Abstract
Password-Based Key-Derivation Function 2 (PBKDF2) is commonly employed to derive secure keys from a password in real life such as file encryption and implementation of authentication systems. Nevertheless, owing to the limited entropy of the password, the security of the generated keys is lower than that of the normally generated keys. To address this, issue increase the number of iterative operations during the PBKDF2 may increase. However, the higher the number of iterative operations, the more time it takes to generate the key. This paper presents various techniques for optimizing the performance of PBKDF2. The main idea of our proposed methods is to reduce redundant block operations and to optimize Pseudo Random Function (PRF) itself by combining operations and making full use of fixed values within PBKDF2. As the underlying hash function in PRF, we utilize two algorithms: Hash-based Message Authentication Code-Secure Hash Algorithm 256 (HMAC-SHA256) and HMAC-Lightweight Secure Hash 256 (HMAC-LSH256) (SHA256 is the most widely used hash function and LSH256 was recently developed hash function in South Korea). With the proposed techniques, the proposed implementation of PBKDF2-HMAC-SHA256 provides a performance enhancement of about 135.27% over the reference implementation provided by Korea Internet & Security Agency (KISA) and about 80.21% over OpenSSL. Concerning PBKDF2-HMAC-LSH256, the proposed implementation provides a huge performance enhancement of about 330.48% over the reference implementation provided by KISA. With the proposed implementation, more iteration operations can be possible for higher security. Furthermore, we can use the proposed techniques to optimize PBKDF2 performance on embedded MCUs.
This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. 2019R1F1A1058494).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Kim, D.-C., Hong, D., Lee, J.-K., Kim, W.-H., Kwon, D.: LSH: a new fast secure hash function family. In: Lee, J., Kim, J. (eds.) ICISC 2014. LNCS, vol. 8949, pp. 286–313. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15943-0_18
RFC2898.: PKCS #5 : Password-Based Cryptography Specification Version 2.0. https://dl.acm.org/doi/book/10.17487/RFC2898
RFC8018.: PKCS #5 : Password-Based Cryptography Specification Version 2.1. http://www.rfc-editor.org/info/rfc8018
Visconti, A., Gorla, F.: Exploiting an HMAC-SHA-1 optimization to speed up PBKDF2. In: IEEE Transactions on Dependable and Secure Computing (Early Access). https://ieeexplore.ieee.org/document/8514806
Iuorio, A.F., Visconti, A.: Understanding optimizations and measuring performances of PBKDF2. In: Woungang, I., Dhurandher, S.K. (eds.) WIDECOM 2018. LNDECT, vol. 27, pp. 101–114. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-11437-4_8
Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 570–596. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_19
FIPS PUB 180–4.: Secure Hash Standard (SHS). https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
NIST: Special Publication 800–132, Recommendation for Password-Based Key Derivation Part 1: Storage Applications. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf
NIST: Research Results on SHA-1 Collisions. https://csrc.nist.gov/News/2017/Research-Results-on-SHA-1-Collisions
Steube, J.: Optimising computation of hash-algorithms as an attacker. https://hashcat.net/events/p13/js-ocohaaaa.pdf
Korea Internet & Security Agency (KISA): KISA-SHA256 Open Source Code. https://seed.kisa.or.kr/kisa/Board/21/detailView.do
Korea Internet & Security Agency (KISA): KISA-LSH256 Open Source Code. https://seed.kisa.or.kr/kisa/Board/22/detailView.do
OpenSSL: OpenSSL 1.1.1d version. https://www.openssl.org/source/old/1.1.1/openssl-1.1.1d.tar.gz
The List of Approved Cryptographic Algorithm List. https://www.nis.go.kr:4016/AF/1_7_3_2.do
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Choi, H., Seo, S.C. (2020). Optimization of PBKDF2-HMAC-SHA256 and PBKDF2-HMAC-LSH256 in CPU Environments. In: You, I. (eds) Information Security Applications. WISA 2020. Lecture Notes in Computer Science(), vol 12583. Springer, Cham. https://doi.org/10.1007/978-3-030-65299-9_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-65299-9_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65298-2
Online ISBN: 978-3-030-65299-9
eBook Packages: Computer ScienceComputer Science (R0)