›› 2018,Vol. 33 ›› Issue (1): 98-115.doi: 10.1007/s11390-018-1810-y

所属专题: Computer Architecture and Systems

• Special Section on Selected Paper from NPC 2011 • 上一篇    下一篇

基于互不信任双方协作机制的密码管理器

Yu-Tao Liu1, Member, CCF, IEEE, Dong Du1, Yu-Bin Xia1,*, Senior Member, CCF, Member, ACM, IEEE, Hai-Bo Chen1, Distinguished Member, CCF, Senior Member, ACM, IEEE, Bin-Yu Zang1, Distinguished Member, CCF, Member, ACM, IEEE, Zhenkai Liang2, Member, ACM, IEEE   

  1. 1 Institute of Parallel and Distributed Systems, Shanghai Jiao Tong University, Shanghai 200240, China;
    2 School of Computing, National University of Singapore, Singapore 117417, Singapore
  • 收稿日期:2017-02-24 修回日期:2017-04-11 出版日期:2018-01-05 发布日期:2018-01-05
  • 通讯作者: Yu-Bin Xia E-mail:xiayubin@sjtu.edu.cn
  • 作者简介:Yu-Tao Liu received his B.S. degree in computer science from Fudan University, Shanghai, in 2012. He is currently a Ph.D. candidate of the Institute of Parallel and Distributed Systems, Shanghai Jiao Tong University, Shanghai. He is a member of CCF and IEEE. His research interests include virtualization, system security, and mobile security.
  • 基金资助:

    This work was supported by the National Key Research and Development Program of China under Grant No. 2016YFB1000104, the National Natural Science Foundation of China under Grant Nos. 61572314 and 61525204, and the Young Scientists Fund of the National Natural Science Foundation of China under Grant No. 61303011.

SplitPass: A Mutually Distrusting Two-Party Password Manager

Yu-Tao Liu1, Member, CCF, IEEE, Dong Du1, Yu-Bin Xia1,*, Senior Member, CCF, Member, ACM, IEEE, Hai-Bo Chen1, Distinguished Member, CCF, Senior Member, ACM, IEEE, Bin-Yu Zang1, Distinguished Member, CCF, Member, ACM, IEEE, Zhenkai Liang2, Member, ACM, IEEE   

  1. 1 Institute of Parallel and Distributed Systems, Shanghai Jiao Tong University, Shanghai 200240, China;
    2 School of Computing, National University of Singapore, Singapore 117417, Singapore
  • Received:2017-02-24 Revised:2017-04-11 Online:2018-01-05 Published:2018-01-05
  • Contact: Yu-Bin Xia E-mail:xiayubin@sjtu.edu.cn
  • About author:Yu-Tao Liu received his B.S. degree in computer science from Fudan University, Shanghai, in 2012. He is currently a Ph.D. candidate of the Institute of Parallel and Distributed Systems, Shanghai Jiao Tong University, Shanghai. He is a member of CCF and IEEE. His research interests include virtualization, system security, and mobile security.
  • Supported by:

    This work was supported by the National Key Research and Development Program of China under Grant No. 2016YFB1000104, the National Natural Science Foundation of China under Grant Nos. 61572314 and 61525204, and the Young Scientists Fund of the National Natural Science Foundation of China under Grant No. 61303011.

PDF (PC)

642

密码管理器使得人们对密码的管理更加方便安全,不过前提是密码管理器本身是安全可信的。然而近期的一些研究发现大部分的密码管理器都存在安全漏洞,使得密码可能在用户不知情的情况被泄露。在本文中,我们提出一套新型的密码管理器SplitPass系统,它将对密码的存储和访问垂直地划分成互不信任的两方。在登录时,双方互相协作将各自的密码部分发送给服务器,同时保证双方都无法得到完整的密码,从而很大程度上提高了攻击者窃取密码的难度。为了保持对应用程序和服务器程序的透明性,SplitPass系统提出了SSL层的会话植入和TCP层的载荷替换技术,使得应用程序和服务器程序在无需修改的前提下完成密码登录过程。我们利用Android手机和云端节点实现了SplitPass系统,并且利用Android官方市场的100个热门应用对其进行实验验证,测试结果表明SplitPass系统能够在引入较小性能和能耗开销的前提下有效地保护用户的密码。

Abstract: Using a password manager is known to be more convenient and secure than not using one, on the assumption that the password manager itself is safe. However recent studies show that most popular password managers have security vulnerabilities that may be fooled to leak passwords without users' awareness. In this paper, we propose a new password manager, SplitPass, which vertically separates both the storage and access of passwords into two mutually distrusting parties. During login, all the parties will collaborate to send their password shares to the web server, but none of these parties will ever have the complete password, which significantly raises the bar of a successful attack to compromise all of the parties. To retain transparency to existing applications and web servers, SplitPass seamlessly splits the secure sockets layer (SSL) and transport layer security (TCP) sessions to process on all parties, and makes the joining of two password shares transparent to the web servers. We have implemented SplitPass using an Android phone and a cloud assistant and evaluated it using 100 apps from top free apps in the Android official market. The evaluation shows that SplitPass securely protects users' passwords, while incurring little performance overhead and power consumption.

