Information Sciences 539 (2020) 157–176

Contents lists available at ScienceDirect

Information Sciences
journal homepage: www.elsevier.com/locate/ins

PassDB: A password database with strict privacy protocol using

3D Bloom filter
Ripon Patgiri ⇑, Sabuzima Nayak, Samir Kumar Borgohain
National Institute of Technology Silchar, Cachar 788010, Assam, India

a r t i c l e i n f o a b s t r a c t

Article history: A Bloom filter is a probabilistic data structure for approximate membership filtering. It is
Received 18 November 2019 applied in diverse Network systems to enhance a system’s performance and reduce the
Received in revised form 29 April 2020 memory consumption, for instance, Named-Data Networking, Software-Defined
Accepted 30 May 2020
Networks, and Wireless Sensor Networking. Bloom filter consumes a tiny amount of
Available online 9 June 2020
RAM space to store information of large sets of data. On the contrary, the Bloom filter is
unexplored in the password database. In this article, we present a novel password manage-
Keywords:
ment system using the 3-Dimensional Bloom filter (3DBF), called PassDB which features a)
Password database
Security
low space consumption, b) irrecoverable, c) irreversible, and d) high security and strict pri-
Privacy vacy. PassDB uses twelve 3DBFs to avoid false positives. In addition, we present extremely
Bloom filter high accuracy Bloom filter and the accuracy is 99.99% with false positives of 0.000001882.
3-Dimensional Bloom filter Moreover, PassDB gives utmost importance to the privacy of a user. Why should anyone be
Membership filter allowed to see the password (e.g., encrypted or raw password) with raw user information?
Multidimensional Bloom filter This research question poses a new challenge towards the privacy of a user. This practice
Hierarchical Bloom filter exploits the privacy of the users in identity management system. Therefore, PassDB
Network security
imposes strict privacy for password database, i.e., no one is able to map password with a
Encryption
user ID.
Decryption
Ó 2020 Elsevier Inc. All rights reserved.

1. Introduction

A Bloom filter is a data structure for approximate query with some error tolerance [1]. It is very simple yet powerful data
structure. Bloom filter is used to boost up the performance of a system. Also, a Bloom filter is used to reduce the memory
space consumption. Therefore, the Bloom filter is deployed in various domains, for example, Network Security [2–8], other
network applications [9–14], Biometrics [15–19], Name Lookup [20], Network traffic [21] and many more. Furthermore,
there are diverse fast computing techniques that are proposed to enhance performance [22,23]. A Bloom filter is an approx-
imation membership filter which is not suitable for password management. Because, password management system is
unable to tolerate any false positives or false negatives. Thus, the Bloom filter is still unexplored in a password management
system. It is understood that Bloom filter is inapplicable in password database [24]. A false positive can authenticate unin-
tended users. A user is unable to create a new password due to a false positive even if the password does not actually exist in
the password database. A user is permitted to create a new password if and only if the Bloom filter permits. Let, S be a set
and B be a Bloom filter. If password P, and P 2 S, but Bloom filter returns P R B, then password P is inserted twice. On the

⇑ Corresponding author.
E-mail addresses: [email protected] (R. Patgiri), [email protected] (S. Nayak), [email protected] (S.K. Borgohain).

https://doi.org/10.1016/j.ins.2020.05.135
0020-0255/Ó 2020 Elsevier Inc. All rights reserved.
158 R. Patgiri et al. / Information Sciences 539 (2020) 157–176

contrary, a user is authenticated if and only if the Bloom filters return true. A user enters a password for authentication, say,
Q. The user is authenticated if Q 2 B. If Q 2 B and Q R S, then an unauthenticated user is allowed to access due to a false
positive. This phenomenon is a serious issue in implementing password database using Bloom filter. In addition, if Q R B
and Q 2 S, then a user is interrupted in authentication. Thus, the Bloom filter is avoided for construction of password data-
base. Password database requires a high accuracy Bloom filter. Instead, we implement a highly accurate password database
using Bloom filter. We are able to remove the false positives in PassDB.
Password is crucial and sensitive information of the users. Most of the password databases store user IDs and Passwords.
Therefore, the privacy is exploited. For instance, Lightweight Directory Access Protocol (LDAP). LDAP stores user information
and password. The passwords are stored in encrypted code. LDAP administrator knows the user name and its password
(whatever the form of the password). Interestingly, LDAP administrator can easily identify the users and also able to map
user and password (encrypted form). This is a clear violation of privacy. Therefore, the secrecy, i.e., password has no security
and privacy. The passwords and user identities should be kept secret, even from the administrator. The secret information
should not be mapped to any other users. Why should anyone see encrypted or raw password of others? This question poses
new challenges to security and privacy of users.
Bloom filter is used to reduce HDD accesses in BigTable [25,26]. A similar approach can be implemented in the password
database. Moreover, Bloom filters can easily prevent DDoS [8]. Furthermore, the Bloom filter enhances the secrecy, security
and privacy mechanism. Bloom filters are used in diverse research fields to implement privacy mechanism [19,27,28]. There-
fore, in this article, we present a novel password database system to implement strict privacy protocol using HFil [29], called
PassDB (Password Database) which is an extended work from PassDB [30]. HFil implements rDBF [38]. Our proposed system
is twofold, namely, HFil and PassDB. HFil is a high accuracy Bloom filter. PassDB implements HFil to achieve higher accuracy
in password management system. This article combines the works of HFil [29] to justify why the PassDB chooses Twelve (12)
3DBFs. HFil analyze different variants of -itself and also present the false positive analysis, for instance, Four Level High Accu-
racy Bloom filter (4L HFil). Moreover, many variants of HFil are also presented, namely, 6L HFil, 8L HFil, 10L HFil, 12L HFil,
14L HFil, 16L HFil and nL HFil. The 4L HFil has faster lookup and lower memory consumption than 16L HFil, but higher false
positive probability. Conversely, 16L HFil provides low false positive rate than 4L HFil, but slower in Lookup and also, the
memory consumption is higher than 4L HFil. Therefore, PassDB opts 12L HFil for implementing Bloom filter. Also, the exper-
imental results show that 12L HFil fits in PassDB. PassDB inherits the property of HFil to implement password management
system. Moreover, PassDB restricts the unintended users at earliest using HFil. An unintended user cannot access the actual
password storage system due to Bloom filter. Besides, PassDB is extremely secured password management system. Our key
contribution is- a) a password database using 3DBF, b) achieved negligible false positive probability which is 0.000001882, c)
achieved a high accuracy Bloom filter which is 99:99%  100%, d) presents irrecoverable, and irreversible password data-
base, e) extremely secured password management system, and f) implemented consistency of Bloom filter without sacri-
ficing system performance. Bloom filter is deployed to enhance lookup performance of the PassDB. Also, the dictionary
based attacker cannot attack PassDB. To the best of our knowledge, PassDB is a first of its kind which deploys Bloom filter
in password management system.

1.1. Organization

This paper is organized as follows- Section 2 provides literature survey. Section 3 presents preliminaries. Section 4 pre-
sent the proposed algorithm. The proposed algorithm is also elaborated using mathematical expressions. Section 5 presents
the experimentation and its results. Section 6 analyzes the proposed algorithm. Section 7 analyzes the detail security mea-
sures to be taken in PassDB. Section 9 introduces a strict privacy mechanism. Section 10 discusses about HFil and PassDB.
Finally, this article is concluded in Section 11.

