow table.

The common thing in the above off-line attacks is that the hacker has to compare the hash value of the password from ADT with the precomputed hash value of the password except for brute-force attacks. To illustrate how these attacks are executed, consider the attacker has prepared a table as in Table 13 containing the password and corresponding pre-computed password digest. The password digest may be obtained by applying cryptographic hashing techniques such that MD5, SHA256, Whirlpool, etc. The attacker simply searches the table for the target cipher password. If the target cipher password is matched with the password digest in the prepared table, then the password is cracked. The attacker may perform a binary search to find the password digest from the look-up table. However, in proposed schemes, such attacks are very hard because the ADT contains encrypted passwords. For the attacker, the proposed schemes are very hard to obtain encrypted password as depicted in Fig. 5. The attacker has to obtain a corresponding encrypted password. The used encryption logic and key generation logic in proposed schemes are secure enough to protect against these attacks.

Fig. 5.

Illustration of attacks.

Table 13

Sample password digest table

Password	Password digest
Password123	008C70392E3ABFBD0FA47BBC2ED96AA99BD49
Raj@123	23F6A0937AB55F3517A9ECA1A73BA5A2A252037
google@1999	F9C85E55E95308284A34FE17F20CEE46CD02652
s0ftwa6e	380B42CCEE50C91C969331FC2AA4064D08A7A11

4.7. Key space analysis

In the proposed EIP and EEIP schemes, Arnold’s cat map and the logistic map take a total of six control values $(μ, t_{n}, x_{0}, y_{0}, a, b)$ . The control values depend on $hKey$ or $rKey$ . The $imagePasswordEncrypt$ takes m rounds for confusion and n rounds for diffusion. So a total of nine parameters are used for password encryption. As IEEE’s floating-point standard, the 64-bit double precision number’s computational precision is nearby $10^{- 15}$ . Ultimately, the key space of the proposed encryption is ${(10^{15})}^{9} = 10^{135}$ . This key space is enough to withstand the above-mentioned attacks.

4.8. Analysis and comparison of attack complexity

In this section, the time complexities concerning lookup table attack and dictionary attack of the proposed schemes are discussed and compared with the Encrypted Negative Password approach (ENP1, ENP2) [17] and shown in Table 14. Here, the complexity generated by key space is ignored for simplicity. The comparison shows that the proposed schemes are very hard to perform lookup table attacks and dictionary attacks.

4.8.1. Notations

$N_{tp}$ Total number of passwords in the password list

$N_{cp}$ Number of passwords to be cracked

w Length of the hashed password

$T_{hash}$ Time taken to get hashedPassword from plain password

$T_{SI}$ Time taken to construct Shuffling Index

$T_{EncHashedPass}$ Time taken to encrypt hashedPassword

$T_{Match}$ Time taken to match encrypted image passwords $O (w^{2})$

$T_{matchNP}$ : Time taken to determine whether a hashed password matches a negative password

Table 14
Comparison of time complexity with attacks

Scheme Lookup table attack Dictionary attack

ENP1 $O (N_{tp} * w! * T_{matchNP})$ $O (N_{tp} * N cp * (T_{hash} + T_{d} + T_{matchNP})$

ENP2 $O (N_{tp} * \frac{{[(w - 2) w!]}^{3}}{2^{(w - 2) w^{2}}} * N_{cp} * T_{matchNP})$ $O (N_{tp} * N cp * (T_{hash} + T_{d} + T_{matchNP})$

EIP $O (N_{tp} * (w! * (w^{2}!) * mn + T_{match}))$ $O (N_{tp} * N_{cp} * (T_{hash} + T_{SI} + w^{2} + w + mn + w^{2}))$

EEIP $O (N_{pc} (2^{w} (w! * (w^{2}!) * mn) + T_{match}))$ $O (N_{tp} * N_{cp} * (T_{hash} + T_{SI} + w^{2} + w + mn + w^{2}))$

D-ADT $O (w! * T_{hash} * 2^{w})$ $O (N_{tp} * N_{cp} * (T_{hash} + O (1) + T_{EncHashedPass} + O (w)$