[1] Bonneau J, Herley C, van Oorschot P C, Stajano F. The quest to replace passwords:A framework for comparative evaluation of web authentication schemes. In Proc. IEEE Symp. Security and Privacy (SP), July 2012, pp.553-567.

[2] Silver D, Jana S, Boneh D, Chen E, Jackson C. Password managers:Attacks and defenses. In Proc. the 23rd USENIX Conf. Security Symp., August 2014, pp.449-464.

[3] Li Z W, He W, Akhawe D, Song D. The emperor's new password manager:Security analysis of web-based password managers. In Proc. the 23rd USENIX Conf. Security Symp., August 2014, pp.465-479.

[4] McCarney D, Barrera D, Clark J, Chiasson S, van Oorschot P C. Tapas:Design, implementation, and usability evaluation of a password manager. In Proc. the 28th Annual Computer Security Applications Conf., December 2012, pp.89-98.

[5] Tang Y, Ames P, Bhamidipati S, Bijlani A, Geambasu R, Sarda N. Cleanos:Limiting mobile data exposure with idle eviction. In Proc. the 10th USENIX Conf. Operating Systems Design and Implementation, October 2012, pp.77-91.

[6] Müller T, Spreitzenbarth M. FROST. In Applied Cryptography and Network Security, Jacobson M, Locasto M, Mohassel P, Safavi-Naini R (eds.), Springer 2013, pp.373-388.

[7] Zhang F Z, Chen J, Chen H B, Zang B Y. Cloudvisor:Retrofitting protection of virtual machines in multitenant cloud with nested virtualization. In Proc. the 23rd ACM Symp. Operating Systems Principles, October 2011, pp.203-216.

[8] Das A, Bonneau J, Caesar M, Borisov N, Wang X F. The tangled web of password reuse. In Network and Distributed System Security Symp., February 2014, pp.23-26.

[9] Alves T, Felton D. Trustzone:Integrated hardware and software security. ARM White Paper, 2004, 3(4):18-24.

[10] Li W H, Ma M Y, Han J C, Xia Y B, Zang B Y, Chu C K, Li T Y. Building trusted path on untrusted device drivers for mobile devices. In Proc. the 5th Asia-Pacific Workshop on Systems, June 2014.

[11] Fahl S, Harbach M, Muders T, Baumgärtner L, Freisleben B, Smith M. Why Eve and Mallory love Android:An analysis of Android SSL (in) security. In Proc. the ACM Conf. Computer and Communications Security, October 2012, pp.50-61.

[12] Mantin I, Shamir A. A practical attack on broadcast RC4. In Fast Software Encryption, Matsui M (ed.), Springer, 2002, pp.152-164.

[13] Morris R, Thompson K. Password security:A case history. Communications of the ACM, 1979, 22(11):594-597.

[14] Zhang Y Q, Monrose F, Reiter M K. The security of modern password expiration:An algorithmic framework and empirical analysis. In Proc. the 17th ACM Conf. Computer and Communications Security, October 2010, pp.176-186.

[15] Saxena N, Voris J. Exploring mobile proxies for better password authentication. In Information and Communications Security, Chim T W, Yuen T H (eds.), Springer, 2012, pp.293-302.

[16] Czeskis A, Dietz M, Kohno T, Wallach D, Balfanz D. Strengthening user authentication through opportunistic cryptographic identity assertions. In Proc. the ACM Conf. Computer and Communications Security, October 2012, pp.404-414.

[17] Satyanarayanan M, Bahl P, Caceres R, Davies N. The case for VM-based cloudlets in mobile computing. IEEE Pervasive Computing, 2009, 8(4):14-23.

[18] Gordon M S, Jamshidi D A, Mahlke S, Mao Z M, Chen X. COMET:Code offload by migrating execution transparently. In Proc. the 10th USENIX Conf. Operating Systems Design and Implementation, October 2012, pp.93-106.

[19] Geambasu R, John J P, Gribble S D, Kohno T, Levy H M. Keypad:An auditing file system for theft-prone devices. In Proc. the 6th Conf. Computer Systems, April 2011.

[20] MacKenzie P, Reiter M K. Networked cryptographic devices resilient to capture. Int. Journal of Information Security, 2003, 2(1):1-20.