2. Literature survey

Bloom filter has the false positive issue which discourages the researcher to explore Bloom filter in designing a password
database. Hence, this section describes the implementation of Bloom filter in the areas in the close proximity of password.
Dong and Kiefer [31] proposed a password registration protocol. This protocol is used by the server to verify whether pass-
word given by the client follows the password policy without directly viewing the client password. The server uses OBI [32],
a protocol present between the client and server. OBI is used by the server to exchange a set of secret shares based on client
password to the client without directly knowing the client password. OBI implements Bloom filters, a conventional and a
garbled Bloom filter. Currently, the Biometric password systems are also exploring Bloom filter. Many techniques are pro-
posed for biometric template protection using Bloom filter. Sadhya and Singh [33] proposed a framework based on a mod-
ified Bloom filter to give every desirable security to biometric template. Initially, the Bloom filter is decoded, then matched
during the authentication phase. This helps to maintain the performance rate of Bloom filters. Similarly, Rathgeb and Busch
[34] proposed an application of adaptive Bloom filter-based transformation to mix binary iris biometric templates at the fea-
ture level. Bloom filter is used to have an alignment-free representation of the iris-codes. Derler et al. [35] implements 0-
round trip time to exchange a secret key using Bloom filter.
 R. Patgiri et al. / Information Sciences 539 (2020) 157–176 159

3. Preliminary

3.1. r-Dimensional Bloom filter

r-Dimensional Bloom filter (rDBF) is a pure multidimensional Bloom filter which has higher accuracy, lower false positive
rate, no false negative issue and faster query performance [36]. rDBF is independent from the number of hash functions, say
h. Also, rDBF requires a bit to store information of an input item while drastically increases the performance of rDBF. Memory
consumption of the most of the contemporary Bloom filter depends on the size of an input item. But, rDBF is independent
from the input item size. rDBF uses a murmur hashing technique for its operations. rDBF has proposed four variants of mul-
tidimensional Bloom filters, namely, 2DBF, 3DBF, 4DBF and 5DBF. The dimensions of rDBF are prime numbers. It reduces col-
lision and distributes the hashed value evenly in empty slots. An increase in the dimension of rDBF increases memory
consumption, however, decreases the false positive probability. Moreover, the increase in dimension of a rDBF increases
the number of modulus operations while reduces performance compared to previous variants. The time complexity of all
operations of all variants (i.e. insert, query and delete) is Oð1Þ. Each input item is mapped to a single bit location, hence, rDBF
accommodates a huge number of input items. rDBF performs bitwise operations, which increase performance. But collision
is not completely eliminated. In addition, the false positive probability is low but it is not 0.

3.2. 3D Bloom filter

Let us assume, Bx;y;z be the 3 dimensional array to implement the Bloom filter which is initialized by zero. The x; y and z
be the dimensions of the filter. The necessary condition for x; y and z are prime numbers. It requires i; j; k, and q to set a bit
in Bx;y;z , where q is the bit position of a particular cell Bi;j;k . The cell size of Bi;j;k depends on the memory occupied by the filter
for each cell, termed as b, for example, 64-bits. Let, v be an item to insert into 3DBF. Instead of placing v in various locations,
3DBF performs four modulus operations and places it in a single bit position. The operations are- i ¼ v %x; j ¼ v %y; k ¼ v %z,
and q ¼ v %b, where % is a modulus operator, $v and b is the number of bits per cell of the Bloom array. Here, $H$ is mur-
mur hash function. Thus, the item v is inserted into the 3DBF using Eq. (1). The existence of the item v is tested using Eq. (2).
Therefore, an item requires a single bit in 3DBF.
Bi;j;k Bi;j;k OR ð1  qÞ ð1Þ

where OR is a bitwise operator. Similarly, Eq. (2) is invoked to test whether a particular bit is set or not.
Flag ðBi;j;k AND ð1  qÞÞ  q ð2Þ

where AND is a bitwise operator. If Flag and Bi;j;k are zero, then the particular bit is set to zero, otherwise one. The Eqs. (1) and
(2) is used to set and test a bit respectively.

4. The proposed system

In this article, we present our proposed system in twofold. Firstly, we present a novel technique, called HFil (High accu-
racy Filter) [29], a multilevel Bloom filter by deploying multidimensional Bloom filter. Secondly, we present another novel
technique to build a password database, called PassDB [30], which deploys HFil [29] to implement a high accuracy password
management system.

4.1. HFil

HFil deploys 3DBF to reduce false positives and achieve high accuracy. HFil uses several 3D Bloom filters (3DBFs) to
achieve high accuracy and low false positive probability. HFil derives nL HFil where n ¼ 1; 2; 3; 4; . . . and L is level. In our
experiment, we show the performance, accuracy, and false positives of 4L HFil, 6L HFil, 8L HFil, 12L HFil, 14L HFil, and
16L HFil. The 4L HFil outperforms all other variants of HFil in terms of performance. On the contrary, 16L HFil has higher
accuracy than its lower level HFil. Moreover, 16L HFil has the highest accuracy of 99.99% while the 4L HFil has the lowest
accuracy of 98.77%. The asymptotic behavior of the 4L HFil, 6L HFil, 8L HFil, 10L HFil, 12L HFil, 14L HFil and 16L HFil have
same which is Oð1Þ for insert and lookup operations.
HFil extends 3DBF for high accuracy by deploying several 3D Bloom filters. There are nL HFil to ensure the correctness of
the filter. The 4L HFil deploys four 3DBFs. An item is inserted into four 3DBFs in 4L HFil. The 4L requires four seed values
which are prime numbers. These seed values are passed as a parameter to the murmur hash functions. The seed value pro-
duces a different hash value of the same input item. Similarly, 6L HFil requires six seed values and so on. However, a lookup
process differs from insertion.
Flag ¼ Flag 1 ?ðFlag 2 ?ðFlag 3 ?ðFlag 4 ?1 : 0Þ : 0Þ : 0Þ : 0 ð3Þ
Eq. (3) defines the lookup process of 4L HFil where Flag i is the result of a query on an item in 3DBFi and i ¼ 1; 2; 3; 4. Sim-
ilarly, the lookup process of 6L HFil can be defined by Eq. (4).
160 R. Patgiri et al. / Information Sciences 539 (2020) 157–176

Flag ¼ Flag 1 ?ðFlag 2 ?ðFlag 3 ?ðFlag 4 ?ðFlag 5 ?ðFlag 6 ?1 : 0Þ : 0Þ : 0Þ : 0Þ : 0Þ : 0 ð4Þ

Therefore, the lookup process of nL HFil can be defined as follows-
Flag ¼ Flag 1 ?ðFlag 2 ?ðFlag 3 ?ðFlag 4 ?ðFlag 5 ?ð. . . ðFlag n ?1 : 0Þ . . . : 0Þ : 0Þ : 0Þ : 0Þ : 0Þ : 0Þ : 0 ð5Þ
The Flag results either true or false. There is no false positives in nL HFil for large value of n, however, the false positive
probability will never be zero. Therefore, HFil is unable to guarantee the free from false positives. But, HFil exhibits excellent
low false positive probability.

4.2. PassDB

PassDB has two process, namely, insertion and query. Also, PassDB follows three tier architecture, namely, user space,
network space, and server space. The user ID, password, and combination of both user ID and password are encoded using
SHA256. The encoded codes are transmitted over the network using public/private key cryptography in network space. Ser-
ver space receives the message and decrypt the SHA256 codes using the private key of the server.
In insertion, password databases are queried before performing any query to Bloom filter. If the databases return true,
then the user is allowed to insert the user ID, password, and combination of both user IDs in PassDB. Otherwise, PassDB
denies the creation of both user IDs and passwords. In a query, user ID, password, and combination of both user IDs and pass-
words are queried to Bloom filter. If Bloom filter returns true, then performs the query operation into the password database
for authentication. Otherwise, the Bloom filter denies the access to password database.
A user ID is encoded into SHA256 code and let the hash code is V U . The V U is transmitted over the network using public/
private key encryption. The user ID is also publicly invisible in PassDB like passwords. Similarly, the user password is also
encoded into SHA256 code and let V P be the hash code. The V P is transmitted over the network using public/private key
encryption. Moreover, the combination of both user IDs and passwords is also encoded into SHA256 and let V UP be the hash
code. The V UP is transmitted over the network using same policy. These three values are encrypted using public key of the
server and transmitted over the network. The server space receives the three encrypted messages and decrypts using the
private key of the server. The server extracts three values after decryption, namely, V U ; V P , and V UP as depicted in Fig. 1.
These V U ; V P , and V UP are stored in UID; PID and UPID database respectively.
These SHA256 codes are queried into Bloom filter. If Bloom filter returns false, then server terminates further processing
of the hash codes and response negative. Otherwise, the server queries the hash codes into UID; PID, and UPID databases. If
all databases return true, then the user is authenticated. Otherwise, the server denies the user and respond negative.

