Skip directly to content

Minimize RSR Award Detail

Research Spending & Results

Award Detail

Awardee:TEXAS A&M ENGINEERING EXPERIMENT STATION
Doing Business As Name:Texas A&M Engineering Experiment Station
PD/PI:
  • Nitesh Saxena
  • (979) 845-2776
  • nsaxena@tamu.edu
Award Date:09/21/2021
Estimated Total Award Amount: $ 450,000
Funds Obligated to Date: $ 253,041
  • FY 2017=$253,041
Start Date:08/15/2021
End Date:07/31/2022
Transaction Type:Grant
Agency:NSF
Awarding Agency Code:4900
Funding Agency Code:4900
CFDA Number:47.070
Primary Program Source:040100 NSF RESEARCH & RELATED ACTIVIT
Award Title or Description:SaTC: TTP: Small: SPHINX: A Password Store that Perfectly Hides Passwords from Itself
Federal Award ID Number:2152669
DUNS ID:847205572
Parent DUNS ID:042915991
Program:Secure &Trustworthy Cyberspace
Program Officer:
  • Robert Beverly
  • (703) 292-7068
  • rbeverly@nsf.gov

Awardee Location

Street:400 Harvey Mitchell Pkwy S
City:College Station
State:TX
ZIP:77845-4645
County:College Station
Country:US
Awardee Cong. District:17

Primary Place of Performance

Organization Name:Texas A&M Engineering Experiment Station
Street:
City:
State:TX
ZIP:77845-4375
County:College Station
Country:US
Cong. District:17

Abstract at Time of Award

Password managers represent a security technique that allows a user to store and retrieve passwords for multiple password-protected web services by interacting with a 'manager' (e.g., an online third-party service) on the basis of a single master password. However, current password managers are highly vulnerable to leakage of all passwords in the event the manager is compromised or malicious. This project builds, studies, and deploys a novel approach to online password management, called SPHINX, which remains secure even when the password manager itself has been compromised. In SPHINX, the data stored on the manager is information theoretically independent of the user's master password, meaning that an attacker breaking into the manager learns no information about the master password or the user's individual passwords. SPHINX, once deployed, offers an improved level of protection and usability to everyday Internet users. The research is being integrated with educational activities in the form of advanced curriculum development and student mentoring in the broad domains of Authentication and Human-Computer Interaction. The involvement of high school and K-12 students, and minority populations broadens the reach of the project. Collaboration with manufacturers and industrial consortia facilitatws technology transfer and transition to real world use. The technical design and security of SPHINX is based on the device-enhanced PAKE model that provides the theoretical basis for this construction and is backed by cryptographic proofs of security. Overall, the project designs, implements and evaluates the computational/communication performance of a full online SPHINX system offering browser plugins and a service-side (or manager-side) application. As a main component of the design, the project highlights and addresses the challenges associated in building transparent and robust bidirectional manager-browser communication. Usability studies of the SPHINX system are also being conducted in both lab and real-life settings. Further, after refining the system software and UI designs informed by the results of the usability studies, SPHINX will be piloted in the field settings. Upon completion of this pilot deployment, the system will be ready for an eventual full-fledged deployment in the real world.

For specific questions or comments about this information including the NSF Project Outcomes Report, contact us.