PhD Qualifying Exam Presentation
Date: Tuesday, March 7, 2017 at 12:00 PM in Rice 204
Committee: David Evans (Advisor), Baishakhi Ray, Yanjun Qi, and Vicente Ordonez
Horcrux, A Password Manager for Paranoids
ABSTRACT: Password manager vulnerabilities persist because current designs provide large attack surfaces, both at the client and server. We describe and evaluate Horcrux, a password manager that is designed holistically to minimize and decentralize trust, while retaining the usability of a traditional password manager. The prototype Horcrux client, implemented as a Firefox add-on, is split into two components, with code that has access to the user’s master’s password and any key material isolated into a small auditable component, separate from the complexity of managing the user interface. Instead of exposing actual credentials to the DOM, a dummy username and password are autofilled by the untrusted component. The trusted component intercepts and modifies POST requests before they are encrypted and sent over the network. To avoid trusting a centralized store, stored credentials are secret-shared over multiple servers, and only combined when needed for an outgoing request. Our design depends on websites not manipulating the actual password client-side, so we conducted a large-scale experiment that found the technique is compatible with over 98% of login forms used in Alexa’s top million sites.