4.3. Insertion process of Bloom filter

PassDB store user information in three separate databases, namely, UID; PID and UPID. These databases are not relational
database. These databases are independent from each other. During the creation process of user ID and password, query
operation is performed into UID; PID and UPID. If these three databases returns true, then the hash value V U ; V P , and V UP
are inserted into UID; PID and UPID databases respectively. Also, these hash values are inserted into Bloom filters. Otherwise,
the user is advised to provide different hash value of V U ; V P , and V UP . In this case, PassDB denies creation of a user ID and
password, because the hash values already exist. In the insertion process of PassDB, if UID returns true, then the hash value
does not exist in the database. Otherwise, UID returns false. Similarly, PID and UPID return true if and only if a user ID and
password can be created. Thus, PassDB denies creation of user ID and password if anyone of these three databases returns
false.

Algorithm 1. Insertion algorithm of Bloom filter for PassDB to insert value V U

1: procedure INSERTION(3DBF 1 ; 3DBF 2 ; 3DBF 3 ; 3DBF 4 ; V U )
2: h ¼ MURMUR2 ðV U ; seed1 Þ
3: SETMEMBER ð3DBF 1 ; hÞ
4: h ¼ MURMUR2 ðV U ; seed2 Þ
5: SETMEMBER ð3DBF 2 ; hÞ
6: h ¼ MURMUR2 ðV U ; seed3 Þ
7: SETMEMBER ð3DBF 3 ; hÞ
8: h ¼ MURMUR2 ðV U ; seed4 Þ
9: SETMEMBER ð3DBF 4 ; hÞ
10: end procedure
 R. Patgiri et al. / Information Sciences 539 (2020) 157–176 161

Fig. 1 illustrates the creation process of user ID and password. Each value is inserted into four 3DBFs. 3DBF is independent
from the number of hash functions. Values are inserted into 3DBF using modulus operator. Each 3DBF requires four modulus
operations to insert an item. In addition, the value V U ; V P , and V UP are converted into SHA2-256 code and store in three dif-
ferent databases, namely, UID; PID, and UPID database.

4.4. Query process of PassDB

Algorithm 2. Query algorithm of Bloom filter for PassDB to query value V U

1: procedure INSERTION (3DBF 1 ; 3DBF 2 ; 3DBF 3 ; 3DBF 4 ; V U )
2: h1 ¼ MURMUR2 ðV U ; seed1 Þ
3: h2 ¼ MURMUR2 ðV U ; seed2 Þ
4: h3 ¼ MURMUR2 ðV U ; seed3 Þ
5: h4 ¼ MURMUR2 ðV U ; seed4 Þ
6: if TESTMEMBER ð3DBF 1 ; h1Þ ¼¼ 1
7: if TESTMEMBER ð3DBF 2 ; h2Þ ¼¼ 1
8: if TESTMEMBER ð3DBF 3 ; h3Þ ¼¼ 1
9: if TESTMEMBER ð3DBF 4 ; h4Þ ¼¼ 1
10: return 1
11: else
12: return 0
13 end if
14: else
15: return 0
16: end if
17: else
18: return 0
19: end if
20: else
21: return 0
22: end if
23: end procedure

Fig. 2 represents the overview of the authentication process of PassDB. Similar to the password creation process, encryp-
tion and decryption are performed using public key and private key respectively. As we know that accessing secondary
memory is costlier than accessing main memory. Bloom filter is stored in main memory. Therefore, the Bloom filter reduces
the unnecessary accesses to the password database, thus, it improves the performance. However, the Bloom filter lookup
cost is an overhead for intended users. Also, Bloom filter layer restricts unintended users to access the password databases,
particularly, UID; PID and UPID. Thus, the Bloom filter ensures high security on password database.
There are two challenges in Bloom filter, but it does not affect PassDB which are discussed below-.

False Positives: False positive is a big challenge in a Bloom filter. Moreover, password databases avoid integrating Bloom
filter due to the false positive issue. For example, Bob enters a password in password database and the password does not
exist in the password database. However, Bob is authenticated due to the false positive response. To remove this issue,
PassDB integrate HFil, a high accuracy Bloom filter. Let us assume, this high accuracy Bloom filter returns false positive.
Due to this reason, Bob is able to cross the barrier of Bloom filters. Assume that Bob is also able to get true results from
UID; PID and UPID databases. Then Bob is authenticated, i.e. Bob is able to cross all the barriers of PassDB. If it happens so,
Bob knows the user ID, password and their combination. However, PassDB deploys three HFils. Those three HFils are inde-
pendent of each other. Moreover, each HFil has four 3DBFs. Bob gets true response for the HFil storing user ID. This hap-
pens when all four 3DBFs gives a false positive response. The occurrence of this scenario is practically very difficult.
Moreover, assume all three HFils returns a false positive response. That means all 12 3DBFs returns false positive which
is literally impossible. Hence, PassDB as a single entity is immune to false positive.
False Negative: A False negative is also a big challenge for Bloom filter (except counting Bloom filter). False negative occurs
if and only if a delete operation is performed on Bloom filters. Suppose, Bob is a valid user and want to get authentication
from password database. Bob is able to get authentication from password database. Suddenly, Bob is denied to get
authenticated. The reason is a deletion operation is performed by the password database. This deletion operation also
deletes some bit information of Bob’s password. Thus, Bob is unable to get an authentication from password database.
Therefore, PassDB does not permit the deletion operation. Password database does not have a requirement of deletion
162 R. Patgiri et al. / Information Sciences 539 (2020) 157–176

Fig. 1. Insertion of password in PassDB. Figure depicts the user space, network and server space to demonstrate the flow of the user identity.

operation. Because, the 3DBF in the HFil hashes each input item to a single bit (Theorem 3 [36]). Hence, each 3DBF is able
to accommodate the huge number of input items. Hence, PassDB does not have any false negative.

For instance, an attacker would like to match a password in the password database, then the attacker’s password and user
ID is in the Bloom filter. If Bloom filters permits to match the attacker’s user ID and password in the password databases,
then the user ID and password are matched in the password database. The attacker will be successful if and only if the user
ID and password of attacker matches in the password database. If it happens so, the attacker will be a valid user.
As depicted in Fig. 3, user ID (V U ), password (V P ), and combination of both user ID and password (V UP ) are queried to
Bloom filters. If the Bloom filter returns true, then search the values in the database. Otherwise, the Bloom filter denies
the user. This process saves the lookup time in the database. However, extra time is added to the process in case of true pos-
itives. Nevertheless, the lookup time complexity of Bloom filter is Oð1Þ. The Bloom filter layer protects the password database
from the direct accesses.
Let, B1x;y;z ; B2x;y;z ; B3x;y;z , and B4x;y;z be the four 3DBFs for a user ID. The x; y and z are the dimensions of the 3DBFs and these
are prime numbers. Similarly, four 3DBFs are also used in the password and the combination of both user IDs and passwords
separately as depicted in Fig. 3. Therefore, there are twelve 3DBFs in PassDB. The value V U is inserted into B1x;y;z ; B2x;y;z ; B3x;y;z ,
 R. Patgiri et al. / Information Sciences 539 (2020) 157–176 163

Fig. 2. Overview of Query process of password in PassDB.

and B4x;y;z using Eq. (1). The value V U is queried to B1x;y;z ; B2x;y;z ; B3x;y;z , and B4x;y;z using Eq. (2). Likewise, the value V P , and V UP are
inserted or queried into/to another two HFils (which consists of four 3DBFs each).
Let, Flag i be the true or false value returned by 3DBF where i ¼ 1; 2; 3; . . . ; 12. The necessary condition for searching the
values V U ; V P , and V UP is as follows-

FlagR AND12
i¼1 Flag i ð6Þ
FlagR returns either true or false. If FlagR returns false, then user is denied. Otherwise, check the database for matching the
values.

