Using a password manager is known to be more convenient and secure than not using one, on the assumption that the password manager itself is safe. However recent studies show that most popular password managers have security vulnerabilities that may be fooled to leak passwords without users' awareness. In this paper, we propose a new password manager, SplitPass, which vertically separates both the storage and access of passwords into two mutually distrusting parties. During login, all the parties will collaborate to send their password shares to the web server, but none of these parties will ever have the complete password, which significantly raises the bar of a successful attack to compromise all of the parties. To retain transparency to existing applications and web servers, SplitPass seamlessly splits the secure sockets layer (SSL) and transport layer security (TCP) sessions to process on all parties, and makes the joining of two password shares transparent to the web servers. We have implemented SplitPass using an Android phone and a cloud assistant and evaluated it using 100 apps from top free apps in the Android official market. The evaluation shows that SplitPass securely protects users' passwords, while incurring little performance overhead and power consumption.
This work was supported by the National Key Research and Development Program of China under Grant No. 2016YFB1000104, the National Natural Science Foundation of China under Grant Nos. 61572314 and 61525204, and the Young Scientists Fund of the National Natural Science Foundation of China under Grant No. 61303011.
通讯作者: Yu-Bin Xia
About author: Yu-Tao Liu received his B.S. degree in computer science from Fudan University, Shanghai, in 2012. He is currently a Ph.D. candidate of the Institute of Parallel and Distributed Systems, Shanghai Jiao Tong University, Shanghai. He is a member of CCF and IEEE. His research interests include virtualization, system security, and mobile security.
Yu-Tao Liu, Dong Du, Yu-Bin Xia, Hai-Bo Chen, Bin-Yu Zang, Zhenkai Liang.基于互不信任双方协作机制的密码管理器[J] Journal of Computer Science and Technology , 2018,V33(1): 98-115
Yu-Tao Liu, Dong Du, Yu-Bin Xia, Hai-Bo Chen, Bin-Yu Zang, Zhenkai Liang.SplitPass: A Mutually Distrusting Two-Party Password Manager[J] Journal of Computer Science and Technology, 2018,V33(1): 98-115
 Bonneau J, Herley C, van Oorschot P C, Stajano F. The quest to replace passwords:A framework for comparative evaluation of web authentication schemes. In Proc. IEEE Symp. Security and Privacy (SP), July 2012, pp.553-567. Silver D, Jana S, Boneh D, Chen E, Jackson C. Password managers:Attacks and defenses. In Proc. the 23rd USENIX Conf. Security Symp., August 2014, pp.449-464. Li Z W, He W, Akhawe D, Song D. The emperor's new password manager:Security analysis of web-based password managers. In Proc. the 23rd USENIX Conf. Security Symp., August 2014, pp.465-479. McCarney D, Barrera D, Clark J, Chiasson S, van Oorschot P C. Tapas:Design, implementation, and usability evaluation of a password manager. In Proc. the 28th Annual Computer Security Applications Conf., December 2012, pp.89-98. Tang Y, Ames P, Bhamidipati S, Bijlani A, Geambasu R, Sarda N. Cleanos:Limiting mobile data exposure with idle eviction. In Proc. the 10th USENIX Conf. Operating Systems Design and Implementation, October 2012, pp.77-91. Müller T, Spreitzenbarth M. FROST. In Applied Cryptography and Network Security, Jacobson M, Locasto M, Mohassel P, Safavi-Naini R (eds.), Springer 2013, pp.373-388. Zhang F Z, Chen J, Chen H B, Zang B Y. Cloudvisor:Retrofitting protection of virtual machines in multitenant cloud with nested virtualization. In Proc. the 23rd ACM Symp. Operating Systems Principles, October 2011, pp.203-216. Das A, Bonneau J, Caesar M, Borisov N, Wang X F. The tangled web of password reuse. In Network and Distributed System Security Symp., February 2014, pp.23-26. Alves T, Felton D. Trustzone:Integrated hardware and software security. ARM White Paper, 2004, 3(4):18-24. Li W H, Ma M Y, Han J C, Xia Y B, Zang B Y, Chu C K, Li T Y. Building trusted path on untrusted device drivers for mobile devices. In Proc. the 5th Asia-Pacific Workshop on Systems, June 2014. Fahl S, Harbach M, Muders T, Baumgärtner L, Freisleben B, Smith M. Why Eve