| In the Internet era,with the exponential growth of various applications and services,people have more and more accounts and passwords.In order to manage a large number of private information such as accounts and passwords safely and efficiently,password managers have gradually been widely used.A secure password manager can automatically generate,fill in and save strong(random)passwords for each user on each website.Users only need to remember one master password to access their private information.However,defenses and attacks are always accompanied by each other,so the attackers also shift their goal from breaking a single password to a password manager.Once the security of the password manager is not guaranteed,the user's large amount of private information will be leaked,and the consequences will be more serious.The current password manager does not provide sufficient protection for users.In recent years,vulnerabilities have been found in various commercial password managers.Under such circumstances,it is very important to study and improve the security of the password manager.Based on the above situation,the research goal of this paper is to study the security of popular password managers,and design a robust,secure and efficient multi-cloud storage password manager named Enhanced Horcrux(EH).The main work of this paper is as follows:(1)Study the security mechanism of the popular password manager.The focus of this article is on two open source local password managers: KeePass and Password Safe.The analysis of its security mechanism specifically includes encryption mechanism and storage mechanism.The typical attack types that correspond to the password manager security mechanism are also introduced.(2)An exhaustive attack on GPU acceleration for the popular password manager.Based on a thorough analysis of the security mechanisms of the two password managers,an exhaustive attack experiment was conducted to further analyze the security from the perspective of attack.In the implementation of exhaustive attacks,we not only implemented attacks on the traditional CPU platform,but also studied GPU general-purpose computing,and successfully implemented accelerated attacks on the GPU platform.(3)Based on the analysis of the existing password manager,a robust multi-cloud storage password manager EH is proposed.Based on the analysis of the password manager Horcrux,a robust multi-cloud storage password manager EH is designed and implemented by using the RAONT-RS secret sharing algorithm in the data storage module of the password manager,which greatly enhances the security and the robustness of the password storage and retrieve,while also improving the efficiency of the multi-cloud storage password manager.The prototype system developed demonstrates the robustness,security and efficiency of our scheme. |
PDF Full Text Request