Implementation of a TPM-Based Security Enhanced Browser Password Manager  被引量：1

作　　者：HE Yuchen WANG Rui SHI Wenchang 

机构地区：[1]School of Information, Renmin University of China

出　　处：《Wuhan University Journal of Natural Sciences》2016年第1期56-62,共7页武汉大学学报（自然科学英文版）

基　　金：Supported by the National Natural Science Foundation of China(61472429,61070192,91018008,61303074,61170240);the Beijing Municipal Natural Science Foundation(4122041);National High-Technology Research and Development Program of China(863 Program)(2007AA01Z414)

摘　　要：In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module （TPM）. Our approach encrypts users＇ passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users＇ passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable.Abstract： In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module （TPM）. Our approach encrypts users＇ passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users＇ passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable.In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module （TPM）. Our approach encrypts users＇ passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users＇ passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable.Abstract： In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module （TPM）. Our approach encrypts users＇ passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users＇ passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable.

关 键 词：trusted platform module（TPM） password manager trusted encryption decryption 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]