{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,10]],"date-time":"2024-09-10T21:38:23Z","timestamp":1726004303141},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030017033"},{"type":"electronic","value":"9783030017040"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-01704-0_16","type":"book-chapter","created":{"date-parts":[[2018,12,28]],"date-time":"2018-12-28T16:02:50Z","timestamp":1546012970000},"page":"291-308","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Detecting and Defending Against Certificate Attacks with Origin-Bound CAPTCHAs"],"prefix":"10.1007","author":[{"given":"Adil","family":"Ahmad","sequence":"first","affiliation":[]},{"given":"Faizan","family":"Ahmad","sequence":"additional","affiliation":[]},{"given":"Lei","family":"Wei","sequence":"additional","affiliation":[]},{"given":"Vinod","family":"Yegneswaran","sequence":"additional","affiliation":[]},{"given":"Fareed","family":"Zaffar","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,12,29]]},"reference":[{"key":"16_CR1","unstructured":"CertLock - SecureW2. https:\/\/www.securew2.com\/products\/certlock\/"},{"key":"16_CR2","unstructured":"Securimage PHP Captcha. https:\/\/www.phpcaptcha.org\/"},{"key":"16_CR3","unstructured":"Heise SSL Guardian: Protection against unsafe SSL certificates (2008). www.h-online.com\/security\/features\/Heise-SSL-Guardian-746213.html"},{"key":"16_CR4","unstructured":"Comodo report of incident (2011). https:\/\/www.comodo.com\/ComodoFraud-Incident-2011-03-23.html."},{"key":"16_CR5","unstructured":"Google 2-Step Verification, September 2016. https:\/\/www.google.com\/landing\/2step\/"},{"key":"16_CR6","unstructured":"Node.js, July 2016. https:\/\/www.nodejs.org\/en\/"},{"key":"16_CR7","unstructured":"Sites using CAPTCHAS, July 2016. https:\/\/wappalyzer.com\/categories\/captchas"},{"issue":"6","key":"16_CR8","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1145\/2184319.2184335","volume":"55","author":"D Abts","year":"2012","unstructured":"Abts, D., Felderman, B.: A guided tour of data-center networking. Commun. ACM 55(6), 44\u201351 (2012)","journal-title":"Commun. ACM"},{"key":"16_CR9","doi-asserted-by":"crossref","unstructured":"Alicherry, M., Keromytis, A.D.: DoubleCheck: multi-path verification against man-in-the-middle attacks. In: IEEE Symposium on Computers and Communications, ISCC 2009, pp. 557\u2013563. IEEE (2009)","DOI":"10.1109\/ISCC.2009.5202224"},{"key":"16_CR10","unstructured":"Balfanz, D., Hamilton, R.: Transport layer security (TLS) channel IDs. IETF Draft (2013)"},{"key":"16_CR11","unstructured":"Bursztein, E., Aigrain, J., Moscicki, A., Mitchell, J.C.: The end is nigh: generic solving of text-based CAPTCHAs. In: 8th USENIX Workshop on Offensive Technologies (WOOT 2014) (2014)"},{"key":"16_CR12","doi-asserted-by":"crossref","unstructured":"Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C., Jurafsky, D.: How good are humans at solving CAPTCHAs? A large scale evaluation. In: IEEE Symposium on Security and Privacy, pp. 399\u2013413 (2010)","DOI":"10.1109\/SP.2010.31"},{"key":"16_CR13","doi-asserted-by":"crossref","unstructured":"Bursztein, E., Moscicki, A., Fabry, C., Bethard, S., Mitchell, J.C., Jurafsky, D.: Easy does it: more usable CAPTCHAs. In: Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems, pp. 2637\u20132646. ACM (2014)","DOI":"10.1145\/2556288.2557322"},{"key":"16_CR14","unstructured":"captchas.net: Free captcha-service. http:\/\/captchas.net\/"},{"key":"16_CR15","unstructured":"Dietz, M., Czeskis, A., Balfanz, D., Wallach, D.S.: Origin-bound certificates: a fresh approach to strong client authentication for the web. Presented as part of the 21st USENIX Security Symposium (USENIX Security 2012), pp. 317\u2013331 (2012)"},{"key":"16_CR16","doi-asserted-by":"crossref","unstructured":"Evans, C., Palmer, C., Sleevi, R.: Public key pinning extension for HTTP. Technical report (2015)","DOI":"10.17487\/RFC7469"},{"issue":"8","key":"16_CR17","doi-asserted-by":"publisher","first-page":"1199","DOI":"10.1002\/sec.825","volume":"7","author":"U Ferraro Petrillo","year":"2014","unstructured":"Ferraro Petrillo, U., Mastroianni, G., Visconti, I.: The design and implementation of a secure CAPTCHA against man-in-the-middle attacks. Secur. Commun. Netw. 7(8), 1199\u20131209 (2014)","journal-title":"Secur. Commun. Netw."},{"issue":"1","key":"16_CR18","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1049\/iet-ifs.2014.0381","volume":"10","author":"H Gao","year":"2016","unstructured":"Gao, H., et al.: Robustness of text-based completely automated public turing test to tell computers and humans apart. IET Inf. Secur. 10(1), 45\u201352 (2016)","journal-title":"IET Inf. Secur."