AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (2.4 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

SecureWeb: Protecting Sensitive Information Through the Web Browser Extension with a Security Token

College of Cyberspace Security, Nankai University, Tianjin 300350, China.
Information Security Evaluation Center of Civil Aviation, Civil Aviation University of China, Tianjin 300300
Key Lab on High Trusted Information System in Hebei Province, Baoding 071002, China.
Show Author Information

Abstract

The leakage of sensitive data occurs on a large scale and with increasingly serious impact. It may cause privacy disclosure or even property damage. Password leakage is one of the fundamental reasons for information leakage, and its importance is must be emphasized because users are likely to use the same passwords for different Web application accounts. Existing approaches use a password manager and encrypted Web application to protect passwords and other sensitive data; however, they may be compromised or lack accessibility. The paper presents SecureWeb, which is a secure, practical, and user-controllable framework for mitigating the leakage of sensitive data. SecureWeb protects users’ passwords and aims to provide a unified protection solution to diverse sensitive data. The efficiency of the developed schemes is demonstrated and the results indicate that it has a low overhead and are of practical use.

References

[1]
W. Alcorn, C. Frichot, and M. Orrù, Browser Hacker’s Handbook. Indianapolis, IN, USA: John Wiley & Sons, 2014.
[2]
J. Kiesel, B. Stein, and S. Lucks, A large-scale analysis of the mnemonic password advice, in Network and Distributed System Security Symp., San Diego, CA, USA, 2017.
[3]
D. L. Wheeler, Zxcvbn: Low-budget password strength estimation, in Proc. 25th USENIX Security Symp., Austin, TX, USA, 2016, pp. 157-173.
[4]
M. Dell, P. Michiardi, and Y. Roudier, Password strength: An empirical analysis, in Proc. IEEE INFOCOM, San Diego, CA, USA, 2010, pp. 1-9.
[5]
C. S. Yuan, X. M. Sun, and R. Lv, Fingerprint liveness detection based on multi-scale LPQ and PCA, China Commun., vol. 13, no. 7, pp. 60-65, 2016.
[6]
T. H. Ma, J. J. Zhou, M. L. Tang, Y. Tian, A. Al-Dhelaan, M. Al-Rodhaan, and S. Lee, Social network and tag sources based augmenting collaborative recommender system, IEICE Trans. Inf. Syst., vol. E98-D, no. 4, pp. 902-910, 2015.
[7]
S. D. Xie and Y. X. Wang, Construction of tree network with limited delivery latency in homogeneous wireless sensor networks, Wirel. Pers. Commun., vol. 78, no. 1, pp. 231-246, 2014.
[8]
W. He, D. Akhawe, S. Jain, E Shi, and D. Song, ShadowCrypt: Encrypted web applications for everyone, in Proc. 2014 ACM SIGSAC Conf. Computer and Communications Security, Scottsdale, AZ, USA, 2014, pp. 1028-1039.
[9]
Y. J. Ren, J. Shen, J. Wang, J. Han, and S. Y. Lee, Mutual verifiable provable data auditing in public cloud storage, J. Internet Technol., vol. 16, no. 2, pp. 317-323, 2015.
[10]
J. Shen, H. W. Tan, J. Wang, J. W. Wang, and S. Y. Lee, A novel routing protocol providing good transmission reliability in underwater sensor networks, J. Internet Technol., vol. 16, no. 1, pp. 171-178, 2015.
[11]
Z. J. Fu, J. G. Shu, J. Wang, Y. L. Liu, and S. Y. Lee, Privacy-preserving smart similarity search based on Simhash over encrypted data in cloud computing, J. Internet Technol., vol. 16, no. 3, pp. 453-460, 2015.
[12]
Team of LastPass, Cross site scripting vulnerability reported, https://blog.lastpass.com/2011/02/cross-site-scripting-vulnerability-reported-fixed.html/, 2011.
[13]
J. Lee, RoboForm everywhere, http://wwwroboformcom/everywhere, 2018.
[14]
B. Stock and J. Martin, Protecting users against XSS-based password manager abuse, in Proc. 9th ACM Symp. on Information Computer and Communications Security, Kyoto, Japan, 2014, pp. 183-194.
[15]
R. Zhao and C. Yue, Toward a secure and usable cloudbased password manager for web browsers, Comput. Secur., vol. 46, pp. 32-47, 2014.
