Using SafeKeeper to Protect Web Passwords

Although passwords are by far the most widely-used user authentication mechanism on the web, their security is threatened by password phishing and password database breaches. SafeKeeper is a system for protecting web passwords against very strong adversaries, including sophisticated phishers and compromised servers. Compared to other approaches, one of the key differentiating aspects of SafeKeeper is that it provides web users with verifiable assurance that their passwords are being protected. In this paper, we demonstrate precisely how SafeKeeper can be used to protect web passwords in real-world systems. We first explain two important deployability aspects: i) how SafeKeeper can be integrated into the popular WordPress platform, and ii) how ordinary web users can use Intel SGX remote attestation to verify that SafeKeeper is running on a particular server. We then describe three demonstrations to illustrate the use of SafeKeeper: i) showing the user experience when visiting a legitimate website; ii) showing the encryption of the password in transit via live packet-capture; and iii) showing how SafeKeeper performs in the presence of phishing.

DOI

10.1145/3184558.3186968

Citation

Kurnikov, A, Krawiecka, K, Paverd, A, Mannan, M & Asokan, N 2018, Using SafeKeeper to Protect Web Passwords . in Companion Proceedings of the The Web Conference 2018 . ACM, pp. 159-162, The Web Conference, Lyon, France, 23/04/2018 . https://doi.org/10.1145/3184558.3186968

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-201812106137

Collections

[article-cris] Perustieteiden korkeakoulu / SCI

Show all metadata

Using SafeKeeper to Protect Web Passwords

Access rights

URL

Journal Title

Journal ISSN

Volume Title

Authors

Date

Department

Major/Subject

Mcode

Degree programme

Language

Pages

Series

Abstract

Description

Keywords

Other note

DOI

Citation

Permanent link to this item

Collections