Reinforcing cybersecurity with Bloom filters: a novel approach to password cracking efficiency

  1. Tasic, I. 1
  2. Villafranca, A. 2
  3. Cano, Maria-Dolores 2
  1. 1 Universidad Católica San Antonio
    info

    Universidad Católica San Antonio

    Murcia, España

    ROR https://ror.org/05b1rsv17

  2. 2 Universidad Politécnica de Cartagena
    info

    Universidad Politécnica de Cartagena

    Cartagena, España

    ROR https://ror.org/02k5kx966

Revue:
EURASIP Journal on Information Security

ISSN: 2510-523X

Année de publication: 2024

Volumen: 2024

Type: Article

DOI: 10.1186/S13635-024-00183-2 GOOGLE SCHOLAR lock_openAccès ouvert editor

D'autres publications dans: EURASIP Journal on Information Security

Résumé

Safeguarding digital information against unauthorized access is critical in the industry context. Techniques for cracking passwords are essential tools for both attackers and defenders. This study explores the utilization of Bloom filters, a probabilistic data structure known for its space and time efficiency, to refine the password-cracking process. We demonstrate that by employing Bloom filters, it is possible to significantly enhance the performance of password-cracking techniques in terms of speed and memory consumption. By conducting a comparative analysis with prevalent techniques such as hash tables and binary search, we demonstrate the superior performance of Bloom filters. The experimentation, utilizing a publicly available dataset of leaked password hashes, indicates a significant improvement in cracking efficiency. The findings contribute to the broader cybersecurity goal of developing resilient systems against password-related breaches, underscoring the importance of integrating cutting-edge research and practical applications to fortify digital defenses.

