Journal of Cybersecurity and Privacy (Jun 2022)

Bingo: A Semi-Centralized Password Storage System

  • Abdullah F. Al-Aboosi,
  • Matan Broner,
  • Fadhil Y. Al-Aboosi

DOI
https://doi.org/10.3390/jcp2030023
Journal volume & issue
Vol. 2, no. 3
pp. 444 – 465

Abstract

Read online

A lack of security best practices in modern password storage has led to a dramatic rise in the number of online data breaches, resulting in financial damages and lowered trust in online service providers. This work aims to explore the question of how leveraging decentralized storage paired with a centralized point of authentication may combat such attacks. A solution, “Bingo”, is presented, which implements browser side clients which store password shares for a centralized proxy server. Bingo is a fully formed system which allows for modern browsers to store and retrieve a dynamic number of anonymized password shares, which are used when authenticating users. Thus, Bingo is the first solution to prove that distributed password storage functions in the context of the modern web. Furthermore, Bingo is evaluated in both simulation and cloud in order to show that it achieves high rates of system liveness despite its dependence on its users being active at given intervals. In addition, a novel simulator is presented which allows future researchers to mock scheduled behavior of online users. This work concludes that with the rise in online activity, decentralization may play a role in increasing data security.

Keywords