Scheme	Lookup table attack	Dictionary attack
ENP1	$O (N_{tp} * w! * T_{matchNP})$	$O (N_{tp} * N cp * (T_{hash} + T_{d} + T_{matchNP})$
ENP2	$O (N_{tp} * \frac{{[(w - 2) w!]}^{3}}{2^{(w - 2) w^{2}}} * N_{cp} * T_{matchNP})$	$O (N_{tp} * N cp * (T_{hash} + T_{d} + T_{matchNP})$
EIP	$O (N_{tp} * (w! * (w^{2}!) * mn + T_{match}))$	$O (N_{tp} * N_{cp} * (T_{hash} + T_{SI} + w^{2} + w + mn + w^{2}))$
EEIP	$O (N_{pc} (2^{w} (w! * (w^{2}!) * mn) + T_{match}))$	$O (N_{tp} * N_{cp} * (T_{hash} + T_{SI} + w^{2} + w + mn + w^{2}))$
D-ADT	$O (w! * T_{hash} * 2^{w})$	$O (N_{tp} * N_{cp} * (T_{hash} + O (1) + T_{EncHashedPass} + O (w)$

4.8.2. Look table attack analysis

In the proposed system, if an attacker wants to crack EIPs using a lookup table attack, the attacker must first compute all possible EIPs for each password from the list. To find EIP for a single password from the list, the following steps are taken by the attacker. First, to find shuffled passwords totally $w!$ shuffled passwords are possible. The next step is to find a binary image of size $w \times w$ . For a single shuffled password, totally $(w \times w)!$ binary images are possible. Till now, the complexity is $O (w! (w^{2}!))$ . Further, the challenge is to find the corresponding encrypted image. The image encryption is done by applying confusion(m rounds) and diffusion(n rounds) of bits/pixels based on chaotic functions, and the complexity is $O (mn)$ , and finally, a comparison of encrypted images is made. From the above procedure, it is concluded that the time complexity of cracking passwords for EIP is $O (N_{pc} (w! * (w^{2}!) * mn + T_{match}))$ . Additionally, for Extended EIP (EEIP), if $rKey$ is of the length w then total $2^{w} rKeys$ are possible. So, the time complexity of EEIP for cracking passwords is given by- $O (N_{pc} (2^{w} (w! * (w^{2}!) * mn) + T_{match}))$ . In the case of D-ADT, first, find all shuffled passwords, then obtain the hash of shuffled passwords i.e. $w! * T_{hash}$ . Next, find the encryption key, which is generated by applying the $w - bit$ cryptographic hash function on the random number. So totally $2^{w}$ keys are possible. Finally the time complexity is $O (w! * T_{hash} * 2^{w})$ .

4.8.3. Dictionary table attack analysis

To verify the password from the password list in the case of EIP and EEIP, the following steps are done:

Obtaining $hashedPassword$ of size w from plain password ( $T_{hash}$ )

Obtaining Shuffling Index ( $T_{SI}$ )

Obtaining $w \times w$ binary image ( $O (w^{2})$ )

Embedding hashedPassword into binary image to get $imagePassword$ ( $O (w)$ )

Encrypt $imagePassword$ as EIP1 ( $O (mn)$ )

Match EIP1 with EIP2. EIP2 is taken from ADT. If EIP1 and EIP2 are matched then solution found ( $O (w^{2})$ )

Hence, the complexity to crack passwords is given by

$O (N_{tp} * N_{cp} * (T_{hash} + T_{SI} + O (w^{2}) + O (w) + O (mn) + O (w^{2})$ .

In the case of D-ADT, the following steps are taken

Obtaining $hashedPassword$ of size w from plain password ( $T_{hash}$ )

Obtaining rKey( $O (1)$ )

Encrypt $hashedPassword$ as EHP1 ( $T_{EncHashedPass}$ )

Match EHP1 with EHP2. EHP2 is taken from ADT. If EHP1 and EHP2 are matched then solution found ( $O (w)$ )

Hence, the complexity to crack passwords is given by

\begin{matrix} O (N_{tp} * N_{cp} * (T_{hash} + O (1) + T_{EncHashedPass} + O (w) . \end{matrix}

