{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T21:42:28Z","timestamp":1757626948361,"version":"3.44.0"},"publisher-location":"Cham","reference-count":52,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031944475"},{"type":"electronic","value":"9783031944482"}],"license":[{"start":{"date-parts":[[2025,9,1]],"date-time":"2025-09-01T00:00:00Z","timestamp":1756684800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,9,1]],"date-time":"2025-09-01T00:00:00Z","timestamp":1756684800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-031-94448-2_12","type":"book-chapter","created":{"date-parts":[[2025,8,31]],"date-time":"2025-08-31T19:08:14Z","timestamp":1756667294000},"page":"224-247","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["TEE-Receipt: A TEE-Based Non-repudiation Framework for\u00a0Web Applications"],"prefix":"10.1007","author":[{"given":"Mahmoud","family":"Hofny","sequence":"first","affiliation":[]},{"given":"Lianying","family":"Zhao","sequence":"additional","affiliation":[]},{"given":"Mohammad","family":"Mannan","sequence":"additional","affiliation":[]},{"given":"Amr","family":"Youssef","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,9,1]]},"reference":[{"key":"12_CR1","unstructured":"Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol.\u00a013. ACM New York, NY, USA (2013)"},{"key":"12_CR2","unstructured":"Barboza, D.: Online brokers fined millions in fraud case (2003). http:\/\/www.nytimes.com\/2003\/01\/15\/business\/online-brokers-finedmillions-in-fraud-case.html"},{"key":"12_CR3","unstructured":"Bluehost: Web hosting (2024). https:\/\/www.bluehost.com\/hosting\/shared"},{"key":"12_CR4","doi-asserted-by":"publisher","unstructured":"Boeyen, S., Santesson, S., Polk, T., Housley, R., Farrell, S., Cooper, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280, May 2008. https:\/\/doi.org\/10.17487\/RFC5280, https:\/\/www.rfc-editor.org\/info\/rfc5280","DOI":"10.17487\/RFC5280"},{"key":"12_CR5","doi-asserted-by":"publisher","unstructured":"Borisov, N., Goldberg, I., Brewer, E.: Off-the-record communication, or, why not to use PGP. In: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, WPES \u201904, pp. 77\u201384. , Association for Computing Machinery, New York, NY, USA (2004). https:\/\/doi.org\/10.1145\/1029179.1029200","DOI":"10.1145\/1029179.1029200"},{"key":"12_CR6","doi-asserted-by":"crossref","unstructured":"Capkun, S., Ozturk, E., Tsudik, G., W\u00fcst, K.: ROSEN: RObust and SElective Non-repudiation (for TLS). In: Proceedings of the 2021 on Cloud Computing Security Workshop, pp. 97\u2013109 (2021)","DOI":"10.1145\/3474123.3486763"},{"issue":"1","key":"12_CR7","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1145\/232335.232338","volume":"26","author":"T Coffey","year":"1996","unstructured":"Coffey, T., Saidha, P.: Non-repudiation with mandatory proof of receipt. ACM SIGCOMM Comput. Commun. Rev. 26(1), 6\u201317 (1996)","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"12_CR8","unstructured":"Goolge Corporation: Chrome extension development: Get started (2022). https:\/\/developer.chrome.com\/docs\/extensions\/mv3\/getstarted\/"},{"key":"12_CR9","unstructured":"Intel Corporation: Intel software guard extensions (Intel SGX) (2022). https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/tools\/software-guard-extensions\/overview.html"},{"key":"12_CR10","unstructured":"Canadian Centre for Cyber Security: Security considerations when developing and managing your website (ITSAP.60.005) (2021). https:\/\/www.cyber.gc.ca\/en\/guidance\/security-considerations-when-developing-and-managing-your-website-itsap60005"},{"key":"12_CR11","unstructured":"WPMU DEV: Forminator (2023). https:\/\/wordpress.org\/plugins\/forminator\/"},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"Dietrich, C., Krombholz, K., Borgolte, K., Fiebig, T.: Investigating system operators\u2019 perspective on security misconfigurations. