Abstract

This research introduces a LAN-based password management system tailored for Android devices and FreshTomato routers, offering a secure, localized alternative to cloud-based and device-centric solutions. The system integrates an Android client application with a router-based storage server, utilizing the router’s constant availability within the local network to ensure offline accessibility and reduce dependency on external services or the device itself. Passwords are safeguarded through AES-256 encryption, SHA-512 hashing, and continuous authentication, with communication between client and server facilitated by HTTP and JSON protocols. Testing on emulators and a physical device demonstrated the system’s functionality, rapid response times, and minimal resource usage, confirming its usability and performance. However, limitations include reliance on router availability and location constraints within the LAN. This work establishes a decentralized framework for password management, enhancing user autonomy and resilience against cloud-centric threats. Future enhancements could expand compatibility with other router firmwares and incorporate recovery options.

References

• R. G. Brody, K. Mulig, and J. R. Kimball, "Phishing, pharming, and identity theft," J. Corp. Account. Finance, vol. 18, no. 2, pp. 43–49, Jan. 2007, doi: 10.1002/jcaf.20278.
• N. N. Cele and S. Kwenda, "Do cybersecurity threats and risks have an impact on the adoption of digital banking? A systematic literature review," J. Financial Crime, vol. 32, no. 1, pp. 31–48, Apr. 2024, doi: 10.1108/JFC-10-2023-0263.
• A. Adams and M. A. Sasse, "Users Are Not the Enemy: Why Users Compromise Computer Security Mechanisms and How to Take Remedial Measures," Commun. ACM, vol. 42, no. 12, pp. 40–46, Dec. 1999, doi: 10.1145/322796.322806.
• E. Stobert and R. Biddle, "The Password Life Cycle: User Behaviour in Managing Passwords," in Proc. Symp. Usable Privacy Security (SOUPS), Menlo Park, CA, USA, Jul. 2014, pp. 243–255.
• A. Karole, N. Saxena, and N. Christin, "Why Johnny Can’t Store Passwords Securely: A Usability Evaluation of Password Managers," in Proc. Symp. Usable Privacy Security (SOUPS), Pittsburgh, PA, USA, Jul. 2011, pp. 1–16.
• R. Biddle, E. Stobert, and S. Chiasson, "A Security Analysis of Browser-based Password Managers," in Proc. Netw. Distrib. Syst. Security Symp. (NDSS), San Diego, CA, USA, Feb. 2016, pp. 1–14.
• S. K. Sharma and M. Warkentin, "Privacy Concerns and Trust in the Context of Cloud-Based Services: A Study of User Reactions to Data Breaches," J. Inf. Privacy Security, vol. 15, no. 3, pp. 123–139, Jul. 2019, doi: 10.1080/15536548.2019.1640974.
• D. McCarney, D. Barrera, J. Clark, and P. C. van Oorschot, "Security and Usability Challenges of Moving to Local Password Storage," in Proc. Annu. Comput. Security Appl. Conf. (ACSAC), New Orleans, LA, USA, Dec. 2014, pp. 256–265, doi: 10.1145/2664243.2664261.
• Statcounter, "Mobile Operating System Market Share Worldwide," Sep. 2024. [Online]. Available: https://gs.statcounter.com/os-market-share/mobile/worldwide. [Accessed: Oct. 15, 2024].
• J. B. Billa et al., "PassMan: A New Approach of Password Generation and Management without Storing," in 2019 7th International Conference on Smart Computing & Communications (ICSCC), 2019, pp. 1–6. doi: 10.1109/SCSC.2019.8840591.
• E. Stobert and R. Biddle, "A Password Manager that Doesn’t Remember Passwords," in Proceedings of the 2014 New Security Paradigms Workshop (NSPW '14), Victoria, BC, Canada, 2014, pp. 1–12. doi: 10.1145/2683467.2683471.
• H. A. Saleh, "BANK OF PASSWORDS: A Secure Android Password Manager Implemented Based on Specific Requirements," Al-Kitab Journal for Pure Sciences, vol. 8, no. 1, pp. 40–62, Mar. 2024. doi: 10.32441/kjps.08.01.p5.
• M. Kanela et al., "Secure and Manage Passwords with Encryption and Cloud Storage," in 2021 4th International Conference on Innovative Computing and Communication (ICICC), 2021, pp. 1–4. doi: 10.2139/ssrn.3833469.
• A. Petersen, J. Ko, and J. Pane, "Factors related to the difficulty of learning to program in Java—an empirical study of non-novice programmers," Inf. Softw. Technol., vol. 46, no. 2, pp. 99–107, Feb. 2004, doi: 10.1016/S0950-5849(03)00112-5.
• National Institute of Standards and Technology, "NIST Special Publication 800-63B: Digital Identity Guidelines," Jun. 2017. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf. [Accessed: Oct. 15, 2024].
• Netgear, "Nighthawk X6 AC3200 Tri-Band WiFi Router (R8000) Data Sheet," 2021. [Online]. Available: https://www.downloads.netgear.com/files/GDC/datasheet/en/R8000.pdf. [Accessed: Oct. 15, 2024].