SECURITY ANALYSIS OF VARIOUS HASH ALGORITHMS FOR AUTHENTICATION UNDER HARDWARE CONSTRAINED ENVIRONMENT

Protecting passwords is now a big challenge because users want to do all types of work online via user-friendly devices such as mobile, tablets etc. Now, It is difficult to implement the secure heavy weight algorithms such as AES, RSA etc. in hardware constrained devices. It has been observed that users want all types of security services in an online public environment. Authentication is the first and foremost step to enhance security. Various applications are available for real time authentications such as keyless car entry and opening home-doors through security algorithms under remote keyless entry System (RKES). Now, it is the demand of the time to implement the lightweight security algorithms without compromising the security. In order to fulfill this challenge, this paper proposed a strong model for enhancing authentication security. In this work, strong authentication techniques are implemented with the light weight algorithms. This model received good comparison results.


INTRODUCTION
Today's era is an information era; everything is being done today by exchange of information. We can say that the present time is a digital millennia [1], [2]. This moving and storing information is classified into two categories, one is structured data and the other is unstructured data. Structured data are following the nomenclature of RDBMS (Relational Database Management Systems) while unstructured data are those, which don't follow the RDBMS rules. In the 21st century, data is called oil because after data mining we can find some important outcomes, results and behaviors [17].
Information is available from anywhere and everywhere and hence we call today's digital era ubiquitous. In this scenario, managing real time authentication is a challenging task. All the communicating nodes are open for the information. So, building a secure real-time authentication model is a challenging task [18].
Small size devices are handy to use and look attractive for easy working but these devices are very prone to security. These small devices have less hardware capability as compared desktops and hence, these small devices are not compatible with much secure symmetric keys algorithms such as DES (Data Encryption Standards) and AES (Advanced Encryption Standards). Hence, due to mismatching of hardware capability with heavy weight security algorithms creates few new problems such as latency and hanging. These problems must be focused and trade-off [19].
It has been observed several times that if we do not put any security on the data and it moves towards the public domain there may be a possibility of capturing the data by hackers, who may already keep an eye on the data and if the information is important then it may be possible that they can copy for future purpose [20]. For example, suppose one customer conducts an online transaction. He entered all his important information on a website such as his credit card/ debit card number with a pin, then it may be possible that some hackers hack that data and steal all the important above information of the respective user, this may cause a lot of financial damage to the users and it will create panic among users [21].
For solving these problems without compromising the users security, Security developers may implement the secure authentication technique. In this way legitimate users can send and receive the information [10].
The Complete Security System requires a standard for which we all know that X.800 is a security service for standardizing the security system and it is defined in RFC 2828 [22]. As per this RFC following are the points to follow for enhancing the security systems: • Authentication service is that security service on which we come to know that it is the same verified claiming communication unit. It is the responsibility to find out the authorized communicating unit. Login and password/OTP matching are some techniques to verify the correct communicating party. • Access Control: Secure a resource in such a way that no unauthorized use can be made on it. By this, we can control the user's service as per permission. • Data confidentiality: Provide protection of information from unauthorized person • Data integrity: It gives guarantee that information which is received is exactly the same as per authorized sender sent. This service assures that nobody can do modification, insertion, deletion, or replay etc. • Non-repudiation: -Gives protection against denial by any-one of the communicating parties involved in a communication of having participated in all or some part of the communication. • These above X.800 security services are very important to judge the security of any system [22].
Information hackers are targeting the users for getting important information from impersonates and this trend is increasing rapidly [16]. They do so by re-programming the interfaces of the communicating channels [11], [12], [13]. Thus, some of the major secure techniques are not able to provide secure systems to the users. It has been proven that any communication system can be exposed to a Scan Attack, Playback Attack, Two-Thief Attack, Challenge Forward Prediction Attack and a Dictionary Attack. Also communicating devices are used fixed algorithms of the security in the transmission process between to and fro which make this vulnerable to replay attack. So in this paper we used a LFSR with a random key sequence which will provide additional safety to these types of attacks [7].
Although there are many techniques like rolling code, fixed code and response challenges for authentication, rolling code authentication is one of the widely used techniques all over the world [11]. But the important factor to understand is that various criminal organizations are there which can build sophisticated techniques for attacking the purpose of these types of systems which are not having tight security [13], [14], [15]. Our proposed work provides security to many of these attacks and in case a user can forget or stolen or lost his password then our model enables a user to change the security code by using one time password(OTP) [13].
Here in this paper, MAC and Hash are two important concepts for implementing the real time security.MAC will be generated with help of a secret key as input and a specified length based message to be authenticated and outputs a MAC (Tag). This specified generated MAC value protects both a message's data integrity and its authenticity, by allowing verifiers to detect any changes to the original message content. To provide privacy, integrity and authenticity to data in any communicating environment, HMAC will be implemented for generating a cipher text which can be sent safely without being worried about the loss of the data. Claude Shannon introduced two very important security concepts called Confusion and Diffusion. These two techniques enhanced security and thwart cryptanalysis based on statistical analysis. Here with the help of LFSR (Linear feedback shift register) and padding proposed algorithm enhancing the security with the help of confusion and diffusion [22].

Encryption of Linear Feedback System Register (LFSR) is as follows:
Linear feedback shift register is a shift register whose input is a linear function of its previous state. Apply linear feedback polynomials using XOR gates and generates output bits per iteration. Right shift the content of the shift register. Insertion of output bit at most significant bit position  The article entitled "Automotive remote technology" by Remotes Unlimited, 2019 talks about the remote key fobs for vehicles that use several important technologies to accomplish what they do. Automotive Remotes are both computing devices and radio signal transmitters. And they utilize important encryption concepts to protect your security etc.

PROBLEM DESCRIPTION
Traditionally single signal coded remote operated on simple radio frequencies are used for automobiles etc. Here, by pressing the remote button from a little distance (within about 50m) from the vehicle will send a radio frequency signal to the console inside the vehicle. If it matches with the code present in the console then the door will open otherwise not. Then comes the burglary part, the specially designed electronic circuits by burglars will help them in catching the signal code which was obtained by pressing the remote button. Later on they can use the code for creating a duplicate remote. Thus a duplicate remote is ready with burglars for accessing vehicles.
This improvised version consists of several security codes present in both remote and console of vehicle. These codes used here are randomly chosen both in vehicle and remote units. Since, every time a new code will work so the signal caught and duplicate remote creation will be a failure for burglars. However, since the limited numbers of codes are used, the burglar can catch all those and will use them in its remote. So, the present work proposes something different i.e. encrypted system with random sequences of keys for keyless access.

METHODOLOGY
Followings are the steps for achieving the above secure objectives:- Step 1:-In the first step, Communicating Party (A) wants to be challenged by Communicating Party (B). Both the Party (A) and (B) already had stored passwords and also this password can be updated via web application using a one time password methodology. The communication can be done as shown below: Step 2: -In the second step, Party (B) will share n (random number) and timestamp (T) by applying LFSR with Party (A).

Figure 5: Sharing of n and Time-stamp (T) with LFSR
Step 3: -In Third step, Party (A) will calculate the hash value of the given password by (n-1) times. Therefore mathematically, it would be written as hn-1(P0), where h is called hash and P0 is the password. After calculation of hn-1 (P0), it will send it to party (B) for finding the value of hn (P0) for making a challenge with a unique time-stamp (T) with LFSR. Step 4:-In Fourth step, Party (B) will be calculated the hash value of hn-1(P0) again, which will be written as hn(P0) . The party (B) already has one copy of hn (P0) and the other hn (P0) will be calculated from the hn-1(P0), which will receive hash value from Party (A). Hence, if receiving one is valid then both should have the same value. If these two values match then the lock of the car will open otherwise not. In the above shown algorithm, users can easily update password time to time via online or mobile app with onetime password. When the console of receiver party(B) receives a message or signal from sender machines such as remotes etc. then it applies a hash function to the received signal further it matches it to the value which is already stored in its memory. If it faces a match in the two then it will grant access otherwise it will deny it.
Now the system will decrement the value of 'n' which it receives from entry and old password hn(P0) is replaced by new value hn-1 (P0).
So, for the second time when the user tries to access the system, the value of the counter becomes n-1 and it also receives the same, hereby making the third message as hn-2(P0) + Time-Stamp(T) with LFSR from the user side. The concerned part of this technology i.e. it's security is that here users can change all the values such as random (n) and password on its own via web application which they can get access from the developer. This project has been implemented in Python 3.6 and Spyder IDE 3.3.0.

RESULTS AND DISCUSSION
Now let's work on the important part of choosing a hash algorithm which will give results faster. Some measurements have been made and the average is calculated. Also, a few cases of strings are taken like some large strings and some small, and a graph is plotted in order of milliseconds that each algorithm will take for generating hash. All these calculations are done on a system of 64 Bits Windows 10 having RAM of 16GB with 1 core Intel i7 2.60 Ghz.
Case 1: To encode 36 characters length data and without any other wastage of time. Cached UUID is taken and time stamp is not taken, some calculations are been made in milliseconds     • While only small strings hashing, SHA-256 is observed to be faster than SHA-512 with 31%. If hashing is done on longer strings SHA-512 is faster than SHA-256 with about 2.9%. • For short strings SHA-1 is faster than MD5 with 7.6% and for longer strings it is faster with 1.3%.
• For short strings SHA-1 is faster than SHA-256 with 15.5% and for longer strings it is faster with 23.4%.

CONCLUSION
After analyzing the above model results obtained were such that if hashing is done properly at both ends and with proper authentication done, then the sender can access the resource of the receivers such as if there is a remote of a car pressed then after successful authentication car doors will get unlocked otherwise not. Also while doing some research on various algorithms like SHA-256, SHA-512, SHA-1 and MD5 on the basis of time, the observations show that it is good to select SHA-256 for this algorithm in order to complete the task in minimum time without any compromising the security.

FUTURE SCOPE
Although, Authentication is the gateway of security, if Authentication is secure then it is hard to crack it and difficult to enter into the system. But there are more important factors such as non-repudiation, availability and access control to explore. This Model can be applied to IoT based automation such as garage doors authentication, shops doors authentication etc.

SOURCES OF FUNDING
None.