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1272\u20131289 (2018)","DOI":"10.1145\/3243734.3243794"},{"key":"12_CR13","doi-asserted-by":"crossref","unstructured":"Dworkin, M.J.: SP 800-38b. Recommendation for block cipher modes of operation: the CMAC mode for authentication (2005)","DOI":"10.6028\/NIST.SP.800-38b-2005"},{"key":"12_CR14","unstructured":"Fortinet: 7 common web security threats for an enterprise (2023). https:\/\/www.fortinet.com\/resources\/cyberglossary\/web-security-threats"},{"key":"12_CR15","unstructured":"Fortinet: What is an insider threat? (2023). https:\/\/www.fortinet.com\/resources\/cyberglossary\/insider-threats"},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Greitzer, F.L.: Insider threats: it\u2019s the human, stupid! In: Proceedings of the Northwest Cybersecurity Symposium, pp.\u00a01\u20138 (2019)","DOI":"10.1145\/3332448.3332458"},{"issue":"6","key":"12_CR17","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1109\/MSP.2016.124","volume":"14","author":"S Gueron","year":"2016","unstructured":"Gueron, S.: Memory encryption for general-purpose processors. IEEE Secur. Priv. 14(6), 54\u201362 (2016)","journal-title":"IEEE Secur. Priv."},{"key":"12_CR18","doi-asserted-by":"crossref","unstructured":"Gunn, L., Parra, R.V., Asokan, N.: Circumventing cryptographic deniability with remote attestation. In: Privacy Enhancing Technologies Symposium, pp. 350\u2013369. De Gruyter (2019)","DOI":"10.2478\/popets-2019-0051"},{"issue":"2","key":"12_CR19","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1109\/MSP.2006.50","volume":"4","author":"A Hiltgen","year":"2006","unstructured":"Hiltgen, A., Kramp, T., Weigold, T.: Secure internet banking authentication. IEEE Secur. Priv. 4(2), 21\u201329 (2006)","journal-title":"IEEE Secur. Priv."},{"issue":"2","key":"12_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3303771","volume":"52","author":"I Homoliak","year":"2019","unstructured":"Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., Ochoa, M.: Insight into insiders and it: a survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Comput. Surv. (CSUR) 52(2), 1\u201340 (2019)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"12_CR21","unstructured":"Hostinger: Web hosting (2024). https:\/\/www.hostinger.com\/web-hosting"},{"key":"12_CR22","unstructured":"Jahanshahi, R., Azad, B.A., Nikiforakis, N., Egele, M.: Minimalist: semi-automated debloating of PHP web applications through static analysis. In: 32nd USENIX Security Symposium (USENIX Security 23), Anaheim, CA, August 2023, pp. 5557\u20135573. USENIX Association (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/jahanshahi"},{"key":"12_CR23","doi-asserted-by":"publisher","unstructured":"Jang, D., Jhala, R., Lerner, S., Shacham, H.: An empirical study of privacy-violating information flows in JavaScript web applications. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 270\u2013283. Association for Computing Machinery, New York, NY, USA (2010). https:\/\/doi.org\/10.1145\/1866307.1866339","DOI":"10.1145\/1866307.1866339"},{"key":"12_CR24","doi-asserted-by":"publisher","first-page":"25383","DOI":"10.1109\/ACCESS.2020.2970270","volume":"8","author":"V Jesus","year":"2020","unstructured":"Jesus, V.: Towards an accountable web of personal information: the web-of-receipts. IEEE Access 8, 25383\u201325394 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.2970270","journal-title":"IEEE Access"},{"key":"12_CR25","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/s102070100002","volume":"1","author":"D Johnson","year":"2001","unstructured":"Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1, 36\u201363 (2001)","journal-title":"Int. J. Inf. Secur."