Kamouflage: Loss-resistant password management

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6345 LNCS, Issue , 2010, Pages 286-302

  Bojinov, Hristo ^a   Bursztein, Elie ^a   Boyen, Xavier ^b   Boneh, Dan ^a  

^a STANFORD UNIVERSITY   (United States)

^b UNIVERSITY OF LIÈGE   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION; MOBILE SECURITY;

CELL PHONE; FIREFOX; ONLINE WORK; PASSWORD MANAGEMENT; PASSWORD MANAGERS; PERFORMANCE MEASUREMENTS; REAL-WORLD; STANDARD ARCHITECTURE;

MANAGERS;

EID: 78049362318     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-15497-3_18     Document Type: Conference Paper

References (24)

1. Boyen, X.: Halting password puzzles: hard-to-break encryption from humanmemorable keys. In: 16th USENIX Security Symposium-SECURITY 2007, pp. 119-134 (2007)
2. Boyen, X.: Hidden credential retrieval from a reusable password. In: ACM Symp. on Information, Computer & Communication Security-ASIACCS 2009, pp. 228-238 (2009)
3. Das, V. V.: Honeypot scheme for distributed denial-of-service. In: International Conference on Advanced Computer Control, pp. 497-501 (2009)
4. Dhamija, R., Tygar, J. D.: The battle against phishing: Dynamic security skins. In: SOUPS 2005: Proceedings of the 2005 Symposium on Usable Privacy and Security, pp. 77-88 (2005)
5. Feldmeier, D., Karn, P.: UNIX password security - 10 years later. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 44-63. Springer, Heidelberg (1990)
6. Florencio, D., Herley, C.: A large-scale study of web password habits. In: WWW 2007: Proceedings of the 16th International Conference on World Wide Web, pp. 657-666. ACM, New York (2007)
7. Ford, W., Kaliski, B.: Server-assisted generation of a strong secret from a password. In: Proc. 9th IEEE International Workshops on Enabling Technologies, pp. 176-180 (2000)
8. Glodek, W.: Using a specialized grammar to generate probable passwords. Master's thesis, Florida state university (2008)
9. Goldberg, J., Hagman, J., Sazawal, V.: Doodling our way to better authentication. In: Proceedings CHI 2002, pp. 868-869 (2002)
10. Halderman, J. A., Waters, B., Felten, E. W.: A convenient method for securely managing passwords. In: WWW 2005: Proceedings of the 14th International Conference on World Wide Web, pp. 471-479. ACM Press, New York (2005)
11. Jermyn, I., Mayer, A., Monrose, F., Reiter, M., Rubin, A.: The design and analysis of graphical passwords. In: Proc. 8th USENIX Security Symposium, pp. 135-150 (1999)
12. Kausik, B.: Method and apparatus for cryptographically camouflaged cryptographic key. US patent 6170058 (2001)
13. Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using timespace trade-off. In: Proc. of ACM CCS 2005, pp. 364-372 (2005)
14. Oechslin, P.: Making a faster cryptanalytic time-memory trade-off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617-630. Springer, Heidelberg (2003)
15. Account lockout attack (2009), http://www.owasp.org/index.php/Account- lockout-attack
16. Portokalidis, G., Bos, H.: Sweetbait: Zero-hour worm detection and containment using honeypots. Technical report, Journal on Computer Networks, Special Issue on Security through Self-Protecting and Self-Healing Systems, TR IR-CS-015. Technical report, Vrije Universiteit (2005)
17. Project, O.: John the ripper password cracker (2005), http://www.openwall.com/john
18. Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.: Stronger password authentication using browser extensions. In: Proceedings of USENIX security (2005)
19. Sardana, A., Joshi, R.: An auto-responsive honeypot architecture for dynamic resource allocation and qos adaptation in ddos attacked networks. Comput. Commun. 32(12), 1384-1399 (2009)
20. TechCrunch. One of the 32 million with a rockyou account? you may want to change all your passwords. like now (2009), http://techcrunch.com/2009/12/14/ rockyou-hacked/
21. Verisign. Personal identity portal (2008), https://pip. verisignlabs.com/
22. Weir, M., Aggarwal, S., Glodek, B., de Medeiros, B.: Password cracking using probabilistic context-free grammars. In: Proceedings of IEEE Security and Privacy (2009)
23. Yampolskiy, R.: Analyzing user passwords selection behavior for reduction of password space. In: Proc. IEEE Int. Carnahan Conference on Security Technology, pp. 109-115 (2006)
24. Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: Empirical results. IEEE Security and Privacy magazine 2(5), 25-31 (2004)