CredProxy: A Password Manager for Online Authentication Environments

Golrang, Mohammad Saleh

20 December 2012

Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing.

Dictionary Attacks

Password Managers

Password Security

Website User Authentication

Virtual Keyboards

MITB Attacks

CredProxy: A Password Manager for Online Authentication Environments

Golrang, Mohammad Saleh

20 December 2012

Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing.

Dictionary Attacks

Password Managers

Password Security

Website User Authentication

Virtual Keyboards

MITB Attacks

2D vs 3D in a touch-free hand gesture based interface : An exploration of how 2D and 3D visual aids affect a user’s ability to learn a new interface

Shields, Christopher

January 2014

3D is a popular topic as an increasing amount of media and technology begin to support 3D interaction.  With the rise of interest in 3D interaction, the question of why there is a demand and desire for 3D over 2D interaction becomes relevant. This thesis compares the differences between a 3D heads up display and a 2D heads up display for a touch free gesture based virtual keyboard.  The gesture interface used in the tests is a way of communicating with a system using gestures of the hands tracked by a motion sensor.  This thesis tested 16 users where half of the users used a 2D version of a heads up display and the other half used a 3D version of a heads up display.  Both user groups were tested with identical conditions and in an identical environment.  Raw statistical data was gathered from a logging mechanism in the interface and qualitative data was gathered from questionnaires and observation notes.  The results from the experiment showed that the 2D and 3D heads up display gave very similar results. However, results also showed slightly better qualitative results from the 3D heads up display observation and questionnaire data.  The conclusion indicated no clear advantage for the 2D version or the 3D version.  The discussion shows that many other factors in the design process and selection of users, play a large role in the comparison of 2D vs 3D visualizations.  Factors such as age and familiarity with different levels of technology are indicated to be contributing factors when comparing 2D vs 3D.  The results and discussion hope to provide a starting point for future comparison research in the field of 2D compared to 3D visualization.

Gestures

2D

3D

Interfaces

Virtual Keyboards

Heads Up Display

HUD

Touch-Free

CredProxy: A Password Manager for Online Authentication Environments

Golrang, Mohammad Saleh

January 2013

Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing.

Dictionary Attacks

Password Managers

Password Security

Website User Authentication

Virtual Keyboards

MITB Attacks