},{"key":"12_CR26","unstructured":"Jotform: Jotform official website (2024). https:\/\/www.jotform.com\/"},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"Kamel, M., Boudaoud, K., Resondry, S., Riveill, M.: A low-energy consuming and user-centric security management architecture adapted to mobile environments. In: 12th IFIP\/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops, pp. 722\u2013725. IEEE (2011)","DOI":"10.1109\/INM.2011.5990665"},{"key":"12_CR28","doi-asserted-by":"crossref","unstructured":"Kammueller, F., Kerber, M., Probst, C.W.: Towards formal analysis of insider threats for auctions. In: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, pp. 23\u201334 (2016)","DOI":"10.1145\/2995959.2995963"},{"key":"12_CR29","doi-asserted-by":"crossref","unstructured":"Krawiecka, K., Kurnikov, A., Paverd, A., Mannan, M., Asokan, N.: SafeKeeper: protecting web passwords using trusted execution environments. In: Proceedings of the 2018 World Wide Web Conference, pp. 349\u2013358 (2018)","DOI":"10.1145\/3178876.3186101"},{"issue":"17","key":"12_CR30","doi-asserted-by":"publisher","first-page":"1606","DOI":"10.1016\/S0140-3664(02)00049-X","volume":"25","author":"S Kremer","year":"2002","unstructured":"Kremer, S., Markowitch, O., Zhou, J.: An intensive survey of fair non-repudiation protocols. Comput. Commun. 25(17), 1606\u20131621 (2002)","journal-title":"Comput. Commun."},{"key":"12_CR31","doi-asserted-by":"crossref","unstructured":"Kul, G., Upadhyaya, S.: A preliminary cyber ontology for insider threats in the financial sector. In: Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, pp. 75\u201378 (2015)","DOI":"10.1145\/2808783.2808793"},{"key":"12_CR32","doi-asserted-by":"crossref","unstructured":"Kurnikov, A., Paverd, A., Mannan, M., Asokan, N.: Keys in the clouds: auditable multi-device access to cryptographic credentials. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, pp. 1\u201310 (2018)","DOI":"10.1145\/3230833.3234518"},{"key":"12_CR33","doi-asserted-by":"publisher","unstructured":"Lekies, S., Kotowicz, K., Gro\u00df, S., Vela\u00a0Nava, E.A., Johns, M.: Code-reuse attacks for the web: breaking cross-site scripting mitigations via script gadgets. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 1709\u20131723. Association for Computing Machinery, New York, (2017). https:\/\/doi.org\/10.1145\/3133956.3134091","DOI":"10.1145\/3133956.3134091"},{"key":"12_CR34","unstructured":"LittleData: What is the average server response time? (2023). https:\/\/lp.littledata.io\/average\/server-response-time"},{"key":"12_CR35","unstructured":"Login, T.M.: Theme my login (2023). https:\/\/wordpress.org\/plugins\/theme-my-login\/"},{"key":"12_CR36","doi-asserted-by":"crossref","unstructured":"Naderi-Afooshteh, A., Kwon, Y., Nguyen-Tuong, A., Razmjoo-Qalaei, A., Zamiri-Gourabi, M.R., Davidson, J.W.: MalMax: multi-aspect execution for automated dynamic web server malware analysis. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1849\u20131866 (2019)","DOI":"10.1145\/3319535.3363199"},{"key":"12_CR37","doi-asserted-by":"crossref","unstructured":"Resondry, S., Boudaoud, K., Kamel, M., Bertrand, Y., Riveill, M.: An alternative version of https to provide non-repudiation security property. In: 2014 International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 536\u2013541. IEEE (2014)","DOI":"10.1109\/IWCMC.2014.6906413"},{"key":"12_CR38","unstructured":"Rijmen, V., Daemen, J.: Advanced encryption standard. In: Proceedings of Federal Information Processing Standards Publications. National Institute of Standards and Technology, vol. 19, p. 22 (2001)"},{"key":"12_CR39","doi-asserted-by":"crossref","unstructured":"Ritzdorf, H., W\u00fcst, K., Gervais, A., Felley, G., Capkun, S.: TLS-N: non-repudiation over TLS enabling-ubiquitous content signing for disintermediation. Cryptology ePrint Archive (2017)","DOI":"10.14722\/ndss.2018.23272"},{"key":"12_CR40","doi-asserted-by":"crossref","unstructured":"Sanchez-Avila, C., Sanchez-Reillol, R.: The Rijndael block cipher (AES proposal): a comparison with DES. In: Proceedings IEEE 35th Annual 2001 International