password manager, data privacy, format-preserving encryption, Shadow Document Object Model (DOM)
The leakage of sensitive data occurs on a large scale and with increasingly serious impact. It may cause privacy disclosure or even property damage. Password leakage is one of the fundamental reasons for information leakage, and its importance is must be emphasized because users are likely to use the same passwords for different Web application accounts. Existing approaches use a password manager and encrypted Web application to protect passwords and other sensitive data; however, they may be compromised or lack accessibility. The paper presents SecureWeb, which is a secure, practical, and user-controllable framework for mitigating the leakage of sensitive data. SecureWeb protects users’ passwords and aims to provide a unified protection solution to diverse sensitive data. The efficiency of the developed schemes is demonstrated and the results indicate that it has a low overhead and are of practical use.
Tsinghua University Press
Shuang Liang, Yue Zhang, Bo Li et al. SecureWeb: Protecting Sensitive Information Through the Web Browser Extension with a Security Token. Tsinghua Science and Technology 2018, 23(5): 526-538.