| Unconditional security and computational security are two crucial types for security evaluation of cryptographic strategies. Unconditional security using infinite computing power lacks of practicability, By contrast, computational security, widely adopted in modern cryptography, relies on the adversaries’ limited computational capabilities. Nowadays, password-based key derivation function as a kind of authentication scheme is widely applied in MacOS, Android, Windows domain, etc. In this paper, judged by computational and provable metrics, the security of PBKDF2algorithm and its implementation in Windows domain authentication scheme are evaluated. The main contributions of this thesis:(1) Based on the computational security theory, two security models were introduced, namely, Chosen Single Parameter (CSP) and Chosen Multiple Parameters (CMP). In CSP model, the security of PBKDF2was proved in the random oracle using Game-Playing technic to quantify the upper bound of adversary’s advantage which indicates that the security of PBKDF2depends on adversary’s computational capabilities and the scale of passwords space. In CMP model, a security flaw was detected, for improvement, several pieces of advice were proposed in this thesis.(2) With the analysis above, the best approach to break the scheme was through exhaustive key search of password space. With the realization in Windows domain authentication scheme, adversary’s advantage of PBKDF2is negligible when the password space is large enough. The parallel computational performance of GPU was used to replace adversary’s computational capabilities in practice, the security of password-based authentication scheme in windows domain was studied by a series of exhaustive passwords recovery tests. |
PDF Full Text Request