SecureWeb： Protecting Sensitive Information Through the Web Browser Extension with a Security Token 被引量：2

SecureWeb: Protecting Sensitive Information Through the Web Browser Extension with a Security Token

导出

摘要 The leakage of sensitive data occurs on a large scale and with increasingly serious impact. It may cause privacy disclosure or even property damage. Password leakage is one of the fundamental reasons for information leakage, and its importance is must be emphasized because users are likely to use the same passwords for different Web application accounts. Existing approaches use a password manager and encrypted Web application to protect passwords and other sensitive data; however, they may be compromised or lack accessibility. The paper presents SecureWeb, which is a secure, practical, and user-controllable framework for mitigating the leakage of sensitive data. SecureWeb protects users＇ passwords and aims to provide a unified protection solution to diverse sensitive data. The efficiency of the developed schemes is demonstrated and the results indicate that it has a low overhead and are of practical use. The leakage of sensitive data occurs on a large scale and with increasingly serious impact. It may cause privacy disclosure or even property damage. Password leakage is one of the fundamental reasons for information leakage, and its importance is must be emphasized because users are likely to use the same passwords for different Web application accounts. Existing approaches use a password manager and encrypted Web application to protect passwords and other sensitive data; however, they may be compromised or lack accessibility. The paper presents SecureWeb, which is a secure, practical, and user-controllable framework for mitigating the leakage of sensitive data. SecureWeb protects users＇ passwords and aims to provide a unified protection solution to diverse sensitive data. The efficiency of the developed schemes is demonstrated and the results indicate that it has a low overhead and are of practical use.

作者 Shuang Liang Yue Zhang Bo Li Xiaojie Guo Chunfu Jia Zheli Liu

机构地区 College of Cyberspace Security College of Cyberspace Security Information Security Evaluation Center of Civil Aviation Key Lab on High Trusted Information System in Hebei Province

出处《Tsinghua Science and Technology》 SCIE EI CAS CSCD 2018年第5期526-538,共13页 清华大学学报（自然科学版（英文版）

基金 supported by the National Key Basic Research Program of China (No. 2013CB834204) the National Natural Science Foundation of China (Nos. 61672300 and 61772291) the Natural Science Foundation of Tianjin, China (Nos. 16JCYBJC15500 and 17JCZDJC30500) the Open Project Foundation of Information Security Evaluation Center of Civil Aviation, and Civil Aviation University of China (No. CAACISECCA-201702)

关键词 password manager data privacy format-preserving encryption Shadow Document Object Model（DOM） password manager data privacy format-preserving encryption Shadow Document Object Model（DOM）

分类号 TP393.09 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献2

1LI Jingwei,LIU Zheli,XU Li,JIA Chunfu.An Efficient Format-Preserving Encryption Mode for Practical Domains[J].Wuhan University Journal of Natural Sciences,2012,17(5):428-434. 被引量：2
2Chengsheng Yuan,Xingming Sun,Rui Lv.Fingerprint Liveness Detection Based on Multi-Scale LPQ and PCA[J].China Communications,2016,13(7):60-65. 被引量：12