4.9. Analysis of known/chosen plain text attack

In the chaotic cryptosystem, an attacker is mainly interested in getting the intermediate results [21]. The required intermediate results to be computed from the proposed cryptosystem can be found by dividing the $imagePasswordEncrypt$ into four segments. If $imagePassword$ is the input image and Arnold cat map (1) produced keystreams are $xkeyStream, yKeyStream$ then first segment of confusion function is represented as $\begin{array}{l} (12) & cImg = confusion ({keyImg}_{1}, imagePassword) \end{array}$ where ${keyImg}_{1}$ is obtained from $xkeyStream$ , $yKeyStream$ . For the second segment,during diffusion, the $cImg$ and ${keyImg}_{2}$ are XORed. ${keyImg}_{2}$ is generated from Logistic map (2). Diffusion is represented as follows: $\begin{array}{l} (13) & dImg = cImg \oplus {keyImg}_{2} \end{array}$ In the third segment, $dImg$ is again diffused for n times as follows: $\begin{array}{l} (14) & {dImg}^{'} = {(dImg \oplus {keyImg}_{2})}^{n} \end{array}$ In the last segment, ${dImg}^{'}$ is again confused for m times as- $\begin{array}{l} (15) & {cImg}^{'} = confusion ({keyImg}_{1}, {dImg}^{'}) \end{array}$ Finally, to get a cipher image $\begin{array}{l} (16) & EIP = confusion {({keyImg}_{1}, V^{n})}^{m} \\ (17) & V = (dImg \oplus {keyImg}_{2}) \end{array}$ The keystreams ${keyImg}_{1}$ and ${keyImg}_{2}$ are created by executing Arnold’s cat map (1) and logistic map (2) respectively. Arnold’s cat map takes 4 control arguments in key i.e. { $x_{0}, y_{0}, a, b$ } whereas the Logistic map takes two control arguments { $μ, t_{0}$ }. These parameters depend on $hKey$ or $rKey$ (in the case of EEIP) value. $hKey$ value is generated from $hashedPassword$ and $rKey$ value is generated by taking SHA256 of random number generated using RANDOM() function. Therefore, it is very challenging for an attacker to get ${keyImg}_{1}$ and ${keyImg}_{2}$ values without getting the value of $hKey$ or $rKey$ .

4.10. Comparative analysis

Table 15 shows the comparative analysis of ENP and EEIP concerning standard parameters. From the comparison table, it is observed that EEIP is more advantageous as compared to ENP. The highlighted key point in EEIP is dynamic ADT. Because of this, it can be useful in highly secure applications like the military, finance, etc.

Table 15
Comparative analysis

Parameter ENP EEIP

Logic Complex Simple

Attack Complexity Less More

Key Space Less More

ADT Static Dynamic

Computation Not in encrypted domain In Encrypted domain

Methodology Negative Database Image Encryption

Parameter	ENP	EEIP
Logic	Complex	Simple
Attack Complexity	Less	More
Key Space	Less	More
ADT	Static	Dynamic
Computation	Not in encrypted domain	In Encrypted domain
Methodology	Negative Database	Image Encryption

5. Conclusion

In this paper, three protection schemes are proposed for secure authentication. In scheme-1 EIP, the plain password is converted to an encrypted image password. In scheme-2 D-ADT, the plain password is hashed and encrypted using the different random keys at every login. So, ADT contains a new encrypted password for an original plain password during each login of a particular user. By taking advantage of this beautiful logic, scheme-3 EEIP is proposed that combines described two schemes so that ADT contains a new EIP for each login. For the encryption of image passwords, novel image encryption is designed and implemented. The encryption keys depend on the input plain password. In the end, the analysis and comparison of ENPI, ENPII, and proposed schemes (EIP, D-ADT, EEIP) are made. Additionally, the key-space analysis and chosen/plain text analysis are also performed. The performance shows that EIP is sufficiently secure to protect against attacks like brute force, lookup table, dictionary, and rainbow table. The advantage of the proposed schemes is that there is no need for the decryption of encrypted image passwords during authentication.

References

Abbasinezhad-Mood and

Nikooghadam, Design and hardware implementation of a security-enhanced elliptic curve cryptography based lightweight authentication scheme for smart grid communications, Future Generation Computer Systems 84 (2018), 47–57. doi:10.1016/j.future.2018.02.034.

Adams and

M.A.

Sasse, Users are not the enemy, Communications of the ACM 42(12) (1999), 41–46. doi:10.1145/322796.322806.

M.C.

Ah Kioon,

Z.S.

Wang and

Deb Das, Security analysis of md5 algorithm in password storage, in: Applied Mechanics and Materials, Vol. 347, Trans Tech Publ, 2013, pp. 2706–2711.

M.T.

Ahvanooey,

M.X.

