• Login
    View Item 
    •   Home
    • Research Publications
    • Engineering & Technology
    • Department of Electronics, Computing & Maths
    • View Item
    •   Home
    • Research Publications
    • Engineering & Technology
    • Department of Electronics, Computing & Maths
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Browse

    All of UDORACommunitiesTitleAuthorsIssue DateSubmit DateSubjectsThis CollectionTitleAuthorsIssue DateSubmit DateSubjects

    My Account

    LoginRegister

    About and further information

    AboutOpen Access WebpagesOpen Access PolicyTake Down Policy University Privacy NoticeUniversity NewsTools for ResearchersLibraryUDo

    Statistics

    Display statistics

    Forensically-sound analysis of security risks of using local password managers

    • CSV
    • RefMan
    • EndNote
    • BibTex
    • RefWorks
    Thumbnail
    Name:
    (pre-print) Gray, Franqueira & ...
    Size:
    341.0Kb
    Format:
    PDF
    Description:
    pre-print version
    Download
    Authors
    Gray, Joshua
    Franqueira, Virginia N. L. cc
    Yu, Yijun cc
    Affiliation
    University of Derby
    The Open University
    Issue Date
    2016-09-12
    
    Metadata
    Show full item record
    Abstract
    Password managers address the usability challenge of authentication, i.e., to manage the effort in creating, memorising, and entering complex passwords for an end-user. Offering features such as creating strong passwords, managing increasing number of complex passwords, and auto-filling of passwords for variable contexts, their security is as critical as the assets being protected by the passwords. Previous security risk analyses have focused primarily on cloud- and browser-based password managers, whilst the security risks of local password managers were left under-explored. Taking a systematic forensic analysis approach, this paper reports on a case study of three popular local password managers: KeePass (v2.28), Password Safe (v3.35.1) and RoboForm (v7.9.12). It revealed risks that either the master password or the content of the password database could be found unencrypted in Temp folders, Page files or Recycle bin, even after applications had been closed. As a consequence, an attacker or a malware with access to the computer on which the password managers were running may be able to steal sensitive information, even though these password managers are meant to keep the databases encrypted and protected at all times. These findings point to directions to mitigate the identified risks.
    Citation
    Gray, Joshua; Franqueira, Virginia N. L. and Yu, Yijun (2016). Forensically-Sound Analysis of Security Risks of using Local Password Managers. In: 1st International Workshop on Requirements Engineering for Investigating and Countering Crime, 13 September 2016, Beijing, IEEE.
    Publisher
    IEEE Computer Society
    URI
    http://hdl.handle.net/10545/620627
    DOI
    10.1109/REW.2016.034
    Additional Links
    http://ieeexplore.ieee.org/document/7815617/
    http://irenic.lero.ie/programme.html
    Type
    Meetings and Proceedings
    Language
    en
    ISBN
    9781509036943
    ae974a485f413a2113503eed53cd6c53
    10.1109/REW.2016.034
    Scopus Count
    Collections
    Department of Electronics, Computing & Maths

    entitlement

     
    DSpace software (copyright © 2002 - 2021)  DuraSpace
    Quick Guide | Contact Us
    Open Repository is a service operated by 
    Atmire NV
     

    Export search results

    The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

    By default, clicking on the export buttons will result in a download of the allowed maximum amount of items.

    To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

    After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.