二级参考文献14

1Spies T. Format preserving encryption [EB/OL]. [2012-01-13]. http ://15 7.2 38.212. 4 5/pdf/Voltage-Security- WhitePaper-For mat-Preserving-Encryption.pdf.
2Spies T. Feistel finite set encryption mode [EB/OL]. [2012-01-13 ]. http ://csrc. nist.gov/groups/ST/toolkit/BCM/ docments/ proposedmodes/ffsem/ ffsem-spec.
3FIPS Pub 74. Guidelines for Implementing and Using the NBS Data Encryption Standard [S]. USA: U.S. National Bureau, 1981.
4Brightwell M, Smith H E. Using datatype-preserving en- cryption to enhance data warehouse security [C]// Proceed- ing of National Information Systems Security Conference. Baltimore: National Institute of Standards and Technology, 1997: 141-149.
5Black J, Rogaway P. Ciphers with arbitrary finite domains [C]//Proceeding of Topics in Cryptology CT-RSA 2002. San Jose: Springer-Verlag, 2002:185-203.
6Bellare M, Ristenpart T, Rogaway P, et al. Format preserving encryption [C]// Proceeding of the Selected Areas in Cryp- tography 2009. Calgary: Springer-Verlag, 2009: 295- 312.
7Liskov M, Rivest R L, Wagner D. Tweakable block ciphers [C]//Proceeding of Advances in Cryptology CRYPTO 2002. Santa Barbara: Springer-Verlag, 2002:31-46.
8Schneier B, Kelsey J. Unbalanced feistel networks and block cipher design [C]//Proceeding of Fast Software Encryption 1996. Cambridge: Springer-Verlag, 1996: 121-144.
9Bellare M, Rogaway P, Spies T. The FFX mode of operation for format-preserving encryption [EB/OL]. [2012-07-14]. http://www.csrc.nist.gov/groups/ST/toolkit/BCM/documents/p roposedmodes/ffx/ffx-spec.pdf.
10Bellare M, Rogaway P, Spies T. Addendum to the 'The FFX mode of operation for format-preserving encryption' [EB/OL]. [2012-01 - 13 ]. http://csrc, ncsl. nist.gov/groups/ST/toolkit/BCM/ documents/proposedmodes/ffx/ffx-spec2.pdf .

共引文献12

1Ji-Liang Zhang,Wei-Zheng Wang,Xing-Wei Wang,Zhi-Hua Xia.Enhancing Security of FPGA-Based Embedded Systems with Combinational Logic Binding[J].Journal of Computer Science & Technology,2017,32(2):329-339. 被引量：2
2Min Lei,Yixian Yang,Xinxin Niu,Yu Yang,Jie Hao.An Overview of General Theory of Security[J].China Communications,2017,14(7):1-10.
3Shaopeng GUAN,Yongyu WANG,Jian SHEN.Fingerprint-based access to personally controlled health records in emergency situations[J].Science China(Information Sciences),2018,61(5):308-310.
4Hua Wei,Chun Shan,Changzhen Hu,Huizhong Sun,Min Lei.Software Defect Distribution Prediction Model Based on NPE-SVM[J].China Communications,2018,15(5):173-182. 被引量：1
5张金敏,冯映科,王思明.基于WLD-LPQ特征的心盘螺栓故障图像检测算法[J].铁道科学与工程学报,2018,15(9):2349-2358. 被引量：5
6朱换荣,郑智超,孙怀江.面向局部线性回归分类器的判别分析方法[J].智能系统学报,2019,14(5):959-965. 被引量：2
7MAI Viet Thuan,DINH Cong Huong.Robust Finite-Time Stability and Stabilization of a Class of Fractional-Order Switched Nonlinear Systems[J].Journal of Systems Science & Complexity,2019,32(6):1479-1497. 被引量：3
8Lei Zhang,Youheng Dong,Jianxin Wang,Chaoen Xiao,Ding Ding.A Hardware Trojan Detection Method Based on the Electromagnetic Leakage[J].China Communications,2019,16(12):100-110. 被引量：1
9顾兆军,蔡畅,王明.基于改进保留格式加密的民航旅客数据脱敏方法[J].信息网络安全,2021(5):39-47. 被引量：6
10李仁旺,杨柳,陈高曙,施展.一种应用于嵌入式设备的指印活性检测方法[J].浙江工业大学学报,2023,51(1):32-37.

