Using SafeKeeper to Protect Web Passwords

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Researchers

Research units

  • Concordia University

Abstract

Although passwords are by far the most widely-used user authentication mechanism on the web, their security is threatened by password phishing and password database breaches. SafeKeeper is a system for protecting web passwords against very strong adversaries, including sophisticated phishers and compromised servers. Compared to other approaches, one of the key differentiating aspects of SafeKeeper is that it provides web users with verifiable assurance that their passwords are being protected. In this paper, we demonstrate precisely how SafeKeeper can be used to protect web passwords in real-world systems. We first explain two important deployability aspects: i) how SafeKeeper can be integrated into the popular WordPress platform, and ii) how ordinary web users can use Intel SGX remote attestation to verify that SafeKeeper is running on a particular server. We then describe three demonstrations to illustrate the use of SafeKeeper: i) showing the user experience when visiting a legitimate website; ii) showing the encryption of the password in transit via live packet-capture; and iii) showing how SafeKeeper performs in the presence of phishing.

Details

Original languageEnglish
Title of host publicationCompanion Proceedings of the The Web Conference 2018
Publication statusPublished - 23 Apr 2018
MoE publication typeA4 Article in a conference publication
EventThe Web Conference - Lyon, France
Duration: 23 Apr 201827 Apr 2018

Conference

ConferenceThe Web Conference
Abbreviated titleWWW
CountryFrance
CityLyon
Period23/04/201827/04/2018

Download statistics

No data available

ID: 27036079