{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T20:25:07Z","timestamp":1743107107669,"version":"3.40.3"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030299583"},{"type":"electronic","value":"9783030299590"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-29959-0_30","type":"book-chapter","created":{"date-parts":[[2019,9,14]],"date-time":"2019-09-14T23:04:10Z","timestamp":1568502250000},"page":"619-637","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Finding Flaws from Password Authentication Code in Android Apps"],"prefix":"10.1007","author":[{"given":"Siqi","family":"Ma","sequence":"first","affiliation":[]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[]},{"given":"Surya","family":"Nepal","sequence":"additional","affiliation":[]},{"given":"Juanru","family":"Li","sequence":"additional","affiliation":[]},{"given":"Diethelm","family":"Ostry","sequence":"additional","affiliation":[]},{"given":"Robert H.","family":"Deng","sequence":"additional","affiliation":[]},{"given":"Sanjay","family":"Jha","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,9,15]]},"reference":[{"key":"30_CR1","doi-asserted-by":"crossref","unstructured":"Alghamdi, K., Alqazzaz, A., Liu, A., Ming, H.: IoTVerif: an automated tool to verify SSL\/TLS certificate validation in Android MQTT client applications. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 95\u2013102. ACM (2018)","DOI":"10.1145\/3176258.3176334"},{"issue":"12","key":"30_CR2","doi-asserted-by":"publisher","first-page":"1226","DOI":"10.1057\/palgrave.jors.2600474","volume":"48","author":"J Barzilai","year":"1997","unstructured":"Barzilai, J.: Deriving weights from pairwise comparison matrices. J. Oper. Res. Soc. 48(12), 1226\u20131232 (1997)","journal-title":"J. Oper. Res. Soc."},{"key":"30_CR3","doi-asserted-by":"crossref","unstructured":"Burke, M., Cytron, R.: Interprocedural dependence analysis and parallelization, vol. 21. ACM (1986)","DOI":"10.1145\/12276.13328"},{"key":"30_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"583","DOI":"10.1007\/978-3-540-45146-4_34","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"B Canvel","year":"2003","unstructured":"Canvel, B., Hiltgen, A., Vaudenay, S., Vuagnoux, M.: Password interception in a SSL\/TLS channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 583\u2013599. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_34"},{"key":"30_CR5","doi-asserted-by":"crossref","unstructured":"Chen, J., Jiang, J., Duan, H., Weaver, N., Wan, T., Paxon, V.: Host of troubles: multiple host ambiguities in http implementations. In: Proceedings of the 2016 ACM Conference on Computer and Communications Security (CCS), pp. 1516\u20131527. ACM (2016)","DOI":"10.1145\/2976749.2978394"},{"key":"30_CR6","doi-asserted-by":"crossref","unstructured":"Chen, J., et al.: IoTFuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS). Citeseer (2018)","DOI":"10.14722\/ndss.2018.23159"},{"key":"30_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"294","DOI":"10.1007\/978-3-319-30303-1_20","volume-title":"Foundations and Practice of Security","author":"F Gagnon","year":"2016","unstructured":"Gagnon, F., Ferland, M.-A., Fortier, M.-A., Desloges, S., Ouellet, J., Boileau, C.: AndroSSL: a platform to test Android applications connection security. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds.) FPS 2015. LNCS, vol. 9482, pp. 294\u2013302. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-30303-1_20"},{"key":"30_CR8","doi-asserted-by":"publisher","first-page":"366","DOI":"10.1016\/j.future.2016.08.019","volume":"74","author":"Christian J. D\u2019Orazio","year":"2017","unstructured":"D\u2019Orazio, C.J., Choo, K.K.R.: A technique to circumvent SSL\/TLS validations on iOS devices. J. Future Gener. Comput. Syst. 74, 366\u2013374 (2017)","journal-title":"Future Generation Computer Systems"},{"key":"30_CR9","doi-asserted-by":"crossref","unstructured":"Egele, M., Brumley, D., Fratantonio, Y., Kruegel, C.: An empirical study of cryptographic misuse in Android applications. In: Proceedings of the 2013 ACM Conference on Computer and Communications Security (CCS), pp. 73\u201384. ACM (2013)","DOI":"10.1145\/2508859.2516693"},{"key":"30_CR10","doi-asserted-by":"crossref","unstructured":"Fahl, S., Harbach, M., Muders, T., Baumg\u00e4rtner, L., Freisleben, B., Smith, M.: Why Eve and Mallory love Android: an analysis of Android SSL (in) security. