Kamouflage: loss-resistant password management

Full textClick to download.
CitationIn proceedings of ESORICS 2010.
AuthorsH. Bojinov
E. Bursztein
X. Boyen
D. Boneh


We introduce Kamouflage: a new architecture for building theft-resistant password managers. An attacker who steals a laptop or cell phone with a Kamouflage-based password manager is forced to carry out a considerable amount of online work before obtaining any user credentials. We implemented our proposal as a replacement for the built-in Firefox password manager, and provide performance measurements and the results from experiments with large real-world password sets to evaluate the feasibility and effectiveness of our approach. Kamouflage is well suited to become a standard architecture for password managers on mobile devices.

Back to publications
Back to previous page