| dc.description.abstract | Using one password for all web services is not secure because the leakage of the password compromises all the web services accounts; while using independent passwords for different web services is inconvenient for the identity claimant to memorize. A password manager is used to address this security-convenience paradox by storing and retrieving multiple existing passwords using one master password. On the other hand, a password manager liberates human brain by enabling people to generate strong passwords without worry about memorizing them. While a password manager provides a convenient and secure way to manage multiple passwords, it centralizes the passwords storage and shifts the risk of passwords leakage from distributed service providers to a software or token authenticated by a single master password. Concerned about this one master password based security, biometrics could be used as a second factor for authentication by verifying the ownership of the master password. However, biometrics based authentication is more privacy concerned than a non-biometric password manager. Therefore, our goal in this thesis work is to design a privacy preserved and security enhanced password manger by using the human unique biometrics attributes. Based on the purpose, several technical aspects i.e., authentication schemes, existing password manager taxonomy, biometrics template protection, offline storage techniques, encryption and decryption algorithms and so on have been surveyed in this thesis. A novel scheme for password manager authentication, password binding, releasing and protecting is proposed. On the basis of the proposed scheme, a global structure is designed for a real password manager named NBLpass, which is implemented as well. NbLpass password manager uses the proposed privacy-preserved and security-enhanced scheme through combining facial features with plain text password, and it is capable of working locally and being synchronized with a cloud database. By using the NBLpass password manager, a user needs only to login to the password manager using one password (called the master key) and his / her freshly captured biometric data prior to the authentication of a web service. | nb_NO |
