Privatizing user credential information of Web services in a shared user environment

TL;DR

This paper proposes a method to privatize user credentials in shared environments, preventing unauthorized access even when auto-login features are enabled, by implementing masking techniques that require root authentication to disable.

Contribution

It introduces a novel credential masking system that enhances privacy in shared web environments, allowing root users to control access without re-entering credentials repeatedly.

Findings

Effective credential masking prevents unauthorized access.

Root authentication is required to disable masked mode.

System seamlessly resumes auto-login after unmasking.

Abstract

User credentials security is one of the most important tasks in Web World. Most Web sites on the Internet that support user accounts store the users credentials in a database. Now a days, most of the web browsers offer auto login feature for the favorite web sites such as yahoo, google, gmail etc. using these credential information. This facilitates the misuse of user credentials. Privatizing user credential information of web services in a shared user environment provides a feature enhancement where the root user will be able to privatize his stored credentials by enforcing some masking techniques such that even a user logs on to the system with root user credentials, he will not be able to access privatized data. In case of web browsers auto login feature, a root user can disable the feature manually by deleting entries from web browsers' saved password list. But this involves spending a considerable amount of time and the biggest problem is that he has to insert those credentials once again when he next visits these websites. This application resumes auto login feature whenever root user disable the masked mode. The application includes two parts: Masked Application Mode and Disabling the Masked Application Mode. When the system goes for masked application mode, the other user will not be able to use the credentials of the root user.If the other user tries to access any of the web pages which have been masked, the other user will have to authenticate with his own credentials. Disabling the masked mode requires authentication from the root user. As long as this credential is not shared, masked mode can be disabled only by the root user.