{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:34:00Z","timestamp":1760747640241,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":45,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032078933","type":"print"},{"value":"9783032078940","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:00:00Z","timestamp":1760745600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:00:00Z","timestamp":1760745600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-07894-0_7","type":"book-chapter","created":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T19:06:40Z","timestamp":1760728000000},"page":"124-143","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["PUSH for\u00a0Security: A PUF-Based Protocol to\u00a0Prevent Session Hijacking"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9847-7656","authenticated-orcid":false,"given":"Emiliia","family":"Geloczi","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0181-7648","authenticated-orcid":false,"given":"Nico","family":"Mexis","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0005-3608-874X","authenticated-orcid":false,"given":"Stefan","family":"Katzenbeisser","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,18]]},"reference":[{"key":"7_CR1","doi-asserted-by":"publisher","unstructured":"Ahmed, A.A., Ahmed, W.A.: An Effective multifactor authentication mechanism based on combiners of hash function over internet things. Sensors 19(17) (2019). https:\/\/doi.org\/10.3390\/s19173663","DOI":"10.3390\/s19173663"},{"key":"7_CR2","doi-asserted-by":"publisher","unstructured":"Al-Sadi, M., Di Pietro, R., Lombardi, F., Signorini, M.: LENTO: Unpredictable Latency-based continuous authEntication for Network inTensive IoT envirOnments. Future Gener. Comput. Syst. 139, 151\u2013166 (2023). https:\/\/doi.org\/10.1016\/j.future.2022.09.023","DOI":"10.1016\/j.future.2022.09.023"},{"key":"7_CR3","doi-asserted-by":"publisher","unstructured":"Aljrees, T., Kumar, A., Singh, K.U., Singh, T.: Enhancing IoT security through a green and sustainable federated learning platform: leveraging efficient encryption and the quondam signature algorithm. Sensors 23(19) (2023). https:\/\/doi.org\/10.3390\/s23198090","DOI":"10.3390\/s23198090"},{"key":"7_CR4","doi-asserted-by":"publisher","unstructured":"Alshaeri, A., Younis, M.: Distributed hardware-assisted authentication and key agreement protocol for internet of things. In: 2024 IEEE 21st Consumer Communications & Networking Conference (CCNC), pp. 152\u2013158 (2024). https:\/\/doi.org\/10.1109\/CCNC51664.2024.10454706","DOI":"10.1109\/CCNC51664.2024.10454706"},{"key":"7_CR5","unstructured":"Arduino: Nano 33 BLE Documentation (2025). https:\/\/docs.arduino.cc\/hardware\/nano-33-ble\/"},{"key":"7_CR6","doi-asserted-by":"publisher","unstructured":"Badshah, A., et al.: USAF-IoD: ultralightweight and secure authenticated key agreement framework for internet of drones environment. IEEE Trans. Veh. Technol. 