同被引文献7

1Xiaolin Xu,Hai Jin,Song Wu,Lixiang Tang,Yihong Wang.URMG: Enhanced CBMG-Based Method for Automatically Testing Web Applications in the Cloud[J].Tsinghua Science and Technology,2014,19(1):65-75. 被引量：2
2Xiao-Fang Qi,Zi-Yuan Wang,Jun-Qiang Mao,Peng Wang.Automated Testing of Web Applications Using Combinatorial Strategies[J].Journal of Computer Science & Technology,2017,32(1):199-210. 被引量：3
3Muge Li,Liangyue Li,Feiping Nie.Ranking with Adaptive Neighbors[J].Tsinghua Science and Technology,2017,22(6):733-738. 被引量：1
4Lishan Li,Gang Ren,Ying Liu,Jianping Wu.Secure DHCPv6 Mechanism for DHCPv6 Security and Privacy Protection[J].Tsinghua Science and Technology,2018,23(1):13-21. 被引量：3
5Kai Fan,Hui Li,Wei Jiang,Chengsheng Xiao,Yintang Yang.Secure Authentication Protocol for Mobile Payment[J].Tsinghua Science and Technology,2018,23(5):610-620. 被引量：3
6Xin Jin,Qixu Wang,Xiang Li,Xingshu Chen,Wei Wang.Cloud Virtual Machine Lifecycle Security Framework Based on Trusted Computing[J].Tsinghua Science and Technology,2019,24(5):520-534. 被引量：4
7Yuzhao Wu,Yongqiang Lyu,Yuanchun Shi.Cloud Storage Security Assessment Through Equilibrium Analysis[J].Tsinghua Science and Technology,2019,24(6):738-749. 被引量：4

引证文献2

1Renjie Lu,Haihua Shen,Zhihua Feng,Huawei Li,Wei Zhao,Xiaowei Li.HTDet:A Clustering Method Using Information Entropy for Hardware Trojan Detection[J].Tsinghua Science and Technology,2021,26(1):48-61. 被引量：5
2Weiwei Wang,Junxia Guo,Zheng Li,Ruilian Zhao.Behavior Model Construction for Client Side of Modern Web Applications[J].Tsinghua Science and Technology,2021,26(1):112-134. 被引量：1

二级引证文献6

1崔颖,王铃秀,李文山.二次样本筛选的高光谱图像分类研究[J].应用科技,2021,48(3):7-11.
2崔晓通,秦蔚蓉,程克非,吴渝.可信设计技术的脆弱性分析与防御[J].电子与信息学报,2021,43(9):2482-2488.
3荆雪纯,赵鹏,崔志华.一种基于信息传递的稀疏子空间聚类算法框架[J].小型微型计算机系统,2022,43(8):1661-1667. 被引量：1
4王志亮,纪松波.基于SpringBoot的Web前端与数据库的接口设计[J].工业控制计算机,2023,36(3):51-53. 被引量：11
5伍远翔,唐明,胡一凡,张吉良.基于路径延迟故障序列的硬件木马检测方法[J].计算机工程与设计,2024,45(1):1-9.
6Rui Wang,Wenhua Li,Kaili Shen,Tao Zhang,Xiangke Liao.Evolutionary Multi-Tasking Optimization for High-Efficiency Time Series Data Clustering[J].Tsinghua Science and Technology,2024,29(2):343-355.

1王敏.敏感数据是个人隐私保护的核心领域[J].团结,2018(3):30-32. 被引量：1
2刘景升,班涛,周霏.基于视觉注意理论的安全标志识别研究[J].南方农机,2018,49(13):48-49. 被引量：3
3外刊文摘[J].中国信息安全,2010(9).
4穆易.农业农村部通报谷物干燥机质量调查情况部分产品存在安全标志缺失、安全防护不到位问题[J].中国农机监理,2018,0(6):34-35. 被引量：1
5张晶姝.终端数据防泄漏系统在企业中的应用实践[J].数字技术与应用,2018,36(5):191-192. 被引量：3
6周茂林.英国公布政府部门《网络安全最低标准》[J].互联网天地,2018(6):58-58.
7Mingming Lu,Yihan Guo,Dan Meng,Cuncai Li,Yin Zhao.An Information-Aware Privacy-Preserving Accelerometer Data Sharing[J].国际计算机前沿大会会议论文集,2017(1):107-109.
8Wei Wang.A Social Stability Analysis System Based on Web Sensitive Information Mining[J].国际计算机前沿大会会议论文集,2015(B12):12-14.

Tsinghua Science and Technology

2018年第5期

浏览历史

内容加载中请稍等...