Zhu,

Li,

Mazurczyk,

K.-K.R.

Choo,

B.B.

Gupta and

Conti, Modern authentication schemes in smartphones and iot devices: An empirical survey, IEEE Internet of Things Journal.

M.H.

Barkadehi,

Nilashi,

Ibrahim,

A.Z.

Fardi and

Samad, Authentication systems: A literature review and classification, Telematics and Informatics 35(5) (2018), 1491–1511. doi:10.1016/j.tele.2018.03.018.

Biryukov,

Dinu and

Khovratovich, Argon2: New generation of memory-hard functions for password hashing and other applications, in: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), IEEE, 2016, pp. 292–302. doi:10.1109/EuroSP.2016.31.

Boonkrong and

Somboonpattanakit, Dynamic salt generation and placement for secure password storing, IAENG International Journal of Computer Science 43(1) (2016), 27–36.

A.A.A.

El-Latif,

Abd-El-Atty,

Belazi and

A.M.

Iliyasu, Efficient chaos-based substitution-box and its application to image encryption, Electronics 10(12) (2021), 1392. doi:10.3390/electronics10121392.

V.R.

Falmari and

Brindha, Privacy preserving cloud based secure digital locker using paillier based difference function and chaos based cryptosystem, Journal of Information Security and Applications 53 (2020), 102513. doi:10.1016/j.jisa.2020.102513.

10.

Fridrich, Symmetric ciphers based on two-dimensional chaotic maps, International Journal of Bifurcation and chaos 8(06) (1998), 1259–1284. doi:10.1142/S021812749800098X.

11.

Hua and

Zhou, Image encryption using 2d logistic-adjusted-sine map, Information Sciences 339 (2016), 237–253. doi:10.1016/j.ins.2016.01.017.

12.

Kelsey,

Schneier,

Hall and

Wagner, Secure applications of low-entropy keys, in: International Workshop on Information Security, Springer, 1997, pp. 121–134.

13.

A.A.

Khan,

Kumar,

Ahmad,

Rana and

Mishra Palk, Password-based anonymous lightweight key agreement framework for smart grid, International Journal of Electrical Power & Energy Systems 121 (2020), 106121. doi:10.1016/j.ijepes.2020.106121.

14.

Li,

Wang and

Chen, A hyper-chaos-based image encryption algorithm using pixel-level permutation and bit-level permutation, Optics and Lasers in Engineering 90 (2017), 238–246. doi:10.1016/j.optlaseng.2016.10.020.

15.

Li,

Peng,

Tan and

Li, A novel chaos-based color image encryption scheme using bit-level permutation, Symmetry 12(9) (2020), 1497. doi:10.3390/sym12091497.

16.

Li,

Peng,

Tan and

Li, An effective chaos-based image encryption scheme using imitating jigsaw method, Complexity (2021).

17.

Luo,

Hu,

Jiang and

Wang, Authentication by encrypted negative password, IEEE Transactions on Information Forensics and Security 14(1) (2018), 114–128. doi:10.1109/TIFS.2018.2844854.

18.

Mahmood,

S.A.

Chaudhry,

Naqvi,

Kumari,

Li and

A.K.

Sangaiah, An elliptic curve cryptography based lightweight authentication scheme for smart grid communication, Future Generation Computer Systems 81 (2018), 557–565. doi:10.1016/j.future.2017.05.002.

19.

Mahmood,

S.A.

Chaudhry,

Naqvi,

Shon and

H.F.

Ahmad, A lightweight message authentication scheme for smart grid communications in power sector, Computers & Electrical Engineering 52 (2016), 114–124. doi:10.1016/j.compeleceng.2016.02.017.

20.

Masood,

Driss,

Boulila,

Ahmad,

S.U.

Rehman,

S.U.

Jan,

Qayyum and

W.J.

Buchanan, A lightweight chaos-based medical image encryption scheme using random shuffling and xor operations, Wireless Personal Communications (2021), 1–28.

21.

Murugan and

A.G.N.

Gounder, Image encryption scheme based on block-based confusion and multiple levels of diffusion, IET Computer Vision 10(6) (2016), 593–602. doi:10.1049/iet-cvi.2015.0344.

22.

Oechslin, Making a faster cryptanalytic time-memory trade-off, in: Annual International Cryptology Conference, Springer, 2003, pp. 617–630.

