Search for: All records

Password managers provide significant security benefits to users. However, malicious client-side scripts and browser extensions can steal passwords after the manager has autofilled them into the web page. In this paper, we extend prior work by Stock and Johns, showing how password autofill can be hardened to prevent these local attacks. We implement our design in the Firefox browser and conduct experiments demonstrating that our defense successfully protects passwords from XSS attacks and malicious extensions. We also show that our implementation is compatible with 97% of the Alexa top 1000 websites. Next, we generalize our design, creating a second defense that prevents recently discovered local attacks against the FIDO2 protocols. We implement this second defense into Firefox, demonstrating that it protects the FIDO2 protocol against XSS attacks and malicious extensions. This defense is compatible with all websites, though it does require a small change (2–3 lines) to web servers implementing FIDO2. 

Plausible deniability in cryptography allows users to deny their participation in a particular communication or the contents of their messages, thereby ensuring privacy. Popular end-to-end encrypted messaging apps employ the Signal protocol, which incorporates message deniability. However, their current user interfaces only allow access to the blunt tool of message deletion. Denying a message requires users to claim that the counterpart in their conversation has the technical sophistication to forge a message when no usable message forgery tools are available. We evaluate a step towards bridging this gap in the form of a new transcript-editing feature implemented within the Signal app which allows each user to maintain an independent, locally-editable transcript of their conversation. We gave users hands-on experience with this app in the context of resolving a social dispute, and measured their ability to understand its implications both technically and ethically. Users find our interface intuitive and can reason about deniability, but are divided by which circumstances for which deniability is appropriate or desirable. We recommend users be given transparent access to choose when their conversations are deniable versus non-repudiable, instead of the status quo of somewhere-in-between. Our study introduces a novel approach by providing hands-on experience and evaluating its usability. This method offers insights into practical deniability implementation and lays the groundwork for future research. 

Two-factor authentication (2FA) defends against account compromise by protecting an account with both a password—the primary authentication factor—and a device or resource that is hard to steal—the secondary authentication factor (SAF). However, prior research shows that users need help registering their SAFs with websites and successfully enabling 2FA. To address these issues, we propose the concept of a SAF manager that helps users manage SAFs through their entire life cycle: setup, authentication, removal, replacement, and auditing. We design and implement two proof-of-concept prototypes. In a between-subjects user study (N=60), we demonstrate that our design improves users' ability to correctly and quickly setup and remove a SAF on their accounts. Qualitative results show that users responded very positively to the SAF manager and were enthusiastic about its ability to help them rapidly replace a SAF. Furthermore, our SAF manager prevented fatal errors that users experienced when not using the manager.