and Mallory love Android:An analysis of Android SSL (in) security. In Proc. the ACM Conf. Computer and Communications Security, October 2012, pp.50-61. Mantin I, Shamir A. A practical attack on broadcast RC4. In Fast Software Encryption, Matsui M (ed.), Springer, 2002, pp.152-164. Morris R, Thompson K. Password security:A case history. Communications of the ACM, 1979, 22(11):594-597. Zhang Y Q, Monrose F, Reiter M K. The security of modern password expiration:An algorithmic framework and empirical analysis. In Proc. the 17th ACM Conf. Computer and Communications Security, October 2010, pp.176-186. Saxena N, Voris J. Exploring mobile proxies for better password authentication. In Information and Communications Security, Chim T W, Yuen T H (eds.), Springer, 2012, pp.293-302. Czeskis A, Dietz M, Kohno T, Wallach D, Balfanz D. Strengthening user authentication through opportunistic cryptographic identity assertions. In Proc. the ACM Conf. Computer and Communications Security, October 2012, pp.404-414. Satyanarayanan M, Bahl P, Caceres R, Davies N. The case for VM-based cloudlets in mobile computing. IEEE Pervasive Computing, 2009, 8(4):14-23. Gordon M S, Jamshidi D A, Mahlke S, Mao Z M, Chen X. COMET:Code offload by migrating execution transparently. In Proc. the 10th USENIX Conf. Operating Systems Design and Implementation, October 2012, pp.93-106. Geambasu R, John J P, Gribble S D, Kohno T, Levy H M. Keypad:An auditing file system for theft-prone devices. In Proc. the 6th Conf. Computer Systems, April 2011. MacKenzie P, Reiter M K. Networked cryptographic devices resilient to capture. Int. Journal of Information Security, 2003, 2(1):1-20. Cheng J, Wong S H Y, Yang H, Lu S W. SmartSiren:Virus detection and alert for smartphones. In Proc. the 5th Int. Conf. Mobile Systems, Applications and Services, June 2007, pp.258-271. Oberheide J, Cooke E, Jahanian F. CloudAV:N-version antivirus in the network cloud. In Proc. the 17th Conf. Security Symposium, August 2008, pp.91-106. Jarabek C, Barrera D, Aycock J. ThinAV:Truly lightweight mobile cloud-based anti-malware. In Proc. the 28th Annual Computer Security Applications Conf., December 2012, pp.209-218. Puttaswamy K P N, Kruegel C, Zhao B Y. Silverline:Toward data confidentiality in storage-intensive cloud applications. In Proc. the 2nd ACM Symp. Cloud Computing, October 2011. Satyanarayanan M, Lewis G, Morris E, Simanta S, Boleng J, Ha K. The role of cloudlets in hostile environments. IEEE Pervasive Computing, 2013, 12(4):40-49. Portokalidis G, Homburg P, Anagnostakis K, Bos H. Paranoid Android:Versatile protection for smartphones. In Proc. the 26th Annual Computer Security Applications Conf., December 2010, pp.347-356. Xia Y B, Liu Y T, Tan C, Ma M Y, Guan H B, Zang B Y, Chen H B. TinMan:Eliminating confidential mobile data exposure with security oriented offloading. In Proc. the 10th European Conf. Computer Systems, April 2015, Article No. 27. Zhu S W, Lu L, Singh K. CASE:Comprehensive application security enforcement on COTS mobile devices. In Proc. the 14th Annual Int. Conf. Mobile Systems, Applications, and Services, June 2016, pp.375-386. Huang Y, Chapman P, Evans D. Privacy-preserving applications on smartphones. In Proc. the 6th USENIX Workshop on Hot Topics in Security, August 2011. Lee S, Wong E L, Goel D, Dahlin M, Shmatikov V. πBox:A platform for privacy-preserving apps. In Proc. the 10th USENIX Conf. Networked Systems Design and Implementation, April 2013, pp.501-514. Cox L P, Gilbert P, Lawler G, Pistol V, Razeen A, Wu B, Cheemalapati S. SpanDex:Secure password tracking for Android. In Proc. the 23rd USENIX Conf. Security Symposium, August 2014, pp.481-494. Spahn R, Bell J, Lee M Z, Bhamidipati S, Geambasu R, Kaiser G. Pebbles:Fine-grained data management abstractions for modern operating systems. In Proc. the 11th USENIX Conf. Operating Systems Design and Implementation, October 2014, pp.113-129. Li X L, Hu H, Bai G D, Jia Y Q, Liang Z K, Saxena P. DroidVault:A trusted data vault for Android devices. In Proc. the 19th Int. Conf. Engineering of Complex Computer Systems (ICECCS), August 2014, pp.29-38. Peterson P A H. Cryptkeeper:Improving security with encrypted RAM. In Proc. IEEE Int Conf. Technologies for Homeland Security (HST), November 2010, pp.120-126.