[21] Cheng J, Wong S H Y, Yang H, Lu S W. SmartSiren:Virus detection and alert for smartphones. In Proc. the 5th Int. Conf. Mobile Systems, Applications and Services, June 2007, pp.258-271.

[22] Oberheide J, Cooke E, Jahanian F. CloudAV:N-version antivirus in the network cloud. In Proc. the 17th Conf. Security Symposium, August 2008, pp.91-106.

[23] Jarabek C, Barrera D, Aycock J. ThinAV:Truly lightweight mobile cloud-based anti-malware. In Proc. the 28th Annual Computer Security Applications Conf., December 2012, pp.209-218.

[24] Puttaswamy K P N, Kruegel C, Zhao B Y. Silverline:Toward data confidentiality in storage-intensive cloud applications. In Proc. the 2nd ACM Symp. Cloud Computing, October 2011.

[25] Satyanarayanan M, Lewis G, Morris E, Simanta S, Boleng J, Ha K. The role of cloudlets in hostile environments. IEEE Pervasive Computing, 2013, 12(4):40-49.

[26] Portokalidis G, Homburg P, Anagnostakis K, Bos H. Paranoid Android:Versatile protection for smartphones. In Proc. the 26th Annual Computer Security Applications Conf., December 2010, pp.347-356.

[27] Xia Y B, Liu Y T, Tan C, Ma M Y, Guan H B, Zang B Y, Chen H B. TinMan:Eliminating confidential mobile data exposure with security oriented offloading. In Proc. the 10th European Conf. Computer Systems, April 2015, Article No. 27.

[28] Zhu S W, Lu L, Singh K. CASE:Comprehensive application security enforcement on COTS mobile devices. In Proc. the 14th Annual Int. Conf. Mobile Systems, Applications, and Services, June 2016, pp.375-386.

[29] Huang Y, Chapman P, Evans D. Privacy-preserving applications on smartphones. In Proc. the 6th USENIX Workshop on Hot Topics in Security, August 2011.

[30] Lee S, Wong E L, Goel D, Dahlin M, Shmatikov V. πBox:A platform for privacy-preserving apps. In Proc. the 10th USENIX Conf. Networked Systems Design and Implementation, April 2013, pp.501-514.

[31] Cox L P, Gilbert P, Lawler G, Pistol V, Razeen A, Wu B, Cheemalapati S. SpanDex:Secure password tracking for Android. In Proc. the 23rd USENIX Conf. Security Symposium, August 2014, pp.481-494.

[32] Spahn R, Bell J, Lee M Z, Bhamidipati S, Geambasu R, Kaiser G. Pebbles:Fine-grained data management abstractions for modern operating systems. In Proc. the 11th USENIX Conf. Operating Systems Design and Implementation, October 2014, pp.113-129.

[33] Li X L, Hu H, Bai G D, Jia Y Q, Liang Z K, Saxena P. DroidVault:A trusted data vault for Android devices. In Proc. the 19th Int. Conf. Engineering of Complex Computer Systems (ICECCS), August 2014, pp.29-38.

[34] Peterson P A H. Cryptkeeper:Improving security with encrypted RAM. In Proc. IEEE Int Conf. Technologies for Homeland Security (HST), November 2010, pp.120-126.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
[1] 刘明业; 洪恩宇;. Some Covering Problems and Their Solutions in Automatic Logic Synthesis Systems[J]. , 1986, 1(2): 83 -92 .
[2] 陈世华;. On the Structure of (Weak) Inverses of an (Weakly) Invertible Finite Automaton[J]. , 1986, 1(3): 92 -100 .
[3] 高庆狮; 张祥; 杨树范; 陈树清;. Vector Computer 757[J]. , 1986, 1(3): 1 -14 .
[4] 陈肇雄; 高庆狮;. A Substitution Based Model for the Implementation of PROLOG——The Design and Implementation of LPROLOG[J]. , 1986, 1(4): 17 -26 .
[5] 黄河燕;. A Parallel Implementation Model of HPARLOG[J]. , 1986, 1(4): 27 -38 .
[6] 闵应骅; 韩智德;. A Built-in Test Pattern Generator[J]. , 1986, 1(4): 62 -74 .
[7] 唐同诰; 招兆铿;. Stack Method in Program Semantics[J]. , 1987, 2(1): 51 -63 .
[8] 闵应骅;. Easy Test Generation PLAs[J]. , 1987, 2(1): 72 -80 .
[9] 朱鸿;. Some Mathematical Properties of the Functional Programming Language FP[J]. , 1987, 2(3): 202 -216 .
[10] 李明慧;. CAD System of Microprogrammed Digital Systems[J]. , 1987, 2(3): 226 -235 .
版权所有 © 《计算机科学技术学报》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn
总访问量: