Implementation of a TPM-Based Security Enhanced Browser Password Manager 被引量：1

Implementation of a TPM-Based Security Enhanced Browser Password Manager

导出

摘要 In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module （TPM）. Our approach encrypts users＇ passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users＇ passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable.Abstract： In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module （TPM）. Our approach encrypts users＇ passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users＇ passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable. In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module （TPM）. Our approach encrypts users＇ passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users＇ passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable.Abstract： In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module （TPM）. Our approach encrypts users＇ passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users＇ passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable.

作者 HE Yuchen WANG Rui SHI Wenchang

机构地区 School of Information

出处《Wuhan University Journal of Natural Sciences》 CAS CSCD 2016年第1期56-62,共7页 武汉大学学报（自然科学英文版）

基金 Supported by the National Natural Science Foundation of China(61472429,61070192,91018008,61303074,61170240) the Beijing Municipal Natural Science Foundation(4122041) National High-Technology Research and Development Program of China(863 Program)(2007AA01Z414)

关键词 trusted platform module（TPM） password manager trusted encryption decryption trusted platform module（TPM） password manager trusted encryption decryption

分类号 TP309.2 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献1

1陈爱国,徐国爱,杨义先.基于可信计算的口令管理方案[J].北京邮电大学学报,2008,31(5):93-97. 被引量：4

二级参考文献13

1Ross B, Jackson C, Miyake N, et al. Stronger password authentication using browser extensions[C]//Proceedings of the 14th USENIX Security Symposium. California: USENIX Association Berkeley, 2005: 17-32.
2Halderman J A, Waters B, Felten E W. A convenient method for securely managing passwords [ C ]//Proceedings of the 14th International Conference on World Wide Web. Chiba: ACM Press, 2005:471-479.
3Yee K P, Sitaker K. Passpet: convenient password management and phishing protection[C]//Proceedings of the Second Symposium on Usable Privacy and Security. New York: ACM, 2006: 32-43.
4Trusted Computing Group. TCG specification architecture overview specification [ EB/OL ]. [ 2007-08-02 ]. http://www, trustedcomputinggroup, org.
5Trusted Computing Group. TCG software stack (TSS) specification[ EB/OL]. [ 2007-03-07 ]. http: //www. trustedcomputinggroup, org.
6Trusted Computing Group. TPM main part 1 design principles specification [ EB/OL]. [ 2007-07-09 ]. http: //www. trustedcomputinggroup, org.
7Yan J, Blackwell A, Anderson R, et al. The memorability and security of passwords-some empirical results [ Z ]. [S. l. ] : University of Cambridge Computer Laboratory,2000.
8Hamilton S S, Carlisle M C, Hamilton J A. A global look at authentication [C] // IWA' 07. New York: IEEE SMC, 2007: 1-8.
9Gajek S, Sadeghi A R, Stuble C, et al. Compartmented security for browsers-or how to thwat a phisher with trusted computing [ C] // Proceedings of the 2nd International Conference on Availability, Reliability and Security. Washington D C: IEEE Computer Society, 2007: 120-127.
10Me G, Pirro D, Sarrecchia R. A mobile based approach to strong authentication on web[ C] // Proceedings of the International Multi-Conference on Computing in the Global Information Technology. Washington D C: IEEE Computer Society, 2006: 67-67.

共引文献3

1刘帮涛,罗敏,陈爱国,尹德辉.一种基于可信计算的动态口令机制[J].华中科技大学学报（自然科学版）,2013,41(S1):383-387.
2周毅,郑雪峰,于义科.可信计算环境下基于进化理论的层信任模型实现[J].电信科学,2010,26(6):86-94.
3周毅,郑雪峰,于义科.基于进化理论的层信任模型研究与实现[J].计算机应用,2010,30(8):2114-2119.

同被引文献4

1LI Hongtao,XING Jinsheng,MA Jianfeng.A High-Assurance Trust Model for Digital Community Control System Based on Internet of Things[J].Wuhan University Journal of Natural Sciences,2016,21(1):29-36. 被引量：4
2WEI Guoheng,ZHANG Huanguo,WANG Ya.A New Relay Attack on Distance Bounding Protocols and Its Solution with Time-Stamped Authentication for RFID[J].Wuhan University Journal of Natural Sciences,2016,21(1):37-46. 被引量：2
3ZHANG Kang,GAO Ge,CHEN Yi,SONG Dingyan,LIU Ying,LV Bing.A High Robust Audio Watermarking Scheme Based on Orthogonal Decomposition[J].Wuhan University Journal of Natural Sciences,2016,21(2):139-144. 被引量：1
4陈兴蜀,胡亮,陈广瑞,陈林.虚拟网络环境下安全服务接入方法[J].华中科技大学学报（自然科学版）,2016,44(3):49-54. 被引量：4

引证文献1

1蔡莹.企业内网中的数据隔离与交换技术探索[J].科技资讯,2017,15(5):23-24.

1使用TPM加强OS的安全[J].Windows IT Pro Magazine（国际中文版）,2007(10):48-48.
2刘明理,谢苑,于素萍.一种基于TPM的群签名方案[J].郑州轻工业学院学报（自然科学版）,2008,23(2):80-82.
3张亮,刘建伟.一种适用于无线Mesh网络的一次性口令认证协议[J].微计算机信息,2010,26(27):40-42. 被引量：1
4CHEN Wenzhi ZHANG Zhipeng YANG Jianhua HE Qinming.vCerberus:A DRTM System Based on Virtualization Technology[J].Wuhan University Journal of Natural Sciences,2010,15(3):185-189.
5SHI Wenchang.Implementing Operating System Support for Extended Trusted Path in TPM-Capable Environments[J].Wuhan University Journal of Natural Sciences,2006,11(6):1493-1497. 被引量：3
6SHI Yuan,ZHAO Bo,YU Zhao,ZHANG Huanguo.A Security-Improved Scheme for Virtual TPM Based on KVM[J].Wuhan University Journal of Natural Sciences,2015,20(6):505-511. 被引量：6
7Broadcom公司新型安全应用处理器防止数据盗窃和身份假冒[J].电信科学,2009,25(1):88-88.
8博通新型处理器防止数据盗窃和身份假冒的关键[J].广播电视信息,2009,16(1):108-108.
9Broadcom新型安全应用处理器系列掌握防止数据盗窃和身份假冒的关键[J].电子与电脑,2009(1):69-69.
10顾晟.论神经系统网络在入侵检测系统的应用[J].信息系统工程,2009,22(5):46-49.

Wuhan University Journal of Natural Sciences

2016年第1期

浏览历史

内容加载中请稍等...