Design And Analysis of An Enhanced SHA-1 Hash Generation Scheme for Android Mobile Computers

摘要

Mobile security has turn out to be vital in mobile computing. People began preserving their personal and business information on smart phones. Users and businesses utilize smart phones as message tools, and means of scheduling and regulating their labor and private life. Indeed, smart phones contain increasing amount of receptive information to which access must be prohibited. But security is never easy, and security with mobile devices, smart phones is no exception. But we can take a few steps to meaningfully improve our mobile security. Password authentication is most significant protection primitive for mobile computer access and broadly used validation mechanism. Users usually use characters as passwords but text based passwords are hard to keep in mind. Even if they are easy to memorize, they are susceptible to various kinds of attacks and are predictable. To address these authentication problems, graphical passwords have been introduced. The Unlock Pattern[7] is a graphical password scheme widely used for Android to authenticate the user. The SHA-1 unsalted hash value of pattern password is stored in a key file, which if hacked, the user can predict the password using rainbow table attacks, and dictionary attacks. To deal with this problem a new enhancement to SHA-1 algorithm using elliptic curves to store the password in the key file is proposed in this paper. Elliptic curve[1] based security protocols are proved to be excellent for the upcoming technologies like mobile computing as it demands less amount of power and computing resources. Since the proposed scheme generates an intermediate hash, it becomes hard to guess password for the cryptanalyst. As the grid is dynamically generated, this scheme is resistant to SHA-1 dictionary and rainbow table attacks.