CAJ | 학술논문

针对客户端口令管理器的各类攻击给用户隐私和数据安全带来了严重的威胁.文章指出离线破解和页面输入窃取是当前主要的口令攻击手段,并且传统的口令保护方案已不足以保证客户端口令的安全.为了防止口令泄露危害用户数据安全,文章提出了一种安全的客户端口令管理器方案:利用改进的PBE加密方式和基于Shadow DOM的数据隔离措施全面有效地解决了客户端口令管理器面临的离线破解和页面输入窃取问题.
침대객호단구령관리기적각류공격급용호은사화수거안전대래료엄중적위협.문장지출리선파해화혈면수입절취시당전주요적구령공격수단,병차전통적구령보호방안이불족이보증객호단구령적안전.위료방지구령설로위해용호수거안전,문장제출료일충안전적객호단구령관리기방안:이용개진적PBE가밀방식화기우Shadow DOM적수거격리조시전면유효지해결료객호단구령관리기면림적리선파해화혈면수입절취문제.
Several types of Attacks targeted at password managers seriously threaten user's privacy and data security. This paper ifnds off-line cracking and password stealing from login page is the major types of password attack on the client side, and traditional password protecting methods no longer effectively protect passwords. To prevent password leakage and cracking endanger user's data, this paper proposes a design of secure password manager: utilizing improved PBE encryption and Shadow DOM based data isolation method to effectively solve the urgent secure problems of password managers.