[1]秦中元,韩尹,张群芳,等.一种高可靠的多云存储密码管理器[J].东南大学学报(自然科学版),2019,49(6):1081-1087.[doi:10.3969/j.issn.1001-0505.2019.06.009]
 Qin Zhongyuan,Han Yin,Zhang Qunfang,et al.A multi-cloud storage password manager with high reliability[J].Journal of Southeast University (Natural Science Edition),2019,49(6):1081-1087.[doi:10.3969/j.issn.1001-0505.2019.06.009]
点击复制

一种高可靠的多云存储密码管理器()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
49
期数:
2019年第6期
页码:
1081-1087
栏目:
计算机科学与工程
出版日期:
2019-11-20

文章信息/Info

Title:
A multi-cloud storage password manager with high reliability
作者:
秦中元1韩尹2张群芳3崔家瑞1
1 东南大学网络空间安全学院, 南京 211189; 2 东南大学信息科学与工程学院, 南京 211189; 3 陆军炮兵防空兵学院, 南京 211132
Author(s):
Qin Zhongyuan1 Han Yin2 Zhang Qunfang3 Cui Jiarui1
1 School of Cyber Science and Technology, Southeast University, Nanjing 211189, China
2 School of Information Science and Engineering, Southeast University, Nanjing 211189, China
3 Army Academy of Artillery and Air Defence, Nanjing 211132, China
关键词:
密码管理器 多云存储 秘密共享 承诺方案 篡改攻击
Keywords:
password manager multi-cloud storage secret sharing commitment scheme tampering attack
分类号:
TP309
DOI:
10.3969/j.issn.1001-0505.2019.06.009
摘要:
为了解决密码管理器的数据可靠性问题,设计了一种基于多云存储的密码管理器.该密码管理器基于RAONT-RS秘密共享算法,首先将用户在任一网站上的用户名和密码信息加密后拆分成多个部分,并采用承诺方案提高数据的可靠性,随后将数据存储在多个云提供商处;检索信息时首先由承诺方案验证数据,再将多个部分组合还原出密文,最终解密出明文的账户和密码信息.相比较于已有的Horcrux方案,该方案可准确检测到篡改攻击,为用户提供了更加安全的存储.当未遭受攻击的数据库数目大于等于秘密共享算法的门限值时,该方案能够以1的概率恢复出原始数据,有效提高了密码管理器的鲁棒性.实验结果表明,与Horcrux相比,该方案有效地减少了检索所需时间.
Abstract:
To improve the data reliability in password manager,a multi-cloud storage password manager based on RAONT-RS(robust all-or-nothing transform with Reed-Solomon coding)secret sharing algorithm was designed. First,the username and password on any website were divided into multiple parts after encryption. The commitment scheme was used to improve the reliability, and then the data was stored in multiple cloud providers. When retrieving user credentials, the data was verified using the commitment scheme, then multiple parts were combined to restore the ciphertext. Finally, the plaintext username and password were recovered. Compared with existing Horcrux, the proposed scheme can accurately detect tampering attacks, which provides users with more secure storage. When the number of databases that have not been compromised is greater than or equal to the threshold of the secret sharing algorithm, the proposed scheme can recover the original data with a probability of 1, which effectively improves the robustness of the password manager. Experimental results show that the search time of the scheme is effectively shortened compared with Horcrux.

参考文献/References:

[1] Luevanos C, Elizarraras J, Hirschi K, et al. Analysis on the security and use of password managers[C]//2017 18th International Conference on Parallel and Distributed Computing, Applications and Technologies(PDCAT). Taipei, China,2017: 17-24. DOI:10.1109/pdcat.2017.00013.
[2] Vinton K. Password manager LastPass hacked, exposing encrypted master passwords[EB/OL].(2015-06-15)[2018-07-02]. https://www.forbes.com/sites/katevinton/2015/06/15/password-manager-lastpass-hacked-exposing-encrypted-master-passwords/.
[3] Goodin D. Hacking tool swipes encrypted credentials from password manager[EB/OL].(2015-03-11)[2018-07-02]. http://arstechnica.com/security/2015/11/hacking-tool-swipes-encrypted-credentials-from-password-manager/.
[4] Li H,Evans D. Horcrux: A password manager for paranoids[J]. Computing Research Repository, 2017(10): 1-13.
[5] 李定波, 夏鲁宁, 王展. 基于多云的安全浏览器口令管理器设计与实现[J]. 信息网络安全, 2015(9): 124-128. DOI:10.3969/j.issn.1671-1122.2015.09.029.
Li D B, Xia L N, Wang Z. Design and implementation of a multi-cloud based browser password manager[J].Netinfo Security, 2015(9): 124-128. DOI:10.3969/j.issn.1671-1122.2015.09.029. (in Chinese)
[6] Tian X X, Huang L, Wu T, et al. CloudKeyBank: Privacy and owner authorization enforced key management framework[J].IEEE Transactions on Knowledge and Data Engineering, 2015, 27(12): 3217-3230. DOI:10.1109/tkde.2015.2457903.
[7] Resch J, Plank J. AONT-RS: Blending security and performance in dispersed storage systems[C]//Proceedings of the 9th USENIX Conference on File and Storage Technologies. San Jose, CA, USA, 2011: 14.
[8] Shamir A. How to share a secret[J].Communications of the ACM, 1979, 22(11): 612-613. DOI:10.1145/359168.359176.
[9] Berman I, Haitner I, Komargodski I, et al. Hardness-preserving reductions via cuckoo hashing[J].Journal of Cryptology, 2019, 32(2): 361-392. DOI:10.1007/s00145-018-9293-0.
[10] Rabin M O. Efficient dispersal of information for security, load balancing, and fault tolerance[J].Journal of the ACM, 1989, 36(2): 335-348. DOI:10.1145/62044.62050.
[11] Chen L Q, Laing T M, Martin K M. Revisiting and extending the AONT-RS scheme: A robust computationally secure secret sharing scheme[M]//Progress in Cryptology—AFRICACRYPT 2017. Dakar, Senegal: Springer International Publishing, 2017: 40-57. DOI:10.1007/978-3-319-57339-7_3.
[12] Brassard G, Chaum D, Crépeau C. Minimum disclosure proofs of knowledge[J].Journal of Computer and System Sciences, 1988, 37(2): 156-189. DOI:10.1016/0022-0000(88)90005-0.

备注/Memo

备注/Memo:
收稿日期: 2019-04-04.
作者简介: 秦中元(1974—),男,博士,副教授,zyqin@seu.edu.cn.
基金项目: 国家自然科学基金资助项目(61601113)、江苏省自然科学基金资助项目(BK20161099).
引用本文: 秦中元,韩尹,张群芳,等.一种高可靠的多云存储密码管理器[J].东南大学学报(自然科学版),2019,49(6):1081-1087. DOI:10.3969/j.issn.1001-0505.2019.06.009.
更新日期/Last Update: 2019-11-20