73(8), 10963\u201310977 (2024). https:\/\/doi.org\/10.1109\/TVT.2024.3375758","DOI":"10.1109\/TVT.2024.3375758"},{"key":"7_CR7","doi-asserted-by":"publisher","unstructured":"Barker, E.B., Kelsey, J.M., McKay, K.A., Roginsky, A.L., Turan, M.S.: Recommendation for Random Bit Generator (RBG) Constructions. Tech. Rep. NIST SP 800-90C (Fourth Public Draft), National Institute of Standards and Technology (NIST), Gaithersburg, MD (2024). https:\/\/doi.org\/10.6028\/NIST.SP.800-90C.4pd","DOI":"10.6028\/NIST.SP.800-90C.4pd"},{"key":"7_CR8","doi-asserted-by":"publisher","unstructured":"Barker, E.B., Roginsky, A.L.: Transitioning the use of cryptographic algorithms and key lengths. Tech. Rep. NIST SP 800-131A Rev. 3, National Institute of Standards and Technology (NIST), Gaithersburg, MD (2024). https:\/\/doi.org\/10.6028\/NIST.SP.800-131Ar3.ipd","DOI":"10.6028\/NIST.SP.800-131Ar3.ipd"},{"issue":"9","key":"7_CR9","doi-asserted-by":"publisher","first-page":"22","DOI":"10.5120\/13275-0821","volume":"76","author":"A Bharti Kumar","year":"2013","unstructured":"Bharti Kumar, A., Chaudhary, M.: Prevention of session hijacking and ipspoofing with sensor nodes and cryptographic approach. Int. J. Comput. Appl. 76(9), 22\u201328 (2013). https:\/\/doi.org\/10.5120\/13275-0821","journal-title":"Int. J. Comput. Appl."},{"key":"7_CR10","doi-asserted-by":"publisher","unstructured":"Bugliesi, M., Calzavara, S., Focardi, R., Khan, W.: CookiExt: Patching the browser against session hijacking attacks. J. Comput. Secur. 23(4), 509\u2013537 (2015). https:\/\/doi.org\/10.3233\/jcs-150529","DOI":"10.3233\/jcs-150529"},{"key":"7_CR11","doi-asserted-by":"publisher","unstructured":"Cherupally, S.K., Yin, S., Kadetotad, D., Bae, C., Kim, S.J., Seo, J.s.: A smart hardware security engine combining entropy sources of ECG, HRV, and SRAM PUF for Authentication and Secret Key Generation. IEEE J. Solid-State Circ. 55(10), 2680\u20132690 (2020). https:\/\/doi.org\/10.1109\/JSSC.2020.3010705","DOI":"10.1109\/JSSC.2020.3010705"},{"key":"7_CR12","doi-asserted-by":"publisher","unstructured":"Clark, L.T., Medapuram, S.B., Kadiyala, D.K.: SRAM circuits for true random number generation using intrinsic bit instability. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 26(10), 2027\u20132037 (2018). https:\/\/doi.org\/10.1109\/TVLSI.2018.2840049","DOI":"10.1109\/TVLSI.2018.2840049"},{"key":"7_CR13","doi-asserted-by":"publisher","unstructured":"Dacosta, I., Chakradeo, S., Ahamad, M., Traynor, P.: One-time cookies: Preventing session hijacking attacks with stateless authentication tokens. ACM Trans. Internet Technol. 12(1) (2012). https:\/\/doi.org\/10.1145\/2220352.2220353","DOI":"10.1145\/2220352.2220353"},{"issue":"2","key":"7_CR14","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","volume":"29","author":"D Dolev","year":"1983","unstructured":"Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198\u2013208 (1983). https:\/\/doi.org\/10.1109\/TIT.1983.1056650","journal-title":"IEEE Trans. Inf. Theory"},{"key":"7_CR15","doi-asserted-by":"publisher","unstructured":"D\u2019silva, K., Vanajakshi, J., Manjunath, K.N., Prabhu, S.: An effective method for preventing SQL injection attack and session hijacking. In: 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), pp. 697\u2013701 (2017). https:\/\/doi.org\/10.1109\/RTEICT.2017.8256687","DOI":"10.1109\/RTEICT.2017.8256687"},{"key":"7_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-540-74735-2_5","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2007","author":"J Guajardo","year":"2007","unstructured":"Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63\u201380. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74735-2_5"},{"key":"7_CR17","doi-asserted-by":"publisher","unstructured":"Hemavathy, S., Bhaaskaran, V.S.K.: Arbiter PUF-a review of design, composition, and security aspects. IEEE Access 11, 33979\u201334004 (2023). https:\/\/doi.org\/10.1109\/ACCESS.2023.3264016","DOI":"10.1109\/ACCESS.2023.3264016"},{"key":"7_CR18","first-page":"16","volume":"12","author":"WS Hwang","year":"2022","unstructured":"Hwang, W.S., Shon, J.G., Park, J.S.: Web session hijacking defense technique using user information. HCIS 12, 16 (2022)","journal-title":"HCIS"},{"key":"7_CR19","unstructured":"Kapko, M.: Slack resets passwords en masse after invite link vulnerability. Cybersecurity Dive (2022). https:\/\/www.cybersecuritydive.com\/news\/slack-password-vulnerability\/629026\/. Accessed 04 Jan 2025"},{"issue":"12","key":"7_CR20","doi-asserted-by":"publisher","first-page":"881","DOI":"10.1007\/s11623-012-0295-z","volume":"36","author":"S Katzenbeisser","year":"2012","unstructured":"Katzenbeisser, S., Schaller, A.: Physical unclonable functions: sicherheitseigenschaften und anwendungen. Datenschutz und Datensicherheit - DuD 36(12), 881\u2013885 (2012). https:\/\/doi.org\/10.1007\/s11623-012-0295-z","journal-title":"Datenschutz und Datensicherheit - DuD"},{"key":"7_CR21","doi-asserted-by":"publisher","unstructured":"Kumar, A., Saha, R., Conti, M., Kumar, G., Buchanan, W.J., Kim, T.H.: A comprehensive survey of authentication methods in Internet-of-Things and its conjunctions. J. Netw. Comput. Appl. 204, 103414 (2022). https:\/\/doi.org\/10.1016\/j.jnca.2022.103414","DOI":"10.1016\/j.jnca.2022.103414"},{"key":"7_CR22","doi-asserted-by":"publisher","unstructured":"Kumar\u00a0Baitha, A., Vinod, S.: Session hijacking and prevention technique. Int. J. Eng. Technol. 7(2.6), 193\u2013198 (Mar 2018). https:\/\/doi.org\/10.14419\/ijet.v7i2.6.10566","DOI":"10.14419\/ijet.v7i2.6.10566"},{"key":"7_CR23","unstructured":"Linus Tech Tips: My Channel Was Deleted Last Night (2023). https:\/\/www.youtube.com\/watch?v=yGXaAWbzl5A. Accessed 4 Jan 2025"},{"issue":"4","key":"7_CR24","doi-asserted-by":"publisher","first-page":"2351","DOI":"10.1007\/s11277-020-07153-0","volume":"112","author":"NW Lo","year":"2020","unstructured":"Lo, N.W., Yohan, A.: BLE-Based Authentication Protocol for Micropayment Using Wearable Device. Wirel. Pers. Commun. 112(4), 2351\u20132372 (2020). https:\/\/doi.org\/10.1007\/s11277-020-07153-0","journal-title":"Wirel. Pers. Commun."},{"key":"7_CR25","doi-asserted-by":"publisher","unstructured":"Lounis, K., Zulkernine, M.: T2T-MAP: A PUF-Based Thing-to-Thing Mutual Authentication Protocol for IoT. IEEE Access 9, 137384\u2013137405 (2021). https:\/\/doi.org\/10.1109\/ACCESS.2021.3117444","DOI":"10.1109\/ACCESS.2021.3117444"},{"key":"7_CR26","doi-asserted-by":"publisher","unstructured":"Maes, R.: Physically unclonable functions: properties. In: Physically Unclonable Functions. LNCS, pp. 49\u201380. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-41395-7_3","DOI":"10.1007\/978-3-642-41395-7_3"},{"key":"7_CR27","doi-asserted-by":"publisher","unstructured":"Mall, P., Amin, R., Das, A.K., Leung, M.T., Choo, K.K.R.: PUF-based authentication and key agreement protocols for IoT, WSNs, and smart grids: a comprehensive survey. IEEE Internet Things J. 9(11), 8205\u20138228 (2022). https:\/\/doi.org\/10.1109\/JIOT.2022.3142084","DOI":"10.1109\/JIOT.2022.3142084"},{"key":"7_CR28","doi-asserted-by":"publisher","unstructured":"Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks. Lecture Notes in Computer Science, Springer, Boston, MA (2007). https:\/\/doi.org\/10.1007\/978-0-387-38162-6","DOI":"10.1007\/978-0-387-38162-6"},{"key":"7_CR29","doi-asserted-by":"publisher","unstructured":"Mexis, N.: A Comprehensive