Références bibliographiques

  • Abraham C, Chatterjee D, & Sims, R. R. (2019). Muddling through cybersecurity: insights from the U.S. healthcare industry. Business Horizons, 62(4), 539–548. https://doi.org/10.1016/j.bushor.2019.03.010
  • Ackley, D., & Yang, H. (2020). Exploration of smart grid device cybersecurity vulnerability using Shodan. In In Proc. IEEE Power & Energy Society General Meeting (PESGM) (pp. 1–5). Montreal, QC, Canada. https://doi.org/10.1109/PESGM41954.2020.9281544
  • Advanced Password Recovery. (2022). Hashcat. Retrieved February 9, 2022, from https://hashcat.net/hashcat/
  • B.H. Bloom, Space/time trade-offs in hash coding with al lowable errors. Commun. ACM 13(7), 422–426 (1970). https://doi.org/10.1145/362686.362692
  • P.E. Boudreau, W.C. Bergman, D.R. Irvin, Performance of a cyclic redundancy check and its interaction with a data scrambler. IBM J. Res. Dev. 38(6), 651–658 (1994). https://doi.org/10.1147/rd.386.0651
  • F.P. Cao, J. Almeida, A.Z. Broder, Summary cache: a scalable wide-area Web cache sharing protocol. IEEE/ACM Trans. Networking 8(3), 281–293 (2000). https://doi.org/10.1109/90.851975
  • Center for Strategic & International Studies. (2024). Significant cyber incidents. Retrieved January 29, 2024, from https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents
  • Das, S., & Namasudra, S. (2022). A lightweight and anonymous mutual authentication scheme for medical big data in distributed smart healthcare systems. IEEE/ACM Transactions on Computational Biology and Bioinformatics, 1–12. https://doi.org/10.1109/TCBB.2022.3230053
  • Florin, I. L., & Bălan, T. (2020). Vulnerability remediation in ICS infrastructure based on source code analysis. In In Proc. 19th RoEduNet Conference: Networking in Education and Research (RoEduNet) (pp. 1–6). Bucharest, Romania. https://doi.org/10.1109/RoEduNet51892.2020.9324845
  • Fowler, G., Noll, L. C., Vo, K.-P., Eastlake, D., & Hansen, T. (2019). The FNV non-cryptographic hash algorithm. https://datatracker.ietf.org/doc/draft-eastlake-fnv/
  • H. George, A. Arnett, Implementing cybersecurity best practices for electrical infrastructure in a refinery: a case study. IEEE Ind. Appl. Mag. 27(4), 18–24 (2021). https://doi.org/10.1109/MIAS.2021.3063095
  • E.P. Kechagias, G. Chatzistelios, G.A. Papadopoulos, P. Apostolou, Digital transformation of the maritime industry: a cybersecurity systemic approach. Int. J. Crit. Infrastruct. Prot. 37(100526), 1–14 (2022). https://doi.org/10.1016/j.ijcip.2022.100526
  • Z. Li, Z. Yang, P. Szalachowski, J. Zhou, Building low-interactivity multifactor authenticated key exchange for industrial internet of things. IEEE Internet Things J. 8(2), 844–859 (2021). https://doi.org/10.1109/JIOT.2020.3008773
  • H. Lim, J. Lee, C. Yim, Complement Bloom filter for identifying true positiveness of a Bloom Filter. IEEE Commun. Lett. 19(11), 1905–1908 (2017). https://doi.org/10.1109/LCOMM.2015.2478462
  • National Institute of Standards and Technology (NIST). (n.d.). Software bill of materials (SBOM). Retrieved January 29, 2024, from https://www.cisa.gov/sbom
  • Open Wall. (2022). John the Ripper. Retrieved February 9, 2022, from https://www.openwall.com/john/
  • Open Wall. (2023). Password security: past, present, future. https://www.openwall.com/presentations/Passwords12-The-Future-Of-Hashing/
  • pyBloom-live Library. (2024). Retrieved from https://pypi.org/project/pybloom-live
  • Reviriego, P., Martínez, J., Larrabeiti, D., & Pontarelli, S. (2020). Cuckoo filters and bloom filters: comparison and application to packet classification. IEEE Transactions on Network and Service Management, 17(4). https://doi.org/10.1109/TNSM.2020.3024680
  • Song, H., Dharmapurikar, S., Turner, J., & Lockwood, J. (2005). Fast hash table lookup using extended bloom filter: An aid to network processing. In In Proc. Applications, technologies, architectures, and protocols for computer communications (pp. 181–192). Philadelphia, PA. https://doi.org/10.1145/1080091.1080114
  • C.-W. Ten, C.-C. Liu, G. Manimaran, Vulnerability assessment of cybersecurity for SCADA systems. IEEE Trans. Power Syst. 23(4), 1836–1846 (2008). https://doi.org/10.1109/TPWRS.2008.2002298
  • C.-W. Ten, G. Manimaran, C.-C. Liu, Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans. Syst. Man Cybern. 40(4), 853–865 (2010). https://doi.org/10.1109/TSMCA.2010.2048028
  • The Economist. (2021). To stop the ransomware pandemic, start with the basics. Retrieved February 17, 2022, from https://www.economist.com/leaders/2021/06/19/to-stop-the-ransomware-pandemic-start-with-the-basics
  • Verizon. (2021). Verizon 2021 Data Breach Investigations Report. Retrieved from http://verizon.com/dbir/
  • VMWare, Kroll, & RedCanary. (2022). The state of incident response 2021: It’s time for a confidence boost. https://www.kroll.com/en/insights/publications/cyber/state-of-incident-response
  • World Economic Forum, & Long-term center for cybersecurity UC Berkeley. (2023). Cybersecurity Futures 2030 New Foundations. https://www.weforum.org/publications/cybersecurity-futures-2030-new-foundations/
  • Wu, Y., He, J., Yan, S., Wu, J., Yang, T., Ruas, O., … Cui, B. (2021). Elastic Bloom filter: deletable and expandable filter using elastic fingerprints. IEEE Transactions on Computers, PP. https://doi.org/10.1109/TC.2021.3067713