PUFPass: A password management mechanism based on software/hardware codesign |
| |
| Affiliation: | 1. State Key Laboratory of Computer Architecture, Institute of Computing Technology, Chinese Academy of Sciences, Beijing, 100190, PR China;2. University of Chinese Academy of Sciences, Beijing, 100049, PR China;3. Duke University, Durham, NC, 27708, USA;4. School of Microelectronics, Xi''an Jiaotong University, Xi''an, Shanxi, 710049, PR China;1. Institute for Multidisciplinary Mathematics, Building 8G, Access C, 2nd Floor, Camino de Vera s/n, Universitat Politècnica de València, 46022, Valencia, Spain;2. Department of Computer Science, Tulipan Street, Rey Juan Carlos University, 28933, Móstoles, Madrid, Spain;3. Department of Computer Architecture, Profesor José García Santesmases Street, s/n, Complutense University of Madrid, 28040, Madrid, Spain;4. Department of Statistics and Operational Research, Doctor Moliner Street, 50, Universitat de València, 46100, Burjassot, Valencia, Spain;1. National Technical University of Athens, 9 Heroon Polytechneiou Str., 15780 Athens, Greece;2. Katholieke University, Oude Markt 13, 3000 Leuven, Belgium;3. IMEC, Kapeldreef 75, 3001 Leuven, Belgium |
| |
| Abstract: | Secure passwords need high entropy, but are difficult for users to remember. Password managers minimize the memory burden by storing site passwords locally or generating secure site passwords from a master password through hashing or key stretching. Unfortunately, they are threatened by the single point of failure introduced by the master password which is vulnerable to various attacks such as offline attack and shoulder surfing attack. To handle these issues, this paper proposes the PUFPass, a secure password management mechanism based on software/hardware codesign. By introducing the hardware primitive, Physical Unclonable Function (PUF), into PUFPass, the random physical disorder is exploited to strengthen site passwords. An illustration of PUFPass in the Android operating system is given. PUFPass is evaluated from aspects of both security and preliminary usability. The security of the passwords is evaluated using a compound heuristic algorithm based PUF attack software and an open source password cracking software, respectively. Finally, PUFPass is compared with other password management mechanisms using the Usability-Deployability-Security (UDS) framework. The results show that PUFPass has great advantages in security while maintaining most benefits in usability. |
| |
| Keywords: | Password Password management mechanism PUF Security Usability |
| 本文献已被 ScienceDirect 等数据库收录! |
|
