Design and Implementation of a Multi-cloud Based Browser Password Manager

doi:10.3969/j.issn.1671-1122.2015.09.029

Abstract

Abstract:

The current browser built-in password manager and some third-party password manager store user`s ciphertext data locally or bring in a single cloud, which may leak user`s passwords. To address such problem, in this paper we proposed a browser built-in Password Manager based on multi-cloud storage. We disperse user`s ciphertext information and then store them across multiple cloud storage provider. The proposal can improve the difficulty of gain ciphertext for an attacker. In this way we can improve the security of user information in plain text, in addition multi cloud storage technology can also improve the usability of Password Manager service.

Key words: password manager, multi cloud storage, browser plug-in

CLC Number:

TP309

Ding-bo LI, Lu-ning XIA, Zhan WANG. Design and Implementation of a Multi-cloud Based Browser Password Manager[J]. Netinfo Security, 2015, 15(9): 124-128.

Figures/Tables 6

References 15

[1]	J. Bonneau, C. Herley, P. C. van Oorschot, and F. Stajano. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes[C]// proc. of IEEE Symposium on Security and Privacy, 2012.
[2]	武传坤. 身份证件的安全要求和可使用的密码学技术[J]. 信息网络安全,2015,(5):21-27.
[3]	Kelley, Patrick Gage, et al.Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms[C]// proc. IEEE Symposium on Security and Privacy (S&P'12),2012.
[4]	S. Komanduri, R. Shay, P. G. Kelley, M. L. Mazurek,L. Bauer, N. Christin, L. F. Cranor,S. Egelman.Of passwords and people: Measuring the effect of password-composition policies[C]//Proc. of CHI, 2011.
[5]	J. Yan, A. Blackwell, R. Anderson,A. Grant.Password memorability and security: Empirical results[J]. IEEE Security and Privacy, 2004, 2(5):25-31.
[6]	段娟,辛阳,马宇威. 基于Web应用的安全日志审计系统研究与设计[J]. 信息网络安全,2014,(10):70-76.
[7]	Zhao R, Yue C.All your browser-saved passwords could belong to us: a security analysis and a cloud-based new design[C] //Proceedings of the third ACM conference on Data and application security and privacy. ACM, 2013: 333-340.
[8]	袁艳祥,游林. 基于身份加密的可认证密钥协商协议[J]. 信息网络安全,2014,(3):1-6.
[9]	Zhao, Rui,Chuan Yue. Toward a secure and usable cloud-based password manager for web browsers[J] .Computers & Security 2014: 32-47.
[10]	Li, Zhiwei, et al.The emperor? s new password manager: Security analysis of web-based password managers[C]//23rd USENIX Security Symposium (USENIX Security 14). 2014.
[11]	Zhao R, Yue C, Sun K.Vulnerability and risk analysis of two commercial browser and cloud based password managers[J]. SCIENCE, 2013, 2(4):183-197.
[12]	吕从东,韩臻,马威. 云存储服务端数据存储加密机制的设计和实现[J]. 信息网络安全,2014,(6):1-5.
[13]	J. K.Resch and J. S. Plank. AONT-RS: blending security and performance in dispersed storage systems[C]//FAST-2011: 9th Usenix Conference on File and Storage Technologies, February 2011.
[14]	秦志光,包文意,赵洋,等. 云存储中一种模糊关键字搜索加密方案[J]. 信息网络安全,2015,(6):7-12.
[15]	Silver, David, et al.Password managers: Attacks and defenses[C]//Proceedings of the 23rd Usenix Security Symposium. 2014.