Experimental Evaluation of Password Recovery in Encrypted Documents

Radek Hranický, Petr Matoušek, Ondřej Ryšavý, Vladimír Veselý

2016

Abstract

Many document formats and archiving tools (PDF, DOC, ZIP) support encryption to protect the privacy of sensitive contents of the documents. The encryption is based on standard cryptographic algorithms as AES, SHA, and RC4. For forensic purposes, investigators are often challenged to analyze these encrypted documents. The task of password recovery can be solved using exhaustive state space search using dictionaries or password generators augmented with heuristic rules to speed up recovery. In our experimental study, we focus on the password recovery of the common document and archiving formats using parallel computation on conventional hardware with multi-core CPUs or accelerated by GPU processors. We show how recovery time can be estimated based on the alphabet, maximal password length and the performance of a given hardware. Our results are demonstrated on Wrathion, a tool developed by our research team.

References

  1. Adobe Systems Incorporated (2008a). Adobe Supplement to the ISO 32000, BaseVersion: 1.7, ExtensionLevel: 3. Adobe Systems Incorporated.
  2. Adobe Systems Incorporated (2008b). Document management Portable document format Part 1: PDF 1.7. Number 32000-1:2008. International Organization for Standardization, Geneva, Switzerland.
  3. Advanced Micro Devices Inc. (2010). Introduction to OpenCL programming - Training guide. Number 137- 41768-10. Advanced Micro Devices Inc.
  4. Al-Wehaibi, K., Storer, T., and Glisson, W. B. (2011). Augmenting password recovery with online profiling. Digit. Investig, 8:S25-S33.
  5. An, X., Zhao, H., Ding, L., Fan, Z., and Wang, H. (2015). Optimized password recovery for encrypted RAR on GPUs. CoRR.
  6. Apostal, D., Foerster, K., Chatterjee, A., and Desell, T. (2012). Password recovery using MPI and CUDA. In Proc. of HiPS 2012, pages 1-9.
  7. Bergen, H. A. and Caelli, W. J. (1990). File Security in WordPerfect 5.0.
  8. Emam, K. E., Moreau, K., and Jonker, E. (2011). How strong are passwords used to protect personal health information in clinical trials? Journal of Medical Internet Research, 13(1).
  9. Floreˆncio, D. and Herley, C. (2007). A large-scale study of web password habits. In Proc. of the 16th Int. Conference on WWW, pages 657-666.
  10. Floreˆncio, D., Herley, C., and Oorschot, P. C. V. (2014). An Administrator's Guide to Internet Password Research. In Proceedings of the 28th USENIX Conference on Large Installation System Administration, LISA'14, pages 35-52. USENIX Association.
  11. Marks, M. and Niewiadomska-Szynkiewicz, E. (2014). Hybrid cpu/gpu platform for high performance computing. In Proc. of the 28th ECMS, pages 523-537.
  12. Mazurek, M. L., Komanduri, S., Vidas, T., Bauer, L., Christin, N., Cranor, L. F., Kelley, P. G., Shay, R., and Ur, B. (2013). Measuring Password Guessability for an Entire University. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS 7813, pages 173-186. ACM.
  13. NVIDIA Corporation (2012). NVIDIA CUDA C Programming Guide. NVIDIA Corporation.
  14. Thing, V. L. and Ying, H.-M. (2003). Making a faster cryptanalytic time-memory trade-off. Advances in Cryptology, pages 617-630.
  15. Weir, M., Aggarwal, S., de Medeiros, B., and Glodek, B. (2009). Password Cracking Using Probabilistic Context-Free Grammars. In Security and Privacy, 2009 30th IEEE Symposium on, pages 391-405.
  16. Wu, H. (2005). The misuse of rc4 in microsoft word and excel.
  17. Yampolskiy, R. (2006). Analyzing user password selection behavior for reduction of password space. In Carnahan Conferences Security Technology, Proceedings 2006 40th Annual IEEE International, pages 109- 115.
Download


Paper Citation


in Harvard Style

Hranický R., Matoušek P., Ryšavý O. and Veselý V. (2016). Experimental Evaluation of Password Recovery in Encrypted Documents . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 299-306. DOI: 10.5220/0005685802990306


in Bibtex Style

@conference{icissp16,
author={Radek Hranický and Petr Matoušek and Ondřej Ryšavý and Vladimír Veselý},
title={Experimental Evaluation of Password Recovery in Encrypted Documents},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={299-306},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005685802990306},
isbn={978-989-758-167-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Experimental Evaluation of Password Recovery in Encrypted Documents
SN - 978-989-758-167-0
AU - Hranický R.
AU - Matoušek P.
AU - Ryšavý O.
AU - Veselý V.
PY - 2016
SP - 299
EP - 306
DO - 10.5220/0005685802990306