On the design and implementation of a secure online password vault.

We give one example of an adaptive NLE based on Markov models and show that the attack is only able to rank the decoy vaults with a median rank of 35.1 %. ... To manage accounts on multiple devices, vaults are often stored at an online service, which substantially increases the risk of leaking the (encrypted) vault. ... The NoCrack Implementation. The authors of NoCrack implemented a full version of a Honey Encryption-based password vault. The implementation must be considered a prototype which does not always ...

doi:10.1145/2976749.2978416 dblp:conf/ccs/GollaBD16 fatcat:ki3wnb7zrnfarnlm2zxv7cnbcm

We present an attack and supporting analysis showing that a previous design for cracking-resistant vaults-the only one of which we are aware-actually degrades security relative to conventional password-based ... A password vault can greatly reduce the burden on a user of remembering passwords, but introduces a single point of failure. ... We thank Michael Doescher for helping in several design choices of PCFG construction and cleaning the Pastebin dataset, Shoban Preeth Chandrabose for his feedback on the machine learning analysis of NoCrack ...

doi:10.1109/sp.2015.36 dblp:conf/sp/ChatterjeeBJR15 fatcat:opdswawyszdq5accuqmk3mnpea

To address these security vulnerabilities, we propose BluePass, a password manager that stores the password vault (i.e., the set of all the encrypted site passwords of a user) locally in a mobile device ... and a decryption key to the vault in the user computer. ... In the design of BluePass, all the site passwords of a user are encrypted and stored in the user's mobile device. ...

doi:10.4108/eai.10-1-2019.156244 fatcat:cgenwvndavb5liq6su4yf2av7m

DOAJ

Based on the proposed scheme, we design an online authentication application framework implemented using face images. ... We present in this paper a new fuzzy vault scheme that can effectively utilize the ordered characteristics of biometric features. ... Based on the proposed scheme, we design an application framework of online authentication. ...

doi:10.4304/jcm.6.9.682-690 fatcat:j7s77kalyjghtj4tllzz46x6cy

Szczepanski

This requires the generation of synthetic password vaults that are statistically indistinguishable from real ones. ... Our results include the infeasibility of perfectly secure decoy vaults and the conjecture that secure decoy vaults are at least as hard to construct as secure steganography. ... This research was funded by Deutsche Forschungsgemeinschaft (DFG) under grant "Informationstheoretische Schranken digitaler Bildforensik" and by Archimedes Privatstiftung, Innsbruck, Austria. ...

doi:10.1007/978-3-319-58469-0_24 fatcat:szm7uuvwufettj6eknsgb2ixmy

A secure password manager capable of storing multiple user accounts and passwords can be used to solve this issue, relieving users of the stress and challenge of remembering multiple accounts and passwords ... To address this problem, an effective tool for managing password is designed and implemented. ... The purpose of the Authentication Key is to identify a particular user and retrieve the vault whereas the purpose of the Vault Key is to encrypt and decrypt data. ...

doi:10.34218/ijeet.12.5.2021.001 fatcat:rnrie7xajzgrvpqiyqeuk3acoa

Also, part of the objectives was to build and test a prototype that facilitates the secure sharing of passwords over the internet using the redefined process model.The research was an exploratory study ... Based on security best practices for passwords, the credential is a confidential pin for authenticating system users. Still, there are instances where users share a common password for resources. ... System Design or architecture The system components, that is, the SERVER (WIN-10-VM- 03),USER A (WIN-10-VM-01), USER B(WIN-10-VM-02), and the communication network,were implemented on a virtual environment ...

doi:10.5120/ijca2021921733 fatcat:47hhwb5kdvfnnbboqyowslzayu

These two architectures are designed to be implemented with either end of the spectrum of inexpensive and widely-available NFC tags while maintaining a reasonable trade-off between security, availability ... ., password, PIN) often do not scale well to the context of mobile devices in terms of security and usability. ... A special note of thanks to the Institute of Networks and Security for hosting and supporting this author. ...

doi:10.3390/info8030081 fatcat:eeeuz3pf3zhcfgaoapahsi4gsy

DOAJ Szczepanski

These password managers usually come as a bundle of three features -(1) A random and secure password generator (which generates secure random strings to be used as passwords) (2) An encrypted storage vault ... The accessibility of the password manager is crucial and hence it should be implementable on a variety of platforms which includes websites, phone applications and desktop applications. ...