[16]
Z. W. Li, W. R. He, D. Akhawe, and D. Song, The emperor’s new password manager: Security analysis of Web-based password managers, in Proc. 23rd USENIX Security Symp. (USENIX Security 14), San Diego, CA, USA, 2014, pp. 465-479.
[17]
Team SIK, Password-manager-apps, https://teamsik.org/trentportfolio/password-manager-apps/, 2017.
[18]
Team of 1password, Go ahead. Forget your passwords, https://1passwordcom/, 2017.
[19]
W. Melicher, B. Ur, S. M. Segreti, S. Komanduri, L. Bauer, N. Christin, and L. F. Cranor, Fast, lean, and accurate: Modeling password guessability using neural networks, in Proc. 23rd USENIX Security Symp., Austin, TX, USA, 2016, pp. 175-191.
[20]
B. Ur, S. M. Segreti, L. Bauer, N. Christin, L. F. Cranor, S. Komanduri, D. Kurilova, M. L. Mazurek, W. Melicher, and R. Shay Measuring real-world accuracies and biases in modeling password guessability, in Proc. 24th USENIX Conf. Security Symp., Washington, DC, USA, 2015, pp. 463-481.
[21]
D. Wang, Z. J. Zhang, P. Wang, J Yan, and X. Y. Huang, Targeted online password guessing: An underestimated threat, in Proc. 2016 ACM SIGSAC Conf. Computer and Communications Security, Vienna, Austria, 2016, pp. 1242-1254.
[22]
S. Ruoti, D. Zappala, and K. Seamons, MessageGuard: Retrofitting the web with user-to-user encryption, http://arxiv.org/abs/1510.08943v1, 2015.
[23]
Z. J. Fu, K. Ren, J. G. Shu, X. M. Sun, and F. X. Huang, Enabling personalized search over encrypted outsourced data with efficiency improvement, IEEE Trans. Parallel Distrib. Syst., vol. 27, no. 9, pp. 2546-2559, 2016, .
[24]
Z J. Fu, X. M. Sun, Q. Liu, L. Zhou, and J. G. Shu, Achieving efficient cloud search services: Multi-keyword ranked search over encrypted cloud data supporting parallel computing, IEICE Trans. Commun., vol. E98-B, no. 1, pp. 190-200, 2015.
[25]
Z. L. Liu, C. F. Jia, J. W. Li, and X. C. Cheng, Format-preserving encryption for datetime, in Proc. 2010 IEEE Int. Conf. Intelligent Computing and Intelligent Systems, Xiamen, China, 2010, pp. 201-205.
[26]
B. Morris, P. Rogaway, and T. Stegers, How to encipher messages on a small domain, in Advances in Cryptology- CRYPTO 2009, S. Halevi, ed. Santa Barbara, CA, USA: Springer, 2009, pp. 286-302.
[27]
Z. L. Liu, C. F. Jia, J. Yang, and K. Yuan, Format-preserving fuzzy query mechanism, in Proc. 2013 4th Int. Conf. on Emerging Intelligent Data and Web Technologies, Xi’an, China, 2013, pp. 220-226.
[28]
J. W. Li, Z. L. Liu, L. Xu, and C. F. Jia, An efficient format-preserving encryption mode for practical domains, Wuhan Univ. J. Nat. Sci., vol. 17, no. 5, pp. 428-434, 2012.
[29]
M. Bellare, P. Rogaway, and T. Spies, The FFX mode of operation for format-preserving encryption, Unpublished Nist Proposal, vol. 136, no. 9, pp. 633-850, 2010.
[30]
Z. J. Fu, X. L. Wu, C. W. Guan, X. M. Sun, and K. Ren, Toward efficient multi-keyword fuzzy search over encrypted outsourced data with accuracy improvement, IEEE Trans. Inf. Forensics Secur., vol. 11, no. 12, pp. 2706-2716, 2016, .
[31]
Z. H. Xia, X. H. Wang, L. G. Zhang, Z. Qin, X. M. Sun, and K. Ren, A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing, IEEE Trans. Inf. Forensics Secur., vol. 11, no. 11, pp. 2594-2608, 2016.
[33]
Y. X. Dai and J. Steinberger, Indifferentiability of 8-round feistel networks, in Proc. 36th Annu. Int. Cryptology Conf., Santa Barbara, CA, USA, 2016, pp. 95-120.
Tsinghua Science and Technology
Pages 526-538
Cite this article:
Liang S, Zhang Y, Li B, et al. SecureWeb: Protecting Sensitive Information Through the Web Browser Extension with a Security Token. Tsinghua Science and Technology, 2018, 23(5): 526-538. https://doi.org/10.26599/TST.2018.9010015

601

Views

22

Downloads

6

Crossref

N/A

Web of Science

17

Scopus

5

CSCD

Altmetrics

Received: 14 June 2017
Revised: 07 September 2017
Accepted: 10 September 2017
Published: 17 September 2018
© The author(s) 2018
Return