Carnahan Conference on Security Technology (Cat. No. 01CH37186), pp. 229\u2013234. IEEE (2001)","DOI":"10.1109\/.2001.962837"},{"key":"12_CR41","doi-asserted-by":"crossref","unstructured":"Schiavone, E., Ceccarelli, A., Bondavalli, A.: Continuous biometric verification for non-repudiation of remote services. In: Proceedings of the 12th International Conference on Availability, Reliability and Security, pp. 1\u201310 (2017)","DOI":"10.1145\/3098954.3098969"},{"key":"12_CR42","doi-asserted-by":"publisher","unstructured":"Schuldt, H.: Web transactions, pp. 3523\u20133524. Springer, Boston (2009). https:\/\/doi.org\/10.1007\/978-0-387-39940-9_731","DOI":"10.1007\/978-0-387-39940-9_731"},{"key":"12_CR43","doi-asserted-by":"publisher","unstructured":"Shan, S., Bhagoji, A.N., Zheng, H., Zhao, B.Y.: Patch-based defenses against web fingerprinting attacks. In: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, AISec \u201921, pp. 97\u2013109. Association for Computing Machinery, New York (2021). https:\/\/doi.org\/10.1145\/3474369.3486875","DOI":"10.1145\/3474369.3486875"},{"key":"12_CR44","unstructured":"Arm Technologies: TrustZone for Cortex-A (2022). https:\/\/www.arm.com\/technologies\/trustzone-for-cortex-a"},{"key":"12_CR45","unstructured":"WordPress: Projects (2023). https:\/\/wordpressfoundation.org"},{"key":"12_CR46","unstructured":"WordPress: WordPress official website (2023). https:\/\/wordpress.org"},{"key":"12_CR47","unstructured":"WordPress: Hosting (2024). https:\/\/wordpress.org\/hosting\/"},{"key":"12_CR48","unstructured":"WPForms: WPForms plugin page (2023). https:\/\/wordpress.org\/plugins\/wpforms-lite\/"},{"key":"12_CR49","unstructured":"Yang, Z., Allen, J., Landen, M., Perdisci, R., Lee, W.: TRIDENT: towards detecting and mitigating web-based social engineering attacks. In: 32nd USENIX Security Symposium (USENIX Security 23), August 2023, pp. 6701\u20136718. USENIX Association, Anaheim, CA (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/yang-zheng"},{"key":"12_CR50","unstructured":"Yao, M., Fuller, J., Kasturi, R.P., Agarwal, S., Sikder, A.K., Saltaformaggio, B.: Hiding in plain sight: an empirical study of web application abuse in malware. In: 32nd USENIX Security Symposium (USENIX Security 23), Anaheim, CA, August 2023, pp. 6115\u20136132. USENIX Association (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/yao-mingxuan"},{"key":"12_CR51","doi-asserted-by":"crossref","unstructured":"Yasinsac, A.: Insider threats to voting systems. In: Proceedings of the 2010 Workshop on Governance of Technology, Information and Policies, pp.\u00a01\u20138 (2010)","DOI":"10.1145\/1920320.1920321"},{"issue":"10","key":"12_CR52","doi-asserted-by":"publisher","first-page":"844","DOI":"10.1093\/comjnl\/39.10.844","volume":"39","author":"N Zhang","year":"1996","unstructured":"Zhang, N., Shi, Q.: Achieving non-repudiation of receipt. Comput. J. 39(10), 844\u2013853 (1996)","journal-title":"Comput. J."}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-94448-2_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T00:19:46Z","timestamp":1757463586000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-94448-2_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,1]]},"ISBN":["9783031944475","9783031944482"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-94448-2_12","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2025,9,1]]},"assertion":[{"value":"1 September 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SecureComm","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security and Privacy in Communication Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Dubai","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Arab Emirates","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"securecomm2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/securecomm.eai-conferences.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}