A Multi-Device Password Manager Design Leveraging Threshold Encryption and Trusted Execution Environments
Loading...
Authors
Chan, Jacqueline
Date
2025-06-03
Type
thesis
Language
eng
Keyword
Password manager , Threshold encryption , Trusted execution environments , Intel SGX , Password management , User authentication
Alternative Title
Abstract
Password authentication, despite its usability and security drawbacks, is still one of the most widely used methods of user authentication. Password managers relieve users from the burden of remembering numerous, complicated passwords. However, no current password manager design fully solves the single point of compromise that occurs if a user's device is compromised, or allows sharing passwords with other users without exposing the password itself to other users' devices. We propose PassTEE, a password management scheme that uses trusted execution environments and threshold encryption to protect passwords against compromised personal devices and enable securely sharing passwords with other users. PassTEE can be installed on an arbitrary number of a user's personal devices (e.g., laptops or smartphones) and requires the user to physically possess a minimum threshold number of devices at the same time to use their passwords. PassTEE is the first multi-possession password management scheme that protects passwords (including those shared with other users) against compromised devices without requiring server-side changes.