Password Authentication Using Hopfield Neural Networks

Shouhong Wang; Hai WangSystems, Man, and Cybernetics, Part C:

Applications and Reviews, IEEE Transactions on Volume: 38 , Issue: 2

Publication Year: 2008

 Speaker:Hong-Ji Wei

Outline

1. Introduction

2. layered neural network(LNN)

3. Pattern Recall by Hopfield Neural Networks(HNN)

4. New Password Authentication Scheme

5. Experiments

6. Conclusion

1. Introduction

• Computer security has been one of the most important issues in the information technology era.

• Among many computer access control techniques password authentication has been widely used for a long time

• A common password authentication approach is the use of verification tables

1. Introduction

Userk

User(IDk,PWk)

UsernID Password

IDk F(PWk)

Response Result

Hacker(ID f,F(PW f))

Hacker

Verification tables

IDf F(PWf)

2. layered neural network(LNN)

• To avoid this problem, a layered neural network scheme has been proposed for password authentication

IDk

PWk

DBIVkUserk

Weight

Weightk

Weight tables

yk

W1

W2

W3

DBIV = desired binary integer vector(e.g. [0,0,1,1])

Neural

Save

2.1. Advantages of LNN

1) If hacker want to break into the system by modifying the neural network weights an intruder must figure out all existing valid IDs and passwords, and retrain the neural network to accommodate the new forged passwords

2) There would be fewer restrictions on the user’s choice of passwords

3) It is easy for the system to add other features (e.g., permission for accessing a specific server) to the training data set.

4) The log-in process takes an insignificant amount of time to verify the user ID and password.

2.1. Disadvantages of LNN

1) The training time for the layered neural networks is extremely long. When a new user is added to the system or a user password is changed, the layered neural network must be retrained requiring more than 5 min for a small system with 50 users or more than 30 min for a small system with 100 users

2) The output of the layered neural network will rarely be a discrete binary integer. For instance, suppose that the desired binary integer vector is [0, 0, 1, 1]. layered neural network output is often considered to be the desired vector. [0.00005, 0.00003, 0.99998, 0.99999]

3. Pattern Recall by Hopfield Neural Networks(HNN)

1) Relevant Characteristics of HNN

2) Major Issue of Pattern Recall

3) Approach to the Pattern Recall Issue

3. 1. Relevant Characteristics of HNN

1

( 1) ( ) (1 )N

j ij ii

y t H w y t j N

……

.. ……

..

i j

1

2

3

N

yi

yi+1

yi+2

yN

wij

11 1 21 2 31 3 1...i N Ny H w y w y w y w y

1

0

Ds si j

ij s

x s i jw

i j

(1 , )i j k

During the pattern recall phase, yi is set to the unknown inputpattern, and a computation is performed using

• This study examines password authentication through pattern recall

• If the output of this HNN execution is the same as the input, the pattern has been seen before(legal pattern)

• The recall quality is highly dependent upon the infor- mational capacity of the HNN that is referred to as the quantity of patterns that the HNN can store

• HNN can precisely recall every pattern when the informational capacity is large enough

3. 2. Major Issue of Pattern Recall

• To improve the recall performance of an HNN, we must increase its information capacity and make the patterns sparsely

• Suppose that the patterns consist of three binary digits (e.g., [1, 0, 1]),the minimal number of nodes of HNN

needed for recalling these patterns is 3

• For example, if the node is 7, the original 3-bit patterns would be sparsely coded as 7-bit patterns such as [0, 1, 0, 0, 0, 1, 0]

3. 3. Approach to the Pattern Recall Issue

4. New Password Authentication Scheme

The authentication scheme includes three major procedures

1) Registration

2) Log-in authorization

3) Password change

4.1. Registration

4.2. Log-in Authorization

When the user needs or wants to change the password

1) log-in authorization procedure is executed to allow the access to the system

2) the system executes the registration procedure to register the new password

3) system deletes the old password by subtracting the weights of the HNN based on Uk

4.3. Password Change

5. Experiments

There have two simulation experiments were conducted

in experiments section in this paper

1) Computational Time for Registration

2) Performance on Passwords With Similar Character Sequences

• Suppose that a user ID and its encrypted password contain characters of the set [A–Z, a–z, 0–9].

• 6 bits are sufficient for representing one character

• Assume that a user ID and the encrypted password contains four characters

• Accordingly, 48 bits are sufficient to represent 248 (about 200 trillion) pairs of user ID and encrypted passwords

5.1.Computational Time for Registration

An HNN with 95 nodes was constructed for the simulation

and was trained by the 10 million sample points that repre-

sented legal users’ ID and passwords

5.1.Computational Time for Registration

• In real life, passwords are not random. Many passwords have similar character sequences

• In this experiment, 1 million legal users’ ID and passwords and 1 million illegal users’ ID and passwords were generated and every 1000 legal users’ ID and passwords and 1000 illegal users’ ID and passwords had the same 36-bit sequence within the entire 48-bit sequence of the encrypted passwords

5.2. Performance on Passwords With Similar Character Sequences

• The purpose of our experiment was to show the true power of the Reed-Solomon coding algorithm to separate similar

sequences in the sparse space and make them dissimilar en-

ough for inputs to the HNN

• The registration process of each user’s ID and password wa-

s always successful.

• This success indicates that the probability of registration fa-

ilures for the same user is close to zero

5.2. Performance on Passwords With Similar Character Sequences

• This paper shows that an HNN-based authentication scheme can effectively be used for access authentication in the open computing environment

• The authentication scheme incorporating the use of HNN can recall information for a legal user’s ID and password instantly and accurately

• Our experiments have demonstrated the usefulness and robustness of the proposed authentication scheme

6. Conclusion