4.5. Database

There are three databases, namely, UID database, PID database, and UPID database for SHA2-256 of V U ; V P , and V UP
respectively. The value V U ; V P , and V UP are checked in Bloom filter, and then lookup in the UID database, PID database,
and UPID database. If Bloom filter, UID; PID, and UPID permits, then authentication is successful. Otherwise, the user is
declined. The database lookup is necessary to validate the user. The UID; PID and UPID databases store SHA2-256 codes.
The UID; PID and UPID databases are also independent from each other, i.e., a PID cannot be retrieved by a key of UID or UPID.

4.6. Communication process

PassDB relies on public/private cryptography. Let us assume, user ID is U, password is P and combination of both user ID
and password is UP. User convert these U; P and UP into SHA256 hash codes. Let, HðUÞ!V U where HðÞ is SHA256 hash
function and V U is the corresponding hash code. Similarly, the user converts P and UP into SHA256 hash code using
HðPÞ!V P and HðUPÞ!V UP respectively. Now, these secret keys are transmitted over non-secure media. Therefore, the
user encrypts the keys using public key of the server, which can be decrypted by the private key of the server. Let,
EncK spub ðV U Þ!V UK s is the encrypted code of U using the public key of the server. This public key is retrieved from trusted
pub
164 R. Patgiri et al. / Information Sciences 539 (2020) 157–176

Fig. 3. Detail authentication process of password in PassDB.

third party. Similarly, EncK spub ðV P Þ!V PK s and EncK spub ðV UP Þ!V UP
Ks are the encrypted code to transmit over public channel. The
pub pub

server receives the encrypted message and decrypt the message using own private key. Let, DecK spriv ðV UK s Þ!V U where DecK spriv
pub

decryption using private key of the server and retrieve V U which is SHA256 hash code of U. Similarly, DecK spriv ðV PK s Þ!V P and
pub

DecK spriv ðV UP
K s Þ!V UP . Thus, the server receives the hash code V U ; V P and V UP . The V U ; V P and V UP are stored in UID; PID and
pub

UPID databases along with the Bloom filter. In a query process, V U ; V P and V UP are queried to Bloom filter for membership
checking. If Bloom filter returns false, then the user is prevented from accessing the password database. Otherwise, user
queries V U ; V P and V UP into UID; PID, and UPID respectively. If these three databases return true, then the user is authen-
ticated. Otherwise, the user is denied to get an authentication.

5. Experimental results

In this experimental section, HFil is demonstrated using extensive experimentation. All variants of the HFil are compared
and investigated. This experimentation leads to selection of number of 3DBFs in PassDB. We have selected 12L HFil in
PassDB. Also, an experimental analysis is presented in this section.

5.1. HFil- A Multilevel Bloom filter

HFil experiments various multilevel filters by deploying 3D Bloom filter. In this experiment, 4L HFil, 6L HFil, 8L HFil, 10L
HFil, 12L HFil, 14L HFil and 16L HFil are compared to study the performance and accuracy. We show the accuracy through
deduplication of million items.
 R. Patgiri et al. / Information Sciences 539 (2020) 157–176 165

5.1.1. False positives

False positive is the most important issue in a Bloom filter. Moreover, the deduplication process requires a high accuracy
Bloom filter. Because, in case of false positives, the filtering process identifies an item as duplicate while the item is unique.
Therefore, it is immensely necessitated to build a high accuracy Bloom filter.
Fig. 4 depicts the false positives found during deduplicating 8 million random numbers. HFil deploys several 3DBFs to
remove false positives in multilevel approach. 16L shows 2 false positives using 2 MB of individual 3DBF, i.e., 16L HFil con-
sumes 32 MB main memory during deduplicating 8 million random numbers. Similarly, 14L HFil exhibits higher false pos-
itives than 16L HFil while considering individual filter size of 2 MB. However, 14L HFil has no false positives with 48 MB
memory size in deduplicating 8 million random numbers. Higher memory and higher level HFil give no false positives,
because, with the increase in capacity of 3DBF the mapping of input items is spread more over the Bloom filter. From
6 MB and higher memory 10L HFil and higher variants gives no false positives.
Similarly, Fig. 5 depicts the number of false positives found during deduplication of 16 million random numbers. The 16L
HFil throws 2 false positives in 96 MB memory size on individual filter size of 6 MB (16  6MB). The 14L HFil exhibits 2 false
positives in 112 MB memory (14  8MB).
Moreover, Fig. 6 shows the number of false positives found during the deduplicating of 32 million random numbers. The
16L HFil finds zero false positives on 160 MB memory size while 14L HFil finds zero false positives on 224 MB memory size.
Furthermore, Fig. 7 exposes the number of false positives found during deduplication of 64 million random numbers. The 16L
HFil returns 3 false positives on 416 MB memory size while all other variants of HFil takes higher memory to exhibit lower
false positives. Similarly, Figs. 8 and 9 depict the number of false positives found during the deduplicating process of 128
million and 256 million random numbers respectively. The 16L HFil consumes lower memory to returns least false positives
while other variants of HFil consume more memory. From these experiments, the higher level of HFil has a low false positive
in lower memory size than the lower levels of HFil.

5.2. Memory consumption

Memory consumption is another issue of Bloom filters. A high accuracy Bloom filter requires a large number of main
memory, whereas deploying 3DBF reduces the consumption of main memory.
Figs. 10–15 depicts the memory consumption for zero false positives in 8 million, 16 million, 32 million, 64 million, 128
million, and 256 million random numbers respectively. The 16L HFil consumes the lowest memory for all sizes of input and

Fig. 4. Number of false positives found in 8 millions input on various levels of HFil. Lower is better.

Fig. 5. Number of false positives found in 16 millions input on various levels of HFil. Lower is better.
166 R. Patgiri et al. / Information Sciences 539 (2020) 157–176

Fig. 6. Number of false positives found in 32 millions input on various levels of HFil. Lower is better.

Fig. 7. Number of false positives found in 64 millions input on various levels of HFil. Lower is better.

4L HFil consumes the highest memory for all sizes of input for zero false positives. From these experiments, the higher level
of HFil consumes less memory than the lower level of HFil for zero false positives.

5.2.1. Performance
The performance is a critical issue of Bloom filters. Fig. 16 depicts the throughput of various levels of HFil in different
input size respectively. The 4L HFil takes lowest time and exhibits the highest throughput. The 4L HFil takes 3.8 s to filter
8 million random numbers while 16L takes 16.6 s to filter the same input size. Similarly, 4L HFil takes 157.63 s to filter
256 million random numbers while 16L HFil takes 901.38 s for same input size. The 4L HFil is able to process two million
operations per seconds (MOPS) while 16L HFil is able to process 0.43 MOPS on an average. Similarly, 6L HFil is able to filter
1.3 MOPS while 14L HFil is able to process 0.52 MOPS on an average. Therefore, lower level of HFil is faster than the higher
level of HFil.

5.3. Bloom filter for PassDB

The evaluation of 3D Bloom filter, we have download 10 million passwords [37]. These passwords are inserted into
PassDB. To check the false positives of the Bloom filter, we have generated 16 million random numbers.
Fig. 17 depicts the time taken by the 3DBF to insert 10 million passwords and query 16 million random numbers. The
password and random numbers are disjoint set. The insertion process involves twelve 3DBFs, and the query process does
not require to pass all 3DBFs. A query process terminates the process as early as possible if the item is not in the filter. There-
fore, a query process takes less time than insertion process in this experimentation.
Fig. 18 depicts the number of false positives found during the query process of 16 million random numbers. There is no
false positives found in 96 MB and 120 MB filter size in the insertion of 10 million passwords and query of 16 million random
numbers. However, there are 3 false positives in 84 MB filter size.
Fig. 19 depicts the throughput in million operations per second (MOPS). Mean throughput is 0.6 MOPS in insertion, and
3.2 MOPS in the query process in the PassDB.Query operation has a higher throughput compared to insertion operation
because in case of the insertion operation first the databases are checked for the presence of the user then the Bloom filter
is accessed.
Fig. 20 depicts the time taken to process a key in insertion and query process. The mean time to process a key in insertion
is 1671 ns and query is 506 ns. The processing time per key is very less as compared to writing or reading from the HDD.
 R. Patgiri et al. / Information Sciences 539 (2020) 157–176 167

Fig. 8. Number of false positives found in 128 millions input on various levels of HFil. Lower is better.

Fig. 9. Number of false positives found in 256 millions input on various levels of HFil. Lower is better.

Fig. 10. Total memory consumption for zero false positives in 8 millions input by various levels of HFil. Lower is better.

5.4. Choosing HFil variant for PassDB

By Figs. 16 and 17, it is concluded that 4L HFil takes lowest time and gives higher throughput. However, 4L HFil gives the
highest false positive probability compared to other variants of HFil. But, PassDB requires to be present in RAM to reduce
Bloom filter access time and also, requires to reduce false positives. Thus, it imposes a trade-off between memory, perfor-
mance and FPP. Thus, PassDB uses 12L HFil, therefore, the false positive probability of PassDB further reduces to
FPPPassDB ¼ 13 FPP12L HFil .
168 R. Patgiri et al. / Information Sciences 539 (2020) 157–176

Fig. 11. Total memory consumption for zero false positives in 16 millions input by various levels of HFil. Lower is better.

Fig. 12. Total memory consumption for zero false positives in 32 millions input by various levels of HFil. Lower is better.

Fig. 13. Total memory consumption for zero false positives in 64 millions input by various levels of HFil. Lower is better.

6. Analysis

6.1. Analysis of HFil Bloom filter

6.1.1. False positives

The theoretical analysis of false positives of 3DBF is similar to conventional Bloom filter except the number of hash func-
tions k whereas k is 1 in 3DBF. Let, l be the size of 3BDF, and g be the total entries. The probability of a bit to be zero is [38]

g
1
1 ð7Þ
l
The probability of a bit to be 1 is
 R. Patgiri et al. / Information Sciences 539 (2020) 157–176 169

Fig. 14. Total memory consumption for zero false positives in 128 millions input by various levels of HFil. Lower is better.

Fig. 15. Total memory consumption for zero false positives in 256 millions input by various levels of HFil. Lower is better.

Fig. 16. Throughput of various levels of HFil. Higher is better.

g
1
1 1 ð8Þ
l
The total false positive probability is calculated by Grandi [39] using c  transformation. Let, X be the random variable that
represents the total number of 1 in the Bloom Array, and conditioning the X ¼ x, then the probability of false positives
becomes


x
PrðFPjX ¼ xÞ ¼ ð9Þ
l
The false positive probability (FPP) is calculated as follows
170 R. Patgiri et al. / Information Sciences 539 (2020) 157–176

Fig. 17. Time taken to insert 10 million passwords in insertion and query in PassDB. Lower is better.

Fig. 18. Number of false positives found in 10 million passwords in PassDB. Lower is better.

Fig. 19. Throughput of the filter in million operations per second (MOPS) in PassDB. Higher is better.

l
X l

X l

X
x x
FPP ¼ PrðFPjX ¼ xÞPrðX ¼ xÞ ¼ PrðX ¼ xÞ ¼ f ðxÞ ð10Þ
x¼0 x¼0
l x¼0
l
where f ðxÞ is probability mass function. Grandi [39] calculates f ðxÞ using c  transformation, and presents the FPP as follows
l

X

g
X x l x x xj
FPP ¼ ð1Þj ð11Þ
x¼0
l x j¼0 j l
Let, FPPi be the false positive probability where i ¼ 1; 2; 3; 4; . . .. Therefore, the false positive probability of 4L HFil is
 R. Patgiri et al. / Information Sciences 539 (2020) 157–176 171

Fig. 20. Processing time of a key in lookup and insertion in seconds in PassDB. Lower is better.

Y
4
FPP4L ¼ FPP i ð12Þ
i¼0

Similarly, false positive probability of 6L is

Y
6
FPP6L ¼ FPP i ð13Þ
i¼0

Finally, the false positive probability of nL HFil is

Y
n
FPPnL ¼ FPP i ð14Þ
i¼0

Thus, the theoretical FPP of HFil also shows an extremely low FPP.

6.1.2. Asymptotic behavior

The insertion and query operations take Oð1Þ time complexity in 3DBF as shown in Eqs. (1) and (2). HFil deploys many
3DBFs. Thus, the time complexity for both insertion and query operation in nL HFil is OðnÞ. However, very large value of n
is not desirable. Therefore, we are limiting the value of n to 16 due to performance and memory issue. Hence, the time com-
plexity of insertion and query operation in 16L HFil is Oð1Þ. Similarly, 14L, 12L, 10L, 8L, 6L, and 4L also have the same time
complexity. However, performance differs from each other. For example, 4L is faster than 6L and other variants of HFil. Sim-
ilarly, 6L is also faster than its higher level HFil, and so on. Nevertheless, the asymptotic behavior of these HFil is same.

6.1.3. Accuracy
The accuracy depends on the false positives of HFil, since, there is no false negatives in 3DBF. Therefore, the probability of
returning false positive by a 3DBF is 13. Hence, the false positive probability of 4L HFil is as follows-

1
FPP4L ¼ ¼ 0:012345679 ð15Þ
34
And, the accuracy of 4L HFil is as follows
1
ACC 4L ¼ 1  ¼ 0:987654321 ¼ 98:77% ð16Þ
34
Similarly, as Table 1 depicts the false positive probability of 6L HFil which is derived as follows

Table 1
Accuracy of various levels of HFil.

HFil FPP Accuracy

4L 0.012345679 98.77%
6L 0.001371742 99.86%
8L 0.000152416 99.98%
10L 0.000016935 99.99%
12L 0.000001882 99.99%
14L 0.000000209 99.99%
16L 0.000000023 99.99%
nL 1
3n
1  31n
172 R. Patgiri et al. / Information Sciences 539 (2020) 157–176

1
FPP4L ¼ ¼ 0:001371742 ð17Þ
36
And, the accuracy of 6L HFil is as follows-
1
ACC 6L ¼ 1  ¼ 0:998628258 ¼ 99:86% ð18Þ
36
Generally, the false positive probability of nL HFil is as follows-
1
FPPnL ¼ ð19Þ
3n
And, the accuracy of nL HFil is as follows-
1
ACC nL ¼ 1  ð20Þ
3n

6.1.4. Trade-off
There are interesting trade-off between performance, accuracy, and memory. Let us consider, the trade-off between per-
formance and accuracy. For higher accuracy, HFil sacrifice performance. HFil sacrifices accuracy for higher performance. Sim-
ilarly, HFil has a trade-off between performance and memory. HFil sacrifices the performance for low memory consumption,
f 16L HFil. Also, HFil sacrifices memory for high performance, for instance, L HFil.

6.2. Analysis of PassDB

False positives is the key issue in BF-based solution. A Bloom filter is unable to eschew from false positives. Therefore,
there is also some false positive probability in PassDB, however, it is nearly zero.

6.2.1. False positive probability

PassDB is constructed using twelve 3DBFs. Therefore, the false positive probability of PassDB is derived from HFil as
follows-
Y Xm  
 x

n !
12
x m X j x xj
FPP ¼ ð1Þ ð21Þ
p¼1 x¼0
m x j¼0 j m

Eq. (21) results very low false positive probability.

Now, if there are n unique entries in the 3DBF of size m, then the load factor a ¼ mn % of memory will be occupied if and
only if there is no collision. For example, m ¼ 83886080bits (i.e., 10 MB) and one million entries, then there are 1.19% of
memory will be filled by ‘1’. A one million entries require 1.19% of memory and it shows that there is a very low false pos-
itives in 3DBF. Also, it is sufficient enough to reduce the false positives. However, we keep this threshold to 3% to reduce the
memory wastage for password management system.

