868 Hits in 2.9 sec

On the Security of Cracking-Resistant Password Vaults

Maximilian Golla, Benedict Beuscher, Markus Dürmuth
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
We give one example of an adaptive NLE based on Markov models and show that the attack is only able to rank the decoy vaults with a median rank of 35.1 %.  ...  To manage accounts on multiple devices, vaults are often stored at an online service, which substantially increases the risk of leaking the (encrypted) vault.  ...  The NoCrack Implementation. The authors of NoCrack implemented a full version of a Honey Encryption-based password vault. The implementation must be considered a prototype which does not always  ... 
doi:10.1145/2976749.2978416 dblp:conf/ccs/GollaBD16 fatcat:ki3wnb7zrnfarnlm2zxv7cnbcm

Cracking-Resistant Password Vaults Using Natural Language Encoders

Rahul Chatterjee, Joseph Bonneau, Ari Juels, Thomas Ristenpart
2015 2015 IEEE Symposium on Security and Privacy  
We present an attack and supporting analysis showing that a previous design for cracking-resistant vaults-the only one of which we are aware-actually degrades security relative to conventional password-based  ...  A password vault can greatly reduce the burden on a user of remembering passwords, but introduces a single point of failure.  ...  We thank Michael Doescher for helping in several design choices of PCFG construction and cleaning the Pastebin dataset, Shoban Preeth Chandrabose for his feedback on the machine learning analysis of NoCrack  ... 
doi:10.1109/sp.2015.36 dblp:conf/sp/ChatterjeeBJR15 fatcat:opdswawyszdq5accuqmk3mnpea

BluePass: A Mobile Device Assisted Password Manager

Yue Li, Haining Wang, Kun Sun
2019 EAI Endorsed Transactions on Security and Safety  
To address these security vulnerabilities, we propose BluePass, a password manager that stores the password vault (i.e., the set of all the encrypted site passwords of a user) locally in a mobile device  ...  and a decryption key to the vault in the user computer.  ...  In the design of BluePass, all the site passwords of a user are encrypted and stored in the user's mobile device.  ... 
doi:10.4108/eai.10-1-2019.156244 fatcat:cgenwvndavb5liq6su4yf2av7m

A Fuzzy Vault Scheme for Ordered Biometrics

Lifang Wu, Peng Xiao, Songlong Yuan, Siyuan Jiang, Chang Wen Chen
2011 Journal of Communications  
Based on the proposed scheme, we design an online authentication application framework implemented using face images.  ...  We present in this paper a new fuzzy vault scheme that can effectively utilize the ordered characteristics of biometric features.  ...  Based on the proposed scheme, we design an application framework of online authentication.  ... 
doi:10.4304/jcm.6.9.682-690 fatcat:j7s77kalyjghtj4tllzz46x6cy

Decoy Password Vaults: At Least as Hard as Steganography? [chapter]

Cecilia Pasquini, Pascal Schöttle, Rainer Böhme
2017 IFIP Advances in Information and Communication Technology  
This requires the generation of synthetic password vaults that are statistically indistinguishable from real ones.  ...  Our results include the infeasibility of perfectly secure decoy vaults and the conjecture that secure decoy vaults are at least as hard to construct as secure steganography.  ...  This research was funded by Deutsche Forschungsgemeinschaft (DFG) under grant "Informationstheoretische Schranken digitaler Bildforensik" and by Archimedes Privatstiftung, Innsbruck, Austria.  ... 
doi:10.1007/978-3-319-58469-0_24 fatcat:szm7uuvwufettj6eknsgb2ixmy


Rajeshree Khande, Shubhangee Ramaswami, Chaitanya Naidu, Nidhi Patel
A secure password manager capable of storing multiple user accounts and passwords can be used to solve this issue, relieving users of the stress and challenge of remembering multiple accounts and passwords  ...  To address this problem, an effective tool for managing password is designed and implemented.  ...  The purpose of the Authentication Key is to identify a particular user and retrieve the vault whereas the purpose of the Vault Key is to encrypt and decrypt data.  ... 
doi:10.34218/ijeet.12.5.2021.001 fatcat:rnrie7xajzgrvpqiyqeuk3acoa

Secure Password Sharing and Storage using Encryption and Key-Exchange

Joseph Okwedo Mwamba, Andrew Mwaura Kahonge
2021 International Journal of Computer Applications  
Also, part of the objectives was to build and test a prototype that facilitates the secure sharing of passwords over the internet using the redefined process model.The research was an exploratory study  ...  Based on security best practices for passwords, the credential is a confidential pin for authenticating system users. Still, there are instances where users share a common password for resources.  ...  System Design or architecture The system components, that is, the SERVER (WIN-10-VM- 03),USER A (WIN-10-VM-01), USER B(WIN-10-VM-02), and the communication network,were implemented on a virtual environment  ... 
doi:10.5120/ijca2021921733 fatcat:47hhwb5kdvfnnbboqyowslzayu

Protecting Touch: Authenticated App-To-Server Channels for Mobile Devices Using NFC Tags

