Password-based authentication faces various security and usability issues. Password managers help alleviate some of these issues by enabling users to manage their passwords effectively. However, malicious client-side scripts and browser extensions can steal passwords after they have been autofilled by the manager into the web page. In this paper, we explore what role the password manager can take in preventing the theft of autofilled credentials without requiring a change to user behavior. To this end, we identify a threat model for password exfiltration and then use this threat model to explore the design space for secure password entry implemented using a password manager. We identify five potential designs that address this issue, each with varying security and deployability tradeoffs. Our analysis shows the design that best balances security and usability is for the manager to autofill a fake password and then rely on the browser to replace the fake password with the actual password immediately before the web request is handed over to the operating system to be transmitted over the network. This removes the ability for malicious client-side scripts or browser extensions to access and exfiltrate the real password. We implement our design in the Firefox browser and conduct experiments, which show that it successfully thwarts malicious scripts and extensions on 97\% of the Alexa top 1000 websites, while also maintaining the capability to revert to default behavior on the remaining websites, avoiding functionality regressions. Most importantly, this design is transparent to users, requiring no change to user behavior.
翻译:基于密码的身份认证面临诸多安全与可用性问题。密码管理器通过帮助用户有效管理密码可缓解部分问题,但恶意客户端脚本与浏览器扩展仍能在密码管理器自动填充至网页后窃取密码。本文探讨密码管理器如何在无需改变用户行为的前提下,防止自动填充凭据被盗取。为此,我们首先建立密码泄露威胁模型,并基于该模型探索利用密码管理器实现安全密码输入的设计空间。我们提出了五种具有不同安全性与可部署性权衡的备选设计方案。分析表明,在安全性与可用性间取得最佳平衡的设计是:密码管理器先自动填充一个虚假密码,随后在网页请求移交操作系统进行网络传输前,由浏览器将该虚假密码替换为真实密码。该机制可阻止恶意客户端脚本或浏览器扩展访问并泄露真实密码。我们在Firefox浏览器中实现该方案并开展实验,结果表明该设计能成功抵御Alexa排名前1000网站中97%的恶意脚本与扩展攻击,同时在剩余网站中保持回退至默认行为的能力以避免功能退化。最重要的是,该设计对用户透明,无需改变用户使用习惯。
相关内容
- Today (iOS and OS X): widgets for the Today view of Notification Center
- Share (iOS and OS X): post content to web services or share content with others
- Actions (iOS and OS X): app extensions to view or manipulate inside another app
- Photo Editing (iOS): edit a photo or video in Apple's Photos app with extensions from a third-party apps
- Finder Sync (OS X): remote file storage in the Finder with support for Finder content annotation
- Storage Provider (iOS): an interface between files inside an app and other apps on a user's device
- Custom Keyboard (iOS): system-wide alternative keyboards
Source: iOS 8 Extensions: Apple’s Plan for a Powerful App Ecosystem
微信扫码咨询专知VIP会员