6.2.2. Accuracy of PassDB

There are twelve 3DBFs in PassDB. A 3DBF can return true positive, false positive and true negative, but not false negative.
Because, 3DBF does not support the deletion operation. Thus, the false positive probability of 3DBF is 13. There are twelve
3DBFs, thus, the false positive probability is 3112 ¼ 0:00000188. The false positive probability is impressively low. Therefore,
the accuracy is 1  3112 ¼ 99:99%  100%.

6.2.3. Query and insertion time complexity of Bloom filter

PassDB deploys 3DBF, hence, it inherits the properties of 3DBF. The 3DBF uses the murmur hash function, and four mod-
ulus operations for both insertion and query operation. Therefore, 3DBF takes Oð1Þ time complexity for insertion and query
operations. Thus, PassDB uses twelve 3DBFs and also takes Oð1Þ time complexity for insertion and query operations.

6.2.4. Memory requirements for Bloom filter

3DBF consumes very less amount of memory as compared to conventional Bloom filter. The conventional Bloom filter
consumes a few bits of memory per item, i.e., each item consumes k bits. On the contrary, 3DBF consume a single bit of mem-
ory for each item. However, the PassDB consumes 12  bits per user ID and password, i.e., there are twelve 3DBFs in PassDB.
It is a reasonable amount of memory per item for high security requirements. Besides, some variants of Bloom filters con-
sume memory more than 2 bytes per item depending on hash functions. However, the PassDB depends on the input entries
and memory size. If the number of unique passwords is nearly equal to the number of available bits of 3DBF, then there is a
very high chance of false positive. However, PassDB takes care of the number of entries of password depending on 3DBF
memory size. PassDB keep threshold of 3% to remove the false positive probability.
 R. Patgiri et al. / Information Sciences 539 (2020) 157–176 173

6.2.5. Irrecoverable and irreversible password

PassDB offers irrecoverable and irreversible password management system. Recoverable and reversible passwords store
the passwords along with encrypted code. Instead, PassDB stores the hash codes generated by the SAH256 hash function.
Once a password is created successfully, the password cannot be regenerated from the PassDB. Moreover, a lost password
cannot be recovered from PassDB.
Let, HðKÞ ¼ V where HðÞ be the SHA 256 hash function, K be the input item to be encrypted and V be the hash code after
applying the SHA256 hash function. User encrypts V as V sK where K pub is the public key of server s. The pk is retrieved from
trusted third party. Upon receiving V sK message by server, the server decrypts the message using the private key of the server,
denoted by DecK priv ðV K s Þ!V. Thus, the server receives V. There is no way to know the original information from V by the
server, since, V is hash code. Therefore, the server is unable to retrieve the original information from V. Thus, V is irreversible.
Also, the server does not store original information except V, therefore, PassDB is unable to return original information of the
user. Therefore, PassDB is irrecoverable.

6.2.6. Cost of PassDB and overhead

Deploying Bloom filter in password lookup can be overhead. Let, M be the total query made to PassDB, P be the total
positive query, P a be the total number of true positive, N ¼ M  P be the total negative query, F ¼ P  P a be the total false
positive query, C be the cost of database access per request, and B be the cost of Bloom filter access per request. The total cost
of Bloom filter access is M  B. The total cost of database access in positive query is
D ¼ M  B þ ðP a þ F Þ  C
The database access cost is much higher than the cost of Bloom filter access. The overall cost of PassDB for M query is
O ¼ M  B þ ðP a þ F  N Þ  C
If F reduces, then O is improved. Also, N increases significantly reducing the overall cost. The overhead is M  B  N .
The overhead depends upon the total number of negative queries. If the number of negative queries increases, then PassDB
benefits. However, if all queries are positive, then PassDB incur an overhead of M  B. Accessing cost of RAM is about 1000
faster than HDD accesses. Therefore, reducing HDD access improves the system performance.

6.2.7. Consistency of Bloom filter

An item insertion affects a small portion of PassDB due to write lock. PassDB is implemented using strict consistency
mechanism. If there is an insertion in a 3DBF, then PassDB acquires write lock to the particular block of the 3DBF where
the desired cell is present. No other operation is permitted in that block. Write operations are very costly. Hence, PassDB
divides the 3DBF into multiple virtual blocks in RAM, and creates separate files for each virtual block in the HDD. The block
sizes are very small. For instance, the block size is 4  4  4  64 bits ¼ 4096-bits. The blocks are split such that writing into
the file does not affect the performance of PassDB. When PassDB acquires a write lock, a block and a file are being locked and
write to the particular file. Any update operation in 3DBF is bit wise update operation. Therefore, locking entire PassDB
blocks all read/write operations which is undesirable. Thus, a small portion of PassDB is affected by write locks in insertion
operation. Metadata of all files is stored in a Hashtable.

7. Security analysis

Public–private key cryptography is highly secured and it is proven in practical field. It requires a trusted third party for
secure communication. This cryptography can defend various attacks, namely, password attacks (brute-force attack and dic-
tionary attack), birthday attacks, man in middle attack (e.g., Session hijacking, IP spoofing, and Replay), Eavesdropping attack
(e.g., passive and active eavesdropping), and Malware attack (e.g., Macro viruses, Stealth viruses, etc.). Most of the attacks
can be defended by public/private key cryptography. Also, Brute-force attacks require many years to decode the message.
Undoubtedly, PassDB is very secure, because, PassDB uses the most secure communication system. PassDB relies on pub-
lic–private key cryptography.
There are three databases, namely, UID; PID, and UPID with a high accuracy Bloom filter. First, the attacker must pass
through a high accuracy Bloom filter. Also, the attacker must be able to generate three SHA2-256 hash codes stored in
UID; PID and UPID databases. The brute - force attack of a single hash-code takes many years. The attacker requires high per-
formance computing machinery with many years to crack user ID. PID create another complexity to attackers. Also, UPID
adds more complexity to crack the PassDB by the attackers. Combinations of these three SHA2-256 hash codes, make PassDB
nearly impossible to attack.

7.1. Brute-force attack

The most famous attacks in password database are Brute-force attacks. The brute - force attack requires to crack the pass-
word by guessing in conventional password databases. This attack is a hit and trial hacking. The attacker tries possible
sequence of characters to guess the password. Let us assume, an attacker is able to crack user ID, V U . Then, the attacker must
174 R. Patgiri et al. / Information Sciences 539 (2020) 157–176

also be able to crack password V P and the combination of both user ID and password V P . The user ID is encrypted and it’s not
public in PassDB. Let us assume Brute force attacker is able to crack V U ; V P and V UP . Then, these hash codes are checked in
high accuracy Bloom filter. If Bloom filter return true, then these hash codes are checked in UID; PID and UPID databases. If
these databases return true, then the attacker is able to gain authentication. However, it is very difficult to crack V U . It
requires very high computational power and many years. Similarly, it is also difficult to crack V P and V UP . Thus, these meth-
ods introduce additional complexity to brute force attackers. Therefore, it is nearly impossible to gain authentication in
PassDB. If an attacker is able to gain authentication, then the attacker must know user ID, password and combination of both.
Thus, the attacker gaining authentication implies a valid user, not an attacker.

7.2. Dictionary attack

Another famous attack is dictionary attacks. This attack is a type of brute-force attack. In this attack, the attacker tries all
possible combinations of passwords till the correct password is obtained [40]. It is similar to the words present in a dic-
tionary. Most of the user IDs do not come under the dictionary. Therefore, an attacker must create all possible user IDs. Sim-
ilarly, the password can be attacked by a dictionary based attacker. However, the combination of both never comes under the
dictionary. Suppose, if an attacker able to crack user ID in PassDB by dictionary attacks, then the attacker must be able to
crack password which comes under the dictionary. The combination of both password and user ID is nearly impossible to
attack by the attacker. Hence, it is impossible to attack by dictionary based attackers. Therefore, PassDB is safe from dic-
tionary based attackers.