Fernando Carvalho Ota, Michael Roland, Michael Hölzl, René Mayrhofer, Aleardo Manacero
2017 Information  
These two architectures are designed to be implemented with either end of the spectrum of inexpensive and widely-available NFC tags while maintaining a reasonable trade-off between security, availability  ...  ., password, PIN) often do not scale well to the context of mobile devices in terms of security and usability.  ...  A special note of thanks to the Institute of Networks and Security for hosting and supporting this author.  ... 
doi:10.3390/info8030081 fatcat:eeeuz3pf3zhcfgaoapahsi4gsy

A Secure Password Manager

Chaitanya Rahalkar, Dhaval Gujar
2019 International Journal of Computer Applications  
These password managers usually come as a bundle of three features -(1) A random and secure password generator (which generates secure random strings to be used as passwords) (2) An encrypted storage vault  ...  The accessibility of the password manager is crucial and hence it should be implementable on a variety of platforms which includes websites, phone applications and desktop applications.  ... 
doi:10.5120/ijca2019919323 fatcat:jqrfg3arendjte7wczllmitziu

A comprehensive review of honey encryption scheme

Esther Omolara Abiodun, Aman Jantan, Isaac Oludare Abiodun, Howard Eldon Poston
2019 Indonesian Journal of Electrical Engineering and Computer Science  
Our goal is to furnish researchers with the framework of the scheme not just for implementation purpose but to identify the gaps in the scheme and answer the open questions that remain unanswered by the  ...  <span>We present a comprehensive survey of the Honey Encryption (HE) scheme.  ...   This proposal improves previous methods of securing the vaults for password security.  ... 
doi:10.11591/ijeecs.v13.i2.pp649-656 fatcat:sufkvofyizepnjrexxk6qffxeq

VaultIME: Regaining User Control for Password Managers through Auto-correction

Le Guan, Sadegh Farhang, Yu Pu, Pinyao Guo, Jens Grossklags, Peng Liu
2018 EAI Endorsed Transactions on Security and Safety  
Running as an app on mobile phones, VaultIME remembers user passwords on a per-app basis, and corrects mistyped passwords within a typo-tolerant set.  ...  We show that VaultIME achieves high levels of usability and security.  ...  The research activities of Jens Grossklags are supported by the German Institute for Trust and Safety on the Internet (DIVSI). Le Guan et al.  ... 
doi:10.4108/eai.15-5-2018.154772 fatcat:o3i75b73vfdyxihn3dhb3hgkpi

VaultIME: Regaining User Control for Password Managers Through Auto-Correction [chapter]

Le Guan, Sadegh Farhang, Yu Pu, Pinyao Guo, Jens Grossklags, Peng Liu
2018 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
Running as an app on mobile phones, VaultIME remembers user passwords on a per-app basis, and corrects mistyped passwords within a typo-tolerant set.  ...  We show that VaultIME achieves high levels of usability and security.  ...  Vault Security. VaultIME is designed to defeat on-line brute-force attackers. No security can be given if the password file which stores user's login credentials is leaked.  ... 
doi:10.1007/978-3-319-78813-5_35 fatcat:5vix6gfievcavg6x74fp45v46q

Immune Distinctive Authentication for E-transaction through Remote Systems

Sudeep. V, Pradeep Freddy. A, Avinash Choudhary. A.R
2015 International Journal of Computer Applications  
users without breaking a sweat to work various online record transaction verification without the need to recall qualifications on cellular telephone gadget.  ...  Presently users plan to have basic qualifications for all the online records or store them in a content document in cellular telephone and physically get to the record at whatever point they require login  ...  The implementation of this technique needs a thorough analysis in the area of security as it's the key functionality.  ... 
doi:10.5120/19377-1034 fatcat:xokcojfde5elloxoeifjscab3y

Secure Online Examination with Biometric Authentication and Blockchain-Based Framework

Xiaoling Zhu, Chenglong Cao
2021 Mathematical Problems in Engineering  
The existing online examination schemes cannot provide the protection of biometric features and fine-grained access control.  ...  Unlike other examination authentication systems, face templates in our scheme are protected using a fuzzy vault and a cryptographic method.  ...  KJ2019A1205) and by the Quality Engineering Project of Anhui Colleges and Universities (grant no. 2020xsxxkc351).  ... 
doi:10.1155/2021/5058780 doaj:fdcdfefd542f453f8d60281a568c0236 fatcat:f52tfhvorvajnkjxv2jrjpj5ci

Signature based Fuzzy Vaults with Boosted Feature Selection

George S. Eskander, Robert Sabourin, Eric Granger
2011 2011 IEEE Workshop on Computational Intelligence in Biometrics and Identity Management (CIBIM)  
The proposed FV implementation alleviates the security vulnerabilities of the classical SV systems like template security, repudiation, irrevocability, and bypassing the classification decision.  ...  This paper presents a bio-cryptography system that constructs Fuzzy Vaults (FVs) based on the offline signature images.  ...  A FUZZY VAULT SYSTEM BASED ON THE OFFLINE SIGNATURE IMAGES In the proposed FV implementation, user signature images and his password are used together to secure the cryptography private keys.  ... 
doi:10.1109/cibim.2011.5949215 dblp:conf/cibim/EskanderSG11 fatcat:zta3ldu5fnbm7acuvs44d7temy
« Previous Showing results 1 — 15 out of 868 results