23.

Rukhin,

Soto,

Nechvatal,

Smid and

Barker, A statistical test suite for random and pseudorandom number generators for cryptographic applications, Tech. rep., Booz-Allen and Hamilton Inc Mclean Va, 2001.

24.

Song, Advanced smart card based password authentication protocol, Computer Standards & Interfaces 32(5–6) (2010), 321–325. doi:10.1016/j.csi.2010.03.008.

25.

Sule,

R.S.

Katti and

R.G.

Kavasseri, A variable length fast message authentication code for secure communication in smart grids, in: 2012 IEEE Power and Energy Society General Meeting, IEEE, 2012, pp. 1–6.

26.

E.I.

Tatlı, Cracking more password hashes with patterns, IEEE Transactions on Information Forensics and Security 10(8) (2015), 1656–1665. doi:10.1109/TIFS.2015.2422259.

27.

Teng and

Wang, A bit-level image encryption algorithm based on spatiotemporal chaotic system and self-adaptive, Optics Communications 285(20) (2012), 4048–4054. doi:10.1016/j.optcom.2012.06.004.

28.

Wang and

Liu, A novel chaos-based image encryption using magic square scrambling and octree diffusing, Mathematics 10(3) (2022), 457. doi:10.3390/math10030457.

29.

Wang,

Zhi,

Chai and

Lu, Chaos-based image encryption strategy based on random number embedding and dna-level self-adaptive permutation and diffusion, Multimedia Tools and Applications 80(10) (2021), 16087–16122. doi:10.1007/s11042-020-10413-7.

30.

Wu and

Zhou, Fault-tolerant and scalable key management for smart grid, IEEE Transactions on Smart Grid 2(2) (2011), 375–381. doi:10.1109/TSG.2011.2120634.

31.

Xu,

Li,

Li and

Hua, A novel bit-level image encryption algorithm based on chaotic maps, Optics and Lasers in Engineering 78 (2016), 17–25. doi:10.1016/j.optlaseng.2015.09.007.

32.

Zhou,

Bao and

C.P.

Chen, A new 1d chaotic system for image encryption, Signal processing 97 (2014), 172–182. doi:10.1016/j.sigpro.2013.10.034.

33.

Zhou,

Cao and

C.P.

Chen, Image encryption using binary bitplane, Signal Processing 100 (2014), 197–207. doi:10.1016/j.sigpro.2014.01.020.

34.

Z.-L.

Zhu,

Zhang,

K.-W.

Wong and

Yu, A chaos-based symmetric image encryption scheme using a bit-level permutation, Information Sciences 181(6) (2011), 1171–1186. doi:10.1016/j.ins.2010.11.009.

InputPassword		‘plainPassword’
HashedPassword		101010011110101110011011100100111111000110110101000101001110110011 001001001000100001111110110100100000111000111100011001111101111001 100001000011111110010111011111110110110101010111110001100000101000 00111101001010100110100001000100110010110010111001111000
ShufflingIndex		[0, 77, 127, 91, 228, 31, 75, 17, 160, 50, 219, 41, 1, 84, 210, 216, 159, 104, 43, 73, 152, 119, 197, 116, 20,44, 242, 53, 9, 26,174, 110, 58, 79, 176, 10, 201, 244, 161, 182, 112, 105, 141, 193, 153, 82, 27, 148, 100, 47, 145, 63, 37, 18,224, 170, 162, 179,188,218, 231, 181, 194, 54, 103, 184, 122, 109, 106, 254, 62, 2, 243, 67, 19, 154, 92, 131, 172, 151, 86, 255, 156, 38, 238, 36, 64, 21, 163, 93, 68, 207, 35, 57, 150, 230, 204, 158, 89, 187, 203, 185, 32, 94, 39, 6, 241, 225, 140, 80, 251, 177, 78, 129, 101, 250, 65, 34, 83, 205, 98, 248, 175, 113, 164, 69, 114, 168, 59, 222, 235, 202, 149, 49, 137, 209, 29, 126, 189, 74, 22, 190, 143, 227, 111, 229, 128, 236, 13, 232, 239, 214, 95, 215, 87, 142, 14, 130, 45, 186, 40, 198, 60, 117, 245, 4, 55, 56, 76, 144, 46, 42,136, 125, 191, 252, 107, 199, 246, 183, 173, 135, 30, 124, 171, 99, 169, 118, 157, 51, 192, 249, 200, 52, 120, 90, 11, 132, 247, 15,155, 217, 133, 23, 97, 24, 206, 33, 180, 221, 71,134, 166, 3, 48, 121, 211, 66, 146, 195, 208, 72, 70, 7, 165, 25, 196, 139, 12, 8, 226, 253, 240, 123, 85, 147, 138, 234, 96, 233, 115, 81, 167, 178, 28, 223, 102, 16, 212, 237, 220, 61, 213, 108, 88, 5]
Image Matrix before embed hashedPassword)	Row0	’1’101100000011011111110101000110010011001110010011001011011100101 010100100000000001001
		011011011011110100000101010101110011010010110111011010010011110111 11111001000101000101
		100110001010101000100111010101111011001011011000001010000001110111 1000010000011011010
	$\dots$	$\dots$
	Row255	10100’0’1000000111011011010010111010110001000101001111101000010110 011000001101100111011001000100101000110010101111101010100010100101 1111000001011001010111011110001000111111 1100100011101011011011011 1010111110101100100000000011011101111110111111001111011011000
Image Matrix after embed hashedPassword	Row0	110110000001101111111010100011001001100111001001100101101110010101 01001000000000010111
		010010110110110111101000001010101011100110100101110100100111101111 1111001000101000101
		100110001010101000100111010101111011001011011000001010000001110111 1000010000011011010
	$\dots$	$\dots$
	Row255	101000100000011101101101001011101011000100010100111110100001011001 100000110110011101100100010010100011001010111110101010001010010111 110000010110010101110111100010001111111110010001110101101101101110 10111110101100100000000011011101111110111111001111011011000

Secure authentication protocols to resist off-line attacks on authentication data table

Abstract

Keywords

1. Introduction

2. Literature survey

2.1. Backgound

2.3. Motivation and contribution

3. Proposed system design

3.1. Scheme 1-encrypted image password

4.1. NIST (national institute of standards and technology) randomness test

Table 8 Correlation analysis Correlation of encryptedImagePassword S. No. Password Horizontal Vertical Diagonal 1 Password123 0.004422 −0.017514 0.007780 2 Raj@123 0.005954 −0.025438 −0.038372 3 google@1999 −0.007635 0.005434 0.008452 4 s0ftwa6e −0.003732 −0.045612 0.001231

Table 9 Differential analysis Sr. No. Password NPCR UACI 1 Password123 99.5437 33.3851 2 Raj2123 99.6112 33.0264 3 google@1999 99.2284 34.0142 4 s0ftwa6e 99.5921 33.5487

Table 10 Information entropy analysis Sr. No. Password encryptedImagePassword Entropy 1 Password1232 7.9989 2 Raj123 7.9974 3 google@1999 7.9977 4 s0ftware 7.9981

4.8. Analysis and comparison of attack complexity

4.8.1. Notations

4.8.3. Dictionary table attack analysis

4.9. Analysis of known/chosen plain text attack

4.10. Comparative analysis

Table 15 Comparative analysis Parameter ENP EEIP Logic Complex Simple Attack Complexity Less More Key Space Less More ADT Static Dynamic Computation Not in encrypted domain In Encrypted domain Methodology Negative Database Image Encryption

References

Table 8
Correlation analysis

Correlation of encryptedImagePassword

S. No. Password Horizontal Vertical Diagonal

1 Password123 0.004422 −0.017514 0.007780

2 Raj@123 0.005954 −0.025438 −0.038372

3 google@1999 −0.007635 0.005434 0.008452

4 s0ftwa6e −0.003732 −0.045612 0.001231

Table 9
Differential analysis

Sr. No. Password NPCR UACI

1 Password123 99.5437 33.3851

2 Raj2123 99.6112 33.0264

3 google@1999 99.2284 34.0142

4 s0ftwa6e 99.5921 33.5487

Table 10
Information entropy analysis

Sr. No. Password encryptedImagePassword Entropy

1 Password1232 7.9989

2 Raj123 7.9974

3 google@1999 7.9977

4 s0ftware 7.9981

Table 15
Comparative analysis

Parameter ENP EEIP

Logic Complex Simple

Attack Complexity Less More

Key Space Less More

ADT Static Dynamic

Computation Not in encrypted domain In Encrypted domain

Methodology Negative Database Image Encryption