Doodling our way to better authentication
CHI '02 Extended Abstracts on Human Factors in Computing Systems
UNIX Password Security - Ten Years Later
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Server-Assisted Generation of a Strong Secret from a Password
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
A convenient method for securely managing passwords
WWW '05 Proceedings of the 14th international conference on World Wide Web
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Fast dictionary attacks on passwords using time-space tradeoff
Proceedings of the 12th ACM conference on Computer and communications security
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Computer Networks: The International Journal of Computer and Telecommunications Networking
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Halting password puzzles: hard-to-break encryption from human-memorable keys
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Honeypot Scheme for Distributed Denial-of-Service
ICACC '09 Proceedings of the 2009 International Conference on Advanced Computer Control
Hidden credential retrieval from a reusable password
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Password Cracking Using Probabilistic Context-Free Grammars
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
SessionJuggler: secure web login from an untrusted terminal using session hijacking
Proceedings of the 21st international conference on World Wide Web
Tapas: design, implementation, and usability evaluation of a password manager
Proceedings of the 28th Annual Computer Security Applications Conference
Honeywords: making password-cracking detectable
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
SAuth: protecting user accounts from password database leaks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
We introduce Kamouflage: a new architecture for building theft-resistant password managers. An attacker who steals a laptop or cell phone with a Kamouflage-based password manager is forced to carry out a considerable amount of online work before obtaining any user credentials. We implemented our proposal as a replacement for the built-in Firefox password manager, and provide performance measurements and the results from experiments with large real-world password sets to evaluate the feasibility and effectiveness of our approach. Kamouflage is well suited to become a standard architecture for password managers on mobile devices.