Implementation of a TPM-based security enhanced browser password manager
详细信息    查看全文
  • 作者:Yuchen He ; Rui Wang ; Wenchang Shi
  • 关键词:trusted platform module(TPM) ; password manager ; trusted encryption decryption ; TP 309.2
  • 刊名:Wuhan University Journal of Natural Sciences
  • 出版年:2016
  • 出版时间:February 2016
  • 年:2016
  • 卷:21
  • 期:1
  • 页码:56-62
  • 全文大小:457 KB
  • 参考文献:[1]Li Z W, He W, Akhawe D, et al. The emperor’s new password manager: Security analysis of Web-based password managers [C] // Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14). Berkeley: USENIX Association Press, 2014: 465–479.
    [2]LastPass. LastPass Password Manager[EB/OL].[2015-09-02]. https://lastpass.com/.
    [3]Siber Systems. RoboForm Password Manager [EB/OL]. [2015-09-02]. http://www.roboform.com/.
    [4]Ross B, Jackson C, Miyake N, et al. Stronger password authentication using browser extensions [C] // Proceedings of the 14th Usenix Security Symposium. Berkeley: USENIX Association Press, 2005: 17–23.
    [5]Yee K P, Sitaker K. PASSPET: Convenient password manager and phishing protection [C] // Proceedings of the 2nd Symposium on Usable Privacy and Security. New York: ACM Press, 2006: 32–43.CrossRef
    [6]Kirda E, Kruegel C. Protecting users against phishing attacks with antiphish [C] // Computer Software and Applications Conference, 2005. Washington D C: IEEE Press, 2005, 1: 517–524.
    [7]Zhao R, Yue C. All your browser-saved passwords could belong to us: A security analysis and a cloud-based new design [C] // Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy. New York: ACM Press, 2013: 333–340.
    [8]Zhao R, Yue C, Sun K. Vulnerability and risk analysis of two commercial browser and cloud based password managers [J]. Science, 2013, 2(4): 183–197.CrossRef
    [9]Mccarney D, Barrera D, Clark J, et al. Tapas: Design, implementation and usability evaluation of a password manager[C] // Proceedings of the 28th Annual Computer Security Applications Conference. New York: ACM Press, 2012: 89–98.
    [10]Chen A G, Xu G A, Yang Y X. Password management scheme Based on Trusted Computing[J]. Journal of Beijing University of Posts and Telecommunications, 2008, 31(5): 93–97 (Ch).
    [11]Sailer R, Zhang X, Jaeger T, et al. Design and implementation of a TCG-based integrity measurement architecture [C] // Proceedings of the 13th USENIX Security Symposium. Berkeley: USENIX Association, 2004, 13: 16.
    [12]Safford D, Zohar M. A trusted linux client (TLC) [J]. Technical Paper, IBM Research, 2005, (1): 1–9.
    [13]Hynes B. Keys to protecting data with BitLocker drive encryption [J]. Technical Magazine, Microsoft, 2007, (6): 1–8.
    [14]Das S, Zhang W, Liu Y. Reconfigurable Dynamic trusted platform module for runtime execution monitoring [C] // Design Automation Conference (DAC). 2014. Washington D C: IEEE Press, 2014: 112–118.
    [15]Das S, Zhang W, Liu Y. Reconfigurable dynamic trusted platform module for control flow checking [C] // ISVLSI IEEE Computer Society Annual Symposium on VLSI 2014. Washington D C: IEEE Press, 2014: 166–171.
    [16]Kessels J C. Stopwatch [EB/OL].[2015-09-02]. http://www. numion.com/Stopwatch.
    [17]Futuremark. Peacekeeper [EB/OL]. [2015-09-02]. http://peacekeeper.futuremark.com/run.act.
  • 作者单位:Yuchen He (1)
    Rui Wang (1)
    Wenchang Shi (1)

    1. School of Information, Renmin University of China, Beijing, 100872, China
  • 刊物类别:Mathematics and Statistics
  • 刊物主题:Mathematics
    Computer Science, general
    Physics
    Life Sciences
    Chinese Library of Science
  • 出版者:Wuhan University, co-published with Springer
  • ISSN:1993-4998
文摘
In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module (TPM). Our approach encrypts users’ passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users’ passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable. Keywords trusted platform module(TPM) password manager trusted encryption decryption

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700