Kamouflage: Loss-Resistant Password Management

By Hristo Bojinov, Dan Boneh, Xavier Boyen, and Elie Bursztein.

In Computer Security (ESORICS 2010), volume 6345 of Lecture Notes in Computer Science, pages 286-302. Springer, 2010.


We introduce Kamouflage: a new architecture for building theft-resistant password managers. An attacker who steals a laptop or cell phone with a Kamouflage-based password manager is forced to carry out a considerable amount of online work before obtaining any user credentials. We implemented our proposal as a replacement for the built-in Firefox password manager, and provide performance measurements and the results from experiments with large real-world password sets to evaluate the feasibility and effectiveness of our approach. Kamouflage is well suited to become a standard architecture for password managers on mobile devices.


- published paper (PS) (PDF) (also accessible from the publisher) ©
- full version (PS) (PDF)
- presentation slides (HTML)


  author = {Hristo Bojinov and Dan Boneh and Xavier Boyen and Elie Bursztein},
  title = {Kamouflage: Loss-Resistant Password Management},
  booktitle = {Computer Security---ESORICS 2010},
  series = {Lecture Notes in Computer Science},
  volume = {6345},
  pages = {286--302},
  publisher = {Berlin: Springer-Verlag},
  year = {2010},
  note = {Available at \url{http://www.cs.stanford.edu/~xb/esorics10/}}

Unless indicated otherwise, these documents are Copyright © Xavier Boyen; all rights reserved in all countries.
Back to Xavier's homepage