A framework to strengthen password authentication using mobile devices and browser extensions

Shoulder-surfing, phishing and keylogging are widely used by attackers to obtain users' sensitive credentials. In this paper, we propose a framework to strengthen password authentication using mobile devices and browser extensions. This approach provides a relatively high resilience against shoulder-surfing, phishing and keylogging attacks while requires no change on the server side. A prototype implementation of the proposed approach and its security analysis are also provided.

[1]  Adrian Perrig,et al.  Phoolproof Phishing Prevention , 2006, Financial Cryptography.

[2]  Brent Waters,et al.  A convenient method for securely managing passwords , 2005, WWW '05.

[3]  Nicolas Courtois Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[4]  Dan Boneh,et al.  Stronger Password Authentication Using Browser Extensions , 2005, USENIX Security Symposium.

[5]  Jovan Dj. Golic,et al.  Linear Cryptanalysis of Bluetooth Stream Cipher , 2002, EUROCRYPT.

[6]  Markus Jakobsson,et al.  Security Weaknesses in Bluetooth , 2001, CT-RSA.

[7]  David Mazières,et al.  A future-adaptive password scheme , 1999 .

[8]  John C. Mitchell,et al.  Client-Side Defense Against Web-Based Identity Theft , 2004, NDSS.

[9]  Amir Herzberg,et al.  TrustBar: Protecting (even Naïve) Web Users from Spoofing and Phishing Attacks , 2004 .

[10]  Paul C. van Oorschot,et al.  Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer , 2007, Financial Cryptography.

[11]  Christopher Krügel,et al.  Protecting users against phishing attacks with AntiPhish , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[12]  David Mazières,et al.  The Advanced Computing Systems Association a Future-adaptable Password Scheme a Future-adaptable Password Scheme , 2022 .

[13]  dream 远离危险网站——Netcraft Toolbar , 2005 .

[14]  Matthias Krause BDD-Based Cryptanalysis of Keystream Generators , 2002, EUROCRYPT.