Kamouflage: loss-resistant password management

Authors: H. Bojinov, E. Bursztein, X. Boyen, and D. Boneh

We introduce Kamouflage: a new architecture for building theft-resistant password managers. An attacker who steals a laptop or cell phone with a Kamouflage-based password manager is forced to carry out a considerable amount of online work before obtaining any user credentials. We implemented our proposal as a replacement for the built-in Firefox password manager, and provide performance measurements and the results from experiments with large real-world password sets to evaluate the feasibility and effectiveness of our approach. Kamouflage is well suited to become a standard architecture for password managers on mobile devices.

In proceedings of ESORICS 2010.   [BIBTEX]

Full paper: pdf