Secure Password Manager Based on Shadow DOM and Improved PBE

doi:10.3969/j.issn.1671-1122.2015.09.060

Abstract

Abstract:

Several types of Attacks targeted at password managers seriously threaten user’s privacy and data security. This paper finds off-line cracking and password stealing from login page is the major types of password attack on the client side, and traditional password protecting methods no longer effectively protect passwords. To prevent password leakage and cracking endanger user’s data, this paper proposes a design of secure password manager: utilizing improved PBE encryption and Shadow DOM based data isolation method to effectively solve the urgent secure problems of password managers.

Key words: password protection, security of Web, shadow DOM, data isolation

CLC Number:

TP309

Guo-feng JIANG, Neng GAO, Wei-yu JIANG. Secure Password Manager Based on Shadow DOM and Improved PBE[J]. Netinfo Security, 2015, 15(9): 270-273.

Figures/Tables 2

References 14

[1]	杨晨,游林. 可计算密文加密体制研究[J]. 信息网络安全,2014,(5):78-81.
[2]	Kontaxis G, Athanasopoulos E, Portokalidis G, et al.Sauth: Protecting user accounts from password database leaks[C]//Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 2013: 187-198.
[3]	Bonneau J, Herley C, Van Oorschot P C, et al. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes[C]// Security and Privacy (SP), 2012 IEEE Symposium on. IEEE, 2012: 553-567.Herley C, Van Oorschot P. A research agenda acknowledging the persistence of passwords. Security & Privacy, IEEE, 2012, 10(1): 28-36.
[4]	Herley C, Van Oorschot P.A research agenda acknowledging the persistence of passwords[J]. Security & Privacy, IEEE, 2012, 10(1): 28-36.
[5]	Herley C, van Oorschot P C, Patrick A S. Passwords: If we’re so smart, why are we still using them?[M]. Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2009: 230-237.
[6]	He W, Akhawe D, Jain S, et al.ShadowCrypt: Encrypted Web Applications for Everyone[C]//Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2014: 1028-1039.
[7]	Zhao R, Yue C.Toward a secure and usable cloud-based password manager for web browsers[J]. Computers & Security, 2014, 46: 32-47.
[8]	Dimitri Glazkov, Hayato Ito..
[9]	Paul December. New 25 GPU Monster Devours Passwords In Seconds[EB/OL]. https://securityledger.com/2012/12/new-25-gpu-monster-devours-passwords-in-seconds/, 2015-06-24.
[10]	Weir M, Aggarwal S, De Medeiros B, et al.Password cracking using probabilistic context-free grammars[C]//Security and Privacy, 2009 30th IEEE Symposium on. IEEE, 2009: 391-405.
[11]	吴茜,刘嘉勇,卿粼波. 基于VIPS算法和模糊字典匹配的网页提取技术研究[J]. 信息网络安全,2014,(10):49-53.
[12]	Bojinov H, Bursztein E, Boyen X, et al.Kamouflage: Loss-resistant password management[M]. Computer Security-ESORICS 2010. Springer Berlin Heidelberg, 2010: 286-302.
[13]	袁艳祥,游林. 基于身份加密的可认证密钥协商协议[J]. 信息网络安全,2014,(3):1-6.
[14]	He W, Akhawe D, Jain S, et al.ShadowCrypt: Encrypted Web Applications for Everyone[C]//Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2014: 1028-1039.

[1]	Zhiyan ZHAO, Xiaomo JI. Research on the Intelligent Fusion Model of Network Security Situation Awareness [J]. Netinfo Security, 2020, 20(4): 87-93.
[2]	Min LIU, Shuhui CHEN. Research on VoLTE Traffic Based on Association Fusion [J]. Netinfo Security, 2020, 20(4): 81-86.
[3]	Lingyu BIAN, Linlin ZHANG, Kai ZHAO, Fei SHI. Ethereum Malicious Account Detection Method Based on LightGBM [J]. Netinfo Security, 2020, 20(4): 73-80.
[4]	Yifeng DU, Yuanbo GUO. A Dynamic Access Control Method for Fog Computing Based on Trust Value [J]. Netinfo Security, 2020, 20(4): 65-72.
[5]	Zhizhou FU, Liming WANG, Ding TANG, Shuguang ZHANG. HBase Secondary Ciphertext Indexing Method Based on Homomorphic Encryption [J]. Netinfo Security, 2020, 20(4): 55-64.
[6]	Rong WANG, Chunguang MA, Peng WU. An Intrusion Detection Method Based on Federated Learning and Convolutional Neural Network [J]. Netinfo Security, 2020, 20(4): 47-54.
[7]	Xiaoli DONG, Shuai SHANG, Jie CHEN. Impossible Differential Attacks on 9-Round Block Cipher Rijndael-192 [J]. Netinfo Security, 2020, 20(4): 40-46.
[8]	Chun GUO, Changqing CHEN, Guowei SHEN, Chaohui JIANG. A Ransomware Classification Method Based on Visualization [J]. Netinfo Security, 2020, 20(4): 31-39.
[9]	Lu CHEN, Yajie SUN, Liqiang ZHANG, Yun CHEN. A Scheme of Measurement for Terminal Equipment Based on DICE in IoT [J]. Netinfo Security, 2020, 20(4): 21-30.
[10]	Jinfang JIANG, Guangjie HAN. Survey of Trust Management Mechanism in Wireless Sensor Network [J]. Netinfo Security, 2020, 20(4): 12-20.
[11]	Jianwei LIU, Yiran HAN, Bin LIU, Beiyuan YU. Research on 5G Network Slicing Security Model [J]. Netinfo Security, 2020, 20(4): 1-11.
[12]	Peng LIU, Qian HE, Wangyang LIU, Xu CHENG. CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption [J]. Netinfo Security, 2020, 20(3): 90-97.
[13]	Yubo SONG, Ming FAN, Junjie YANG, Aiqun HU. Multipath Solution and Blocking Method of Network Attack Traffic Based on Topology Analysis [J]. Netinfo Security, 2020, 20(3): 9-17.
[14]	Tengfei WANG, Manchun CAI, Tianliang LU, Ting YUE. IPv6 Network Attack Source Tracing Method Based on iTrace_v6 [J]. Netinfo Security, 2020, 20(3): 83-89.
[15]	Yi ZHANG, Hongyan LIU, Hequn XIAN, Chengliang TIAN. A Cloud Storage Encrypted Data Deduplication Method Based on Authorization Records [J]. Netinfo Security, 2020, 20(3): 75-82.