pVault:Secure Password Manager


 pValut Overview

  1. pVault Overwiew:

    2. Most widely used form of authentication on the web is through passwords. Passwords are amongst the most important information to be protected. People use passwords to protect their online banking accounts, access emails and web pages that are only open to the registered members.

    Most Web users find it difficult to remember a unique password for every website they visit. To combat this problem, users either use one password for majority of the websites or use very weak passwords. Weak passwords are usually some combinations of dictionary words, user's birthday, spouse's name or some other personal information. Conjecturing such passwords becomes an easy task. Another widely popular attack which makes use of the fact that users use one password for a majority of websites is that of an adversary getting hold of a user’s passwords on weakly protected website and using it to gain access to the strongly protected sites such as online banking accounts.

    pVault is the software tool for password generation and protection that helps solve the above problems. It provides a secure service for people to store their strong passwords encrypted on the third-party storage and retrieve them back whenever necessary. Decryption is done at a trusted machine thereby preventing even the remote server to have any knowledge about the user’s passwords. When the user visits a webpage, pVault fetches all the passwords from the remote server and automatically fills in the required password on the web page. The user now has to remember only one password to authenticate with pVault. Since the passwords are stored at remote server it provides the user with mobile access to their passwords. pVault helps users during the registration process with a website by generating and filling the appropriate password textboxes with strong passwords.

    There is other software floating around that give users the convenience to manage their passwords. However, most of them require storing the encrypted password on the local machines without providing mobility. Some of them does not offer auto fill feature, therefore are vulnerable to keyboard monitoring attacks when used on un-trusted machines, such as the machines in cybercafés. pVault has these important features and we are still working to provide more functionalities.

This Work is supported by NSF Grant No IIS-0220069 and NSF award Nos 0331707 and 0331690.