Change search
ReferencesLink to record
Permanent link

Direct link
Design and Analysis of a Password Management System
Norwegian University of Science and Technology, Faculty of Information Technology, Mathematics and Electrical Engineering, Department of Electronics and Telecommunications.
2014 (English)MasteroppgaveStudent thesis
Abstract [en]

Managing passwords is a significant problem for most people in the modern world. In this thesis, a password management system has been designed and implemented as an iOS application called PassCue. PassCue is based on the Shared Cues password management model, proposed by J. Blocki, M. Blum and A. Datta in “Naturally Rehearsing Passwords”. The design and implementation choices, as well as parameter evaluation, were important in order to create a usable and secure system. PassCue uses cues to share secrets across multiple accounts in order to achieve the competing usability and security goals. PassCue provides higher security than many of the popular password management schemes without significant reduction in usability. The probability that an attacker will compromise an account in an online attack is 1.47656 × 10^(-16) for PassCue (9,4,3) and (43,4,1), and 3.69140 × 10^(-21) for PassCue (60,5,1). In an offline attack with no previous plaintext leaks, cracking the PassCue (9,4,3) and (43,4,1) password will take over 38 years and cost over $700, 000. Cracking the PassCue (60,5,1) password would take over 1.5 million days and cost $2.84442×10^(10) using technology known today. PassCue (9,4,3) does not require the user to invest additional time in order to maintain the passwords in memory, but in PassCue (43,4,1) and PassCue (60,5,1) the user must perform 11 and 20 extra rehearsals respectively. The PassCue design and implementation can easily be customized to support different usability and security needs. The PassCue application utilizes a low percentage of the CPU and memory of an iPhone 5, and uses less then 1% of the CPU and 5.9MB of memory in idle state.

Place, publisher, year, edition, pages
Institutt for elektronikk og telekommunikasjon , 2014. , 112 p.
URN: urn:nbn:no:ntnu:diva-26176Local ID: ntnudaim:11209OAI: diva2:745182
Available from: 2014-09-09 Created: 2014-09-09 Last updated: 2014-09-09Bibliographically approved

Open Access in DiVA

fulltext(7609 kB)1347 downloads
File information
File name FULLTEXT01.pdfFile size 7609 kBChecksum SHA-512
Type fulltextMimetype application/pdf
cover(184 kB)6 downloads
File information
File name COVER01.pdfFile size 184 kBChecksum SHA-512
Type coverMimetype application/pdf
attachment(462 kB)5 downloads
File information
File name ATTACHMENT01.zipFile size 462 kBChecksum SHA-512
Type attachmentMimetype application/zip

By organisation
Department of Electronics and Telecommunications

Search outside of DiVA

GoogleGoogle Scholar
Total: 1347 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 143 hits
ReferencesLink to record
Permanent link

Direct link