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS), pp. 50\u201361. ACM (2012)","DOI":"10.1145\/2382196.2382205"},{"key":"30_CR11","volume-title":"Statistical Methods for Rates and Proportions","author":"JL Fleiss","year":"2013","unstructured":"Fleiss, J.L., Levin, B., Paik, M.C.: Statistical Methods for Rates and Proportions. Wiley, New York (2013)"},{"key":"30_CR12","doi-asserted-by":"crossref","unstructured":"Hubbard, J., Weimer, K., Chen, Y.: A study of SSL proxy attacks on Android and iOS mobile applications. In: Proceedings of IEEE 11th Consumer Communications and Networking Conference (CCNC), pp. 86\u201391. IEEE (2014)","DOI":"10.1109\/CCNC.2014.6866553"},{"key":"30_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1007\/978-3-319-98989-1_9","volume-title":"Computer Security","author":"J Liu","year":"2018","unstructured":"Liu, J., Ma, J., Zhou, W., Xiang, Y., Huang, X.: Dissemination of authenticated tree-structured data with privacy protection and fine-grained control in outsourced databases. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 167\u2013186. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-98989-1_9"},{"key":"30_CR14","unstructured":"Juels, A., Triandopoulos, N., Van Dijk, M.E., Rivest, R.: Methods and apparatus for silent alarm channels using one-time passcode authentication tokens. US Patent 9,515,989 (2016)"},{"issue":"8","key":"30_CR15","first-page":"68","volume":"32","author":"G Karypis","year":"1999","unstructured":"Karypis, G., Han, E.H., Kumar, V.: Chameleon: hierarchical clustering using dynamic modeling. J. Comput. 32(8), 68\u201375 (1999)","journal-title":"J. Comput."},{"key":"30_CR16","doi-asserted-by":"crossref","unstructured":"Koch, W., Chaabane, A., Egele, M., Robertson, W., Kirda, E.: Semi-automated discovery of server-based information oversharing vulnerabilities in Android applications. In: Proceedings of the 26th ACM International Symposium on Software Testing and Analysis (ISSTA), pp. 147\u2013157. ACM (2017)","DOI":"10.1145\/3092703.3092708"},{"key":"30_CR17","unstructured":"Kohavi, R., et al.: A study of cross-validation and bootstrap for accuracy estimation and model selection. In: IJCAI, Montreal, Canada, vol. 14, pp. 1137\u20131145 (1995)"},{"issue":"11","key":"30_CR18","doi-asserted-by":"publisher","first-page":"770","DOI":"10.1145\/358790.358797","volume":"24","author":"L Lamport","year":"1981","unstructured":"Lamport, L.: Password authentication with insecure communication. J. Commun. ACM 24(11), 770\u2013772 (1981)","journal-title":"J. Commun. ACM"},{"key":"30_CR19","unstructured":"Li, Z., et al.: SySeVr: a framework for using deep learning to detect software vulnerabilities. arXiv preprint arXiv:1807.06756 (2018)"},{"key":"30_CR20","doi-asserted-by":"crossref","unstructured":"Li, Z., et al.: VulDeePecker: a deep learning-based system for vulnerability detection. arXiv preprint arXiv:1801.01681 (2018)","DOI":"10.14722\/ndss.2018.23158"},{"key":"30_CR21","unstructured":"Linkola, S., et al.: A feature-based call graph distance measure for program similarity analysis (2016)"},{"key":"30_CR22","doi-asserted-by":"crossref","unstructured":"Lo, D., Cheng, H., Han, J., Khoo, S.C., Sun, C.: Classification of software behaviors for failure detection: a discriminative pattern mining approach. In: Proceedings of the 15th ACM International Conference on Knowledge Discovery and Data Mining (KDD), pp. 557\u2013566. ACM (2009)","DOI":"10.1145\/1557019.1557083"},{"key":"30_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1007\/978-3-319-66399-9_13","volume-title":"Computer Security \u2013 ESORICS 2017","author":"S Ma","year":"2017","unstructured":"Ma, S., Thung, F., Lo, D., Sun, C., Deng, R.H.: VuRLE: automatic vulnerability detection and repair by learning from examples. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 229\u2013246. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66399-9_13"},{"key":"30_CR24","doi-asserted-by":"crossref","unstructured":"Sivakorn, S., Argyros, G., Pei, K., Keromytis, A.D., Jana, S.: HVLearn: automated black-box analysis of hostname verification in SSL\/TLS implementations. In: Proceedings of 2017 IEEE Symposium on Security and Privacy (SP), pp. 521\u2013538. IEEE (2017)","DOI":"10.1109\/SP.2017.46"},{"key":"30_CR25","doi-asserted-by":"crossref","unstructured":"Sounthiraraj, D., Sahs, J., Greenwood, G., Lin, Z., Khan, L.: SMV-hunter: large scale, automated detection of SSL\/TLS man-in-the-middle vulnerabilities in Android apps. In: Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS). Citeseer (2014)","DOI":"10.14722\/ndss.2014.23205"},{"key":"30_CR26","doi-asserted-by":"crossref","unstructured":"Stone, C.M., Chothia, T., Garcia, F.D.: Spinner: semi-automatic detection of pinning without hostname verification. In: Proceedings of the 33rd ACM Annual Computer Security Applications Conference (ACSAC), pp. 176\u2013188. ACM (2017)","DOI":"10.1145\/3134600.3134628"},{"key":"30_CR27","doi-asserted-by":"crossref","unstructured":"Vall\u00e9e-Rai, R. Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot: a Java bytecode optimization framework. In: CASCON First Decade High Impact Papers, pp. 214\u2013224. IBM Corp. (2010)","DOI":"10.1145\/1925805.1925818"},{"key":"30_CR28","unstructured":"Weiser, M.: Program slicing. In: Proceedings of the 5th International Conference on Software Engineering (ICSE), pp. 439\u2013449. IEEE Press (1981)"},{"key":"30_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-319-69471-9_2","volume-title":"Cyberspace Safety and Security","author":"B Xiong","year":"2017","unstructured":"Xiong, B., Xiang, G., Du, T., He, J.S., Ji, S.: Static taint analysis method for intent injection vulnerability in Android applications. In: Wen, S., Wu, W., Castiglione, A. (eds.) CSS 2017. LNCS, vol. 10581, pp. 16\u201331. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-69471-9_2"},{"issue":"2","key":"30_CR30","doi-asserted-by":"publisher","first-page":"578","DOI":"10.1109\/TCE.2004.1309428","volume":"50","author":"CC Yang","year":"2004","unstructured":"Yang, C.C., Yang, H.W., Wang, R.C.: Cryptanalysis of security enhancement for the timestamp-based password authentication scheme using smart cards. IEEE Trans. Consum. Electron. 50(2), 578\u2013579 (2004)","journal-title":"IEEE Trans. Consum. Electron."},{"key":"30_CR31","doi-asserted-by":"crossref","unstructured":"Zuo, C., Zhao, Q., Lin, Z.: AUTHScope: towards automatic discovery of vulnerable authorizations in online services. In: Proceedings of the 2017 ACM Conference on Computer and Communications Security (CCS), pp. 799\u2013813. ACM (2017)","DOI":"10.1145\/3133956.3134089"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2019"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-29959-0_30","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,15]],"date-time":"2024-09-15T00:07:43Z","timestamp":1726358863000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-29959-0_30"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030299583","9783030299590"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-29959-0_30","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"15 September 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 September 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 September 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/conf.laas.fr\/esorics\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"344","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"67","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}