7.3. DDoS attack

Distributed denial of service (DDoS) is used to down a service by spawning many requests which consumes entire band-
width of the service provider. DDoS attacks are easily detected in Bloom filter and prevents the DDoS attacks [8]. In PassDB,
all requests must pass through the Bloom filter to gain access to UID; PID and UPID. A few requests can pass through the
Bloom filter to access UID; PID and UPID databases due to false positives. However, the false positive probability is very
low in PassDB, thus, attackers will not be able to overload the password database with repetitive request. The Bloom filter
is very fast to lookup a membership query and DDoS attack may not be able to down the entire service. Hence, the UID; PID
and UPID is untouchable by DDoS attackers. However, DDoS attackers may be able to slow down the entire process.

8. Birthday attack

Birthday attacks are designed to crack hash algorithms. Hash algorithms are fixed length. Therefore, birthday attack may
be successful in gaining information. However, let us assume, an attacker is able to crack V U using birthday attack. Then the
attacker must also be able to crack other two hash codes, namely, V P and V UP . Then the attacker can be able to win. Here,
SHA256 hash codes are very difficult to attack by the birthday attacking systems. However, we have already assumed that
the attacker is able to crack V U using the birthday attacking method, then there are other two SHA256 hash codes to crack.
Therefore, it is very difficult to attack the three hash code generated by SHA256 for a single attack to gain authentication.
Thus, PassDB ensure the high security from birthday attackers.

9. Privacy analysis

Let us assume, U is set of users and P is set of encrypted passwords. U ) P defines U is strongly connected to P, i.e., infor-
mation about user and password is stored in the database, and encrypted password is visible to authenticated users along
with user information. This practice violates the rule of privacy. Let, U * P defines U are partially connected to P, i.e., the
relation of any user with password is not visible. In PassDB, the UID; PID, and UPID are partially connected. Therefore, the
databases are separated from each other. Also, UID returns true or false depending on the queried item. Similarly, PID and
UPID may also return true or false.

Definition 1. If any password database displays password P in any form against user ID U, then there is no strict privacy.

To impose strict privacy, an authenticated person is also unable to see the password in any form except true or false. The
most modern practice, most of the identity management system does not have any strict privacy mechanism. Also, a pass-
word can easily be mapped to user ID by an administrator which is not required. Let us assume, password of an important
person (e.g., president of USA) is visible to administrator in any form, then the security may become vulnerable. To achieve
strict privacy, password database converts stores hash codes in separate databases. Also, the query to any password database
returns either true or false depending on the password. Particularly, identifying the person with the password is dangerous.
Therefore, PassDB imposes strict privacy where user IDs and passwords are encrypted. An encrypted password cannot be
retrieved by encrypting user ID. These databases do not have any mapping mechanism, and thus, they are independent of
each other. This mechanism ensures that a key cannot be mapped to another key. Therefore, privacy remains intact.
 R. Patgiri et al. / Information Sciences 539 (2020) 157–176 175

10. Discussion

Undoubtedly, HFil offers a very high accuracy filtering, which is almost 100%. However, the trade-off between perfor-
mance, accuracy and memory should be taken extra care of while implementing the HFil in a certain application. Otherwise,
HFil will not serve the purpose of the application. Besides, the HFil is a static Bloom filter where re-adjustment of the size of
HFil is not allowed. If the HFil is full, then a new HFil is created. In addition, the dimensions of the 3DBF are prime numbers.
Besides, the seed values are prime numbers. For instance, 16L HFil requires 16 seed values which are prime numbers. These
16 seed values are passed as parameter to murmur hash function. As per our experience, selecting prime numbers as dimen-
sions of 3DBF take an important role to reduce the false positives. PassDB extends rDBF [36] and uses twelve 3DBFs for the
high accuracy Bloom filter. The twelve Bloom filters are faster than 14L HFil and 16L HFil. However, the accuracy is equiv-
alent to 14L HFil and 16L HFil. Also, 12L HFil has a lower false positive probability than 4L HFil to 10L HFil. Therefore, PassDB
opts 12L HFil to implement Bloom filters.

11. Conclusion

In this article, we have presented a novel password management system using 3DBF, called PassDB. As we have discussed,
a threshold value, 3% of a 3DBF memory is enough to accommodate large number of inputs. The false positive probability is
negligible in PassDB which is nearly zero. We deployed twelve 3DBF to avoid the false positives in PassDB. Moreover, PassDB
is free from false negative. Also, PassDB uses four SHA256 hash codes which are irreversible, and irrecoverable. Bloom filters
of the PassDB stores bit information of the hash codes. The UID; PID and UPID store SHA256 code for verification purposes.
Therefore, PassDB offers irrecoverable and irreversible password database system. A password cannot be recovered and
regenerated through bit information or value generated by the SHA256 hash function. Furthermore, PassDB implements
strict consistency by creating multiple files in HDD without sacrificing the performance of the system. Insertion of an item
requires write locks on a file and a particular virtual block. Rest blocks are unaffected by acquiring a write lock operation.
Besides, the user information is converted into three SHA256 codes, encrypts using a public key to transmit over the net-
work, and decrypts the encrypted message using a private key to extract the SHA256 hash code. The SHA256 hash code
is fed into Bloom filter. Thus, PassDB is extremely secure password management system. Also, PassDB imposes strict privacy
policy where user and password cannot be mapped. Also, the user ID is not revealed similar to passwords. Most importantly,
the brute force attacker is unable to gain authentication, and it is a nearly impossible task. Similarly, the dictionary based
attacker is also unable to attack PassDB. Moreover, the DDoS can easily be handled by PassDB. Our proposed system can
be applied in the most of the system that requires high accuracy of a Bloom Filter.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have
appeared to influence the work reported in this paper.

References

[1] B.H. Bloom, Space/time trade-offs in hash coding with allowable errors, Communication of the ACM 13 (7) (1970) 422–426.
[2] M. Antikainen, T. Aura, M. Särelä, Denial-of-service attacks in bloom-filter-based forwarding, IEEE/ACM Transactions on Networking 22 (5) (2014)
1463–1476, https://doi.org/10.1109/TNET.2013.2281614.
[3] M. Sarela, C.E. Rothenberg, T. Aura, A. Zahemszky, P. Nikander, J. Ott, Forwarding anomalies in bloom filter-based multicast, in: 2011 Proceedings IEEE
INFOCOM, 2011, pp. 2399–2407, https://doi.org/10.1109/INFCOM.2011.5935060.
[4] S. Geravand, M. Ahmadi, Bloom filter applications in network security: a state-of-the-art survey, Computer Networks 57 (18) (2013) 4047–4064,
https://doi.org/10.1016/j.comnet.2013.09.003.
[5] L. Maccari, R. Fantacci, P. Neira, R.M. Gasca, Mesh network firewalling with bloom filters, in: IEEE International Conference on Communications, 2007.
ICC’07, IEEE, 2007, pp. 1546–1551. .
[6] P. Neira, R.M. Gasca, L. Maccari, L. Lefevre, Stateful firewalling for wireless mesh networks, in: 2008 New Technologies, Mobility and Security, 2008, pp.
1–5, https://doi.org/10.1109/NTMS.2008.ECP.92.
[7] L. Calderoni, P. Palmieri, D. Maio, Location privacy without mutual trust: The spatial bloom filter, Comput. Commun. 68 (Suppl C) (2015) 4–16, doi:
10.1016/j.comcom.2015.06.011 (security and Privacy in Unified Communications: Challenges and Solutions). .
[8] R. Patgiri, S. Nayak, S.K. Borgohain, Preventing ddos using bloom filter: A survey, EAI Endorsed Transactions on Scalable Information Systems 5 (19),
doi: 10.4108/eai.19-6-2018.155865. .
[9] R. Patgiri, S. Nayak, S.K. Borgohain, Hunting the pertinency of bloom filter in computer networking and beyond: a survey, Journal of Computer
Networks and Communications (2019).
[10] J.H. Mun, H. Lim, New approach for efficient ip address lookup using a bloom filter in trie-based algorithms, IEEE Transactions on Computers 65 (5)
(2016) 1558–1565, https://doi.org/10.1109/TC.2015.2444850.
[11] R. Patgiri, S.K. Borgohain, S. Nayak, ipBF: A fast and accurate IP address lookup using 3d bloom filter, in: A. Abraham, A.K. Cherukuri, P. Melin, N.
Gandhi (Eds.), Intelligent Systems Design and Applications, Springer International Publishing, Cham, 2020, pp. 182–191.
[12] G. Fernandez-Del-Carpio, D. Larrabeiti, M. Uruena, Forwarding of multicast packets with hybrid methods based on bloom filters and shared trees in
mpls networks, in: 2017 IEEE 18th International Conference on High Performance Switching and Routing (HPSR), 2017, pp. 1–8, https://doi.org/
10.1109/HPSR.2017.7968688.
[13] W. Gao, J. Nguyen, Y. Wu, W.G. Hatcher, W. Yu, A bloom filter-based dual-layer routing scheme in large-scale mobile networks, in: 2017 26th
International Conference on Computer Communication and Networks (ICCCN), 2017, pp. 1–9, https://doi.org/10.1109/ICCCN.2017.8038405.
[14] A. Marandi, T. Braun, K. Salamatian, N. Thomos, Bfr: A bloom filter-based routing approach for information-centric networks, in: 2017 IFIP Networking
Conference (IFIP Networking) and Workshops, 2017, pp. 1–9, https://doi.org/10.23919/IFIPNetworking.2017.8264842.
176 R. Patgiri et al. / Information Sciences 539 (2020) 157–176