},{"key":"16_CR19","doi-asserted-by":"crossref","unstructured":"Gao, S., Mohamed, M., Saxena, N., Zhang, C.: Emerging image game CAPTCHAs for resisting automated and human-solver relay attacks. In: Proceedings of the 31st Annual Computer Security Applications Conference. ACSAC (2015)","DOI":"10.1145\/2818000.2818006"},{"key":"16_CR20","unstructured":"Karapanos, N., Capkun, S.: On the effective prevention of TLS man-in-the-middle attacks in web applications. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 671\u2013686 (2014)"},{"key":"16_CR21","unstructured":"Karapanos, N., Marforio, C., Soriente, C., Capkun, S.: Sound-proof: usable two-factor authentication based on ambient sound. In: 24th USENIX Security Symposium (USENIX Security 2015), pp. 483\u2013498 (2015)"},{"key":"16_CR22","doi-asserted-by":"crossref","unstructured":"Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 58\u201371. ACM (2007)","DOI":"10.1145\/1315245.1315254"},{"key":"16_CR23","doi-asserted-by":"crossref","unstructured":"Kim, T.H.J., Huang, L.S., Perring, A., Jackson, C., Gligor, V.: Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 679\u2013690. ACM (2013)","DOI":"10.1145\/2488388.2488448"},{"issue":"11","key":"16_CR24","doi-asserted-by":"publisher","first-page":"2640","DOI":"10.1109\/TIFS.2017.2718479","volume":"12","author":"M Osadchy","year":"2017","unstructured":"Osadchy, M., Hernandez-Castro, J., Gibson, S., Dunkelman, O., P\u00e9rez-Cabo, D.: No bot expects the DeepCAPTCHA! Introducing immutable adversarial examples, with applications to CAPTCHA generation. IEEE Trans. Inf. Forensics Secur. 12(11), 2640\u20132653 (2017)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"3","key":"16_CR25","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1109\/MIC.2013.27","volume":"17","author":"SB Roosa","year":"2013","unstructured":"Roosa, S.B., Schultze, S.: Trust darknet: control and compromise in the internet\u2019s certificate authority model. IEEE Internet Comput. 17(3), 18\u201325 (2013)","journal-title":"IEEE Internet Comput."},{"key":"16_CR26","unstructured":"Shultze, S.: Diginotar hack highlights critical failures of our SSL web security model, September 2011. https:\/\/freedom-to-tinker.com\/blog\/sjs\/diginotar-hack-highlights-critical-failures-our-ssl-web-security-model"},{"key":"16_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"250","DOI":"10.1007\/978-3-642-27576-0_20","volume-title":"Financial Cryptography and Data Security","author":"C Soghoian","year":"2012","unstructured":"Soghoian, C., Stamm, S.: Certified lies: detecting and defeating government interception attacks against SSL (short paper). In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 250\u2013259. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-27576-0_20"},{"key":"16_CR28","doi-asserted-by":"crossref","unstructured":"Syta, E., et al.: Keeping authorities \u201chonest or bust\u201d with decentralized witness cosigning. arXiv preprint arXiv:1503.08768 (2015)","DOI":"10.1109\/SP.2016.38"},{"key":"16_CR29","doi-asserted-by":"crossref","unstructured":"Szalachowski, P., Matsumoto, S., Perrig, A.: PoliCert: Secure and flexible TLS certificate management. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 406\u2013417. ACM (2014)","DOI":"10.1145\/2660267.2660355"},{"key":"16_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"294","DOI":"10.1007\/3-540-39200-9_18","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2003","author":"L Ahn von","year":"2003","unstructured":"von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: using hard AI problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294\u2013311. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-39200-9_18"},{"key":"16_CR31","unstructured":"Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: improving SSH-style host authentication with multi-path probing. In: USENIX Annual Technical Conference, vol. 200 (2008)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-01704-0_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,13]],"date-time":"2019-11-13T06:02:58Z","timestamp":1573624978000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-01704-0_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030017033","9783030017040"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-01704-0_16","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"SecureComm","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security and Privacy in Communication Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 August 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 August 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"securecomm2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/securecomm.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}