doi:10.5120/ijca2019919323 fatcat:jqrfg3arendjte7wczllmitziu

Our goal is to furnish researchers with the framework of the scheme not just for implementation purpose but to identify the gaps in the scheme and answer the open questions that remain unanswered by the ... <span>We present a comprehensive survey of the Honey Encryption (HE) scheme. ...  This proposal improves previous methods of securing the vaults for password security. ...

doi:10.11591/ijeecs.v13.i2.pp649-656 fatcat:sufkvofyizepnjrexxk6qffxeq

Open Access

Running as an app on mobile phones, VaultIME remembers user passwords on a per-app basis, and corrects mistyped passwords within a typo-tolerant set. ... We show that VaultIME achieves high levels of usability and security. ... The research activities of Jens Grossklags are supported by the German Institute for Trust and Safety on the Internet (DIVSI). Le Guan et al. ...

doi:10.4108/eai.15-5-2018.154772 fatcat:o3i75b73vfdyxihn3dhb3hgkpi

DOAJ

Running as an app on mobile phones, VaultIME remembers user passwords on a per-app basis, and corrects mistyped passwords within a typo-tolerant set. ... We show that VaultIME achieves high levels of usability and security. ... Vault Security. VaultIME is designed to defeat on-line brute-force attackers. No security can be given if the password file which stores user's login credentials is leaked. ...

doi:10.1007/978-3-319-78813-5_35 fatcat:5vix6gfievcavg6x74fp45v46q

users without breaking a sweat to work various online record transaction verification without the need to recall qualifications on cellular telephone gadget. ... Presently users plan to have basic qualifications for all the online records or store them in a content document in cellular telephone and physically get to the record at whatever point they require login ... The implementation of this technique needs a thorough analysis in the area of security as it's the key functionality. ...

doi:10.5120/19377-1034 fatcat:xokcojfde5elloxoeifjscab3y

The existing online examination schemes cannot provide the protection of biometric features and fine-grained access control. ... Unlike other examination authentication systems, face templates in our scheme are protected using a fuzzy vault and a cryptographic method. ... KJ2019A1205) and by the Quality Engineering Project of Anhui Colleges and Universities (grant no. 2020xsxxkc351). ...

doi:10.1155/2021/5058780 doaj:fdcdfefd542f453f8d60281a568c0236 fatcat:f52tfhvorvajnkjxv2jrjpj5ci

DOAJ Szczepanski

The proposed FV implementation alleviates the security vulnerabilities of the classical SV systems like template security, repudiation, irrevocability, and bypassing the classification decision. ... This paper presents a bio-cryptography system that constructs Fuzzy Vaults (FVs) based on the offline signature images. ... A FUZZY VAULT SYSTEM BASED ON THE OFFLINE SIGNATURE IMAGES In the proposed FV implementation, user signature images and his password are used together to secure the cryptography private keys. ...

doi:10.1109/cibim.2011.5949215 dblp:conf/cibim/EskanderSG11 fatcat:zta3ldu5fnbm7acuvs44d7temy

On the Security of Cracking-Resistant Password Vaults

Preserved Fulltext

Cracking-Resistant Password Vaults Using Natural Language Encoders

Preserved Fulltext

BluePass: A Mobile Device Assisted Password Manager

Preserved Fulltext

A Fuzzy Vault Scheme for Ordered Biometrics

Preserved Fulltext

Decoy Password Vaults: At Least as Hard as Steganography? [chapter]

Preserved Fulltext

AN EFFECTIVE MECHANISM FOR SECURING AND MANAGING PASSWORD USING AES-256 ENCRYPTION & PBKDF2

Preserved Fulltext

Secure Password Sharing and Storage using Encryption and Key-Exchange

Preserved Fulltext

Protecting Touch: Authenticated App-To-Server Channels for Mobile Devices Using NFC Tags

Preserved Fulltext

A Secure Password Manager

Preserved Fulltext

A comprehensive review of honey encryption scheme

Preserved Fulltext

VaultIME: Regaining User Control for Password Managers through Auto-correction

Preserved Fulltext

VaultIME: Regaining User Control for Password Managers Through Auto-Correction [chapter]

Preserved Fulltext

Immune Distinctive Authentication for E-transaction through Remote Systems

Preserved Fulltext

Secure Online Examination with Biometric Authentication and Blockchain-Based Framework

Preserved Fulltext

Signature based Fuzzy Vaults with Boosted Feature Selection

Preserved Fulltext