[15] D. Sadhya, S.K. Singh, Providing robust security measures to bloom filter based biometric template protection schemes, Computers & Security 67
(Suppl C) (2017) 59–72, https://doi.org/10.1016/j.cose.2017.02.013.
[16] J. Bringer, C. Morel, C. Rathgeb, Security analysis and improvement of some biometric protected templates based on bloom filters, Image and, Vision
Computing 58 (Suppl C) (2017) 239–253, https://doi.org/10.1016/j.imavis.2016.08.002.
[17] C. Rathgeb, F. Breitinger, C. Busch, H. Baier, On application of bloom filters to iris biometrics, IET Biometrics 3 (4) (2014) 207–218, https://doi.org/
10.1049/iet-bmt.2013.0049.
[18] M. Stokkenes, R. Ramachandra, M.K. Sigaard, K. Raja, M. Gomez-Barrero, C. Busch, Multi-biometric template protection: A security analysis of binarized
statistical features for bloom filters on smartphones, in: 2016 Sixth International Conference on Image Processing Theory, Tools and Applications
(IPTA), 2016, pp. 1–6, https://doi.org/10.1109/IPTA.2016.7820972.
[19] M. Gomez-Barrero, C. Rathgeb, G. Li, R. Ramachandra, J. Galbally, C. Busch, Multi-biometric template protection based on bloom filters, Information
Fusion 42 (Suppl C) (2018) 37–50, https://doi.org/10.1016/j.inffus.2017.10.003.
[20] Y. Wang, T. Pan, Z. Mi, H. Dai, X. Guo, T. Zhang, B. Liu, Q. Dong, Namefilter: Achieving fast name lookup with low memory cost via applying two-stage
bloom filters, Proceedings IEEE INFOCOM, 2013 (2013) 95–99, https://doi.org/10.1109/INFCOM.2013.6566742.
[21] K. Sasaki, A. Nakao, Packet cache network function for peer-to-peer traffic management with bloom-filter based flow classification, in: 2016 18th Asia-
Pacific Network Operations and Management Symposium (APNOMS), 2016, pp. 1–6, doi: 10.1109/APNOMS.2016.7737214. .
[22] W. Zheng, K. Li, K. Li, A fast algorithm based on srfft for length n ¼ q  2m dfts, IEEE Transactions on Circuits and Systems II: Express Briefs 61 (2) (2014)
110–114, https://doi.org/10.1109/TCSII.2013.2291098.
[23] W. Zheng, K. Li, K. Li, Scaled radix-2/8 algorithm for efficient computation of length-n ¼ 2m dfts, IEEE Transactions on Signal Processing 62 (10) (2014)
2492–2503.
[24] A. Broder, M. Mitzenmacher, Network applications of bloom filters: a survey, Internet Mathematics 1 (4) (2004) 485–509, https://doi.org/10.1080/
15427951.2004.10129096.
[25] F. Chang, J. Dean, S. Ghemawat, W.C. Hsieh, D.A. Wallach, M. Burrows, T. Chandra, A. Fikes, R.E. Gruber, Bigtable: A distributed storage system for
structured data, ACM Transactions on Computer Systems 26 (2) (2008) 4:1–4:26. doi:10.1145/1365815.1365816. .
[26] R. Patgiri, S. Nayak, S.K. Borgohain, Role of bloom filter in big data research: a survey, International Journal of Advanced Computer Science and
Applications 9 (11), doi: 10.14569/IJACSA.2018.091193. .
[27] W. Wang, S. Li, J. Dou, R. Du, Privacy-preserving mixed set operations, Information Sciences 525 (2020) 67–81, https://doi.org/10.1016/j.
ins.2020.03.049.
[28] Y. Ma, Y. Wu, J. Li, J. Ge, Apcn: A scalable architecture for balancing accountability and privacy in large-scale content-based networks, Information, doi:
10.1016/j.ins.2019.01.054. .
[29] R. Patgiri, Hfil: A high accuracy bloom filter, in: 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE
17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), 2019, pp. 2169–
2174. doi: 10.1109/HPCC/SmartCity/DSS.2019.00300..
[30] R. Patgiri, S. Nayak, S.K. Borgohain, Passdb: A password database using 3d bloom filter, in: 2019 IEEE 21st International Conference on High
Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science
and Systems (HPCC/SmartCity/DSS), 2019, pp. 1147–1154, https://doi.org/10.1109/HPCC/SmartCity/DSS.2019.00162.
[31] C. Dong, F. Kiefer, Secure set-based policy checking and its application to password registration, in: International Conference on Cryptology and
Network Security, Springer, 2015, pp. 59–74.
[32] C. Dong, L. Chen, Z. Wen, When private set intersection meets big data: an efficient and scalable protocol, in: Proceedings of the 2013 ACM SIGSAC
Conference on Computer & Communications Security, ACM, 2013, pp. 789–800.
[33] D. Sadhya, S.K. Singh, Providing robust security measures to bloom filter based biometric template protection schemes, Computers & Security 67
(2017) 59–72.
[34] C. Rathgeb, C. Busch, Cancelable multi-biometrics: mixing iris-codes based on adaptive bloom filters, Computers & Security 42 (2014) 1–12.
[35] D. Derler, T. Jager, D. Slamanig, C. Striecks, Bloom filter encryption and applications to efficient forward-secret 0-rtt key exchange, in: J.B. Nielsen, V.
Rijmen (Eds.), Advances in Cryptology – EUROCRYPT 2018, Springer International Publishing, Cham, 2018, pp. 425–455.
[36] R. Patgiri, S. Nayak, S.K. Borgohain, rDBF: A r-dimensional bloom filter for massive scale membership query, Journal of Network and Computer
Applications 136 (2019) 100–113, https://doi.org/10.1016/j.jnca.2019.03.004.
[37] M. Burnett, Today i am releasing ten million passwords, Retrieved on November 2018 from URL:https://xato.net/today-i-am-releasing-ten-million-
passwords-b6278bbe7495. .
[38] R. Patgiri, S. Nayak, S.K. Borgohain, scaleBF: A high scalable membership filter using 3d bloom filter, International Journal of Advanced Computer
Science and Applications 9 (12). doi:10.14569/IJACSA.2018.091277. URL: https://doi.org/10.14569/IJACSA.2018.091277. .
[39] F. Grandi, On the analysis of bloom filters, Information Processing Letters 129 (2018) 35–39, https://doi.org/10.1016/j.ipl.2017.09.004.
[40] B. Pinkas, T. Sander, Securing passwords against dictionary attacks, in: Proceedings of the 9th ACM Conference on Computer and Communications
Security, CCS ’02, ACM, New York, NY, USA, 2002, pp. 161–170, https://doi.org/10.1145/586110.586133.