Improving Web Security Using Trusted Hardware

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.advisor Paverd, Andrew Krawiecka, Klaudia 2017-09-04T10:33:36Z 2017-09-04T10:33:36Z 2017-08-28
dc.description.abstract Web servers that utilize password-based authentication have become large centralized password repositories. Consequently, these servers have also become attractive targets for cyber criminals. When the adversary compromises a web server, he usually obtains access to a database file that contains stored passwords and salts. By using pre-computed hash tables (e.g. rainbow tables), the adversary can perform offline password guessing in a relatively short period of time. Thus, securing password databases on web servers is a significant open challenge. We introduce SafeKeeper, a system that is designed to address the challenge of protecting user passwords and other types of sensitive data on the web. This system consists of a hardware-backed password protection service, which applies a keyed one-way cryptographic function to the password. The secret key is protected by a Trusted Execution Environment. SafeKeeper also includes a browser extension that uses remote attestation allow users to verify if their credentials are protected by a web server. We have implemented a prototype of SafeKeeper using Intel Software Guard Extensions (SGX) and integrated it into the WordPress platform. We have also implemented a browser extension for Google Chrome. Our solution does not require utilizing additional servers and introduces less than 2% performance overhead. Our user study with 64 participants demonstrated that users using the SafeKeeper browser extension can correctly identify 87% of websites in the presence of active phishing. en
dc.format.extent 74+5
dc.format.mimetype application/pdf en
dc.language.iso en en
dc.title Improving Web Security Using Trusted Hardware en
dc.type G2 Pro gradu, diplomityö fi Perustieteiden korkeakoulu fi
dc.subject.keyword trusted hardware en
dc.subject.keyword trusted execution environment en
dc.subject.keyword password databases en
dc.subject.keyword web authentication en
dc.subject.keyword Intel SGX en
dc.subject.keyword Google Chrome browser extension en
dc.identifier.urn URN:NBN:fi:aalto-201709046819
dc.programme.major Security and Mobile Computing fi
dc.programme.mcode T3011 fi
dc.type.ontasot Master's thesis en
dc.type.ontasot Diplomityö fi
dc.contributor.supervisor Asokan, N
dc.programme Master's Degree Programme in Security and Mobile Computing (NordSecMob) fi
local.aalto.electroniconly yes
local.aalto.openaccess yes

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive

Advanced Search

article-iconSubmit a publication