Using SafeKeeper to Protect Web Passwords

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Conference article in proceedings
This publication is imported from Aalto University research portal.
View publication in the Research portal
View/Open full text file from the Research portal
Date
2018-04-23
Major/Subject
Mcode
Degree programme
Language
en
Pages
159-162
Series
Companion Proceedings of the The Web Conference 2018
Abstract
Although passwords are by far the most widely-used user authentication mechanism on the web, their security is threatened by password phishing and password database breaches. SafeKeeper is a system for protecting web passwords against very strong adversaries, including sophisticated phishers and compromised servers. Compared to other approaches, one of the key differentiating aspects of SafeKeeper is that it provides web users with verifiable assurance that their passwords are being protected. In this paper, we demonstrate precisely how SafeKeeper can be used to protect web passwords in real-world systems. We first explain two important deployability aspects: i) how SafeKeeper can be integrated into the popular WordPress platform, and ii) how ordinary web users can use Intel SGX remote attestation to verify that SafeKeeper is running on a particular server. We then describe three demonstrations to illustrate the use of SafeKeeper: i) showing the user experience when visiting a legitimate website; ii) showing the encryption of the password in transit via live packet-capture; and iii) showing how SafeKeeper performs in the presence of phishing.
Description
Keywords
Other note
Citation
Kurnikov , A , Krawiecka , K , Paverd , A , Mannan , M & Asokan , N 2018 , Using SafeKeeper to Protect Web Passwords . in Companion Proceedings of the The Web Conference 2018 . ACM , pp. 159-162 , The Web Conference , Lyon , France , 23/04/2018 . https://doi.org/10.1145/3184558.3186968