Comparison of Fuzzy Extractor Schemes Employing Different Error Correction Codes. M.Sc. Thesis, University of Passau, Passau, Germany (Oct 2023). https:\/\/doi.org\/10.15475\/ccfesedecc.2023","DOI":"10.15475\/ccfesedecc.2023"},{"key":"7_CR30","unstructured":"Microchip Technology Inc.: 23LC512 - 512 Kbit SPI Serial SRAM (2025). https:\/\/www.microchip.com\/en-us\/product\/23lc512#Documentation"},{"key":"7_CR31","unstructured":"Microsoft: CNG DPAPI (Data Protection API). Microsoft Learn. https:\/\/learn.microsoft.com\/de-de\/windows\/win32\/seccng\/cng-dpapi#:~:text=DPAPI%20ist%20Teil%20von%20CryptoAPI,zu%20verschl%C3%BCsseln%20und%20zu%20entschl%C3%BCsseln"},{"key":"7_CR32","unstructured":"Microsoft: Pipes (Interprocess Communications) (2021). https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/ipc\/pipes"},{"key":"7_CR33","unstructured":"Monsen, K., Birgisson, A.: Fighting Cookie Theft Using Device-Bound Keys. https:\/\/blog.chromium.org\/2024\/04\/fighting-cookie-theft-using-device.html (Apr 2024)"},{"key":"7_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-642-19125-1_7","volume-title":"Engineering Secure Software and Systems","author":"N Nikiforakis","year":"2011","unstructured":"Nikiforakis, N., Meert, W., Younan, Y., Johns, M., Joosen, W.: SessionShield: lightweight protection against session hijacking. In: Erlingsson, \u00da., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 87\u2013100. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19125-1_7"},{"key":"7_CR35","doi-asserted-by":"publisher","unstructured":"Ogundele, I.O., Akinade, A.O., Alakiri, H.O.: Detection and prevention of session hijacking in web application management. IJARCCE 9, 1\u201310 (Jun2020). https:\/\/doi.org\/10.17148\/IJARCCE.2020.9601","DOI":"10.17148\/IJARCCE.2020.9601"},{"key":"7_CR36","doi-asserted-by":"publisher","unstructured":"Pothumarti, R., Jain, K., Krishnan, P.: A lightweight authentication scheme for 5G mobile communications: a dynamic key approach. J. Ambient. Intell. Humaniz. Comput. 1\u201319 (2021). https:\/\/doi.org\/10.1007\/s12652-020-02857-4","DOI":"10.1007\/s12652-020-02857-4"},{"key":"7_CR37","doi-asserted-by":"publisher","unstructured":"Prapty, R.T., Azmin\u00a0Md, S., Hossain, S., Narman, H.S.: Preventing session hijacking using encrypted one-time-cookies. In: 2020 Wireless Telecommunications Symposium (WTS). pp.\u00a01\u20136 (2020). https:\/\/doi.org\/10.1109\/WTS48268.2020.9198717","DOI":"10.1109\/WTS48268.2020.9198717"},{"issue":"20","key":"7_CR38","doi-asserted-by":"publisher","first-page":"19744","DOI":"10.1109\/JIOT.2022.3168726","volume":"9","author":"Z Siddiqui","year":"2022","unstructured":"Siddiqui, Z., Gao, J., Khurram Khan, M.: An improved lightweight PUF\u2013PKI digital certificate authentication scheme for the internet of things. IEEE Internet Things J. 9(20), 19744\u201319756 (2022). https:\/\/doi.org\/10.1109\/JIOT.2022.3168726","journal-title":"IEEE Internet Things J."},{"key":"7_CR39","unstructured":"Statista: Beyond Passwords: Biometrics, Multifactor, and Passwordless Authentication. Study (Jul 2023). https:\/\/www.statista.com\/study\/116099\/beyond-passwords-biometrics-multifactor-and-passwordless-authentication\/"},{"key":"7_CR40","unstructured":"Statista: Worldwide digital population (Oct 2024). https:\/\/www.statista.com\/statistics\/617136\/digital-population-worldwide\/"},{"key":"7_CR41","unstructured":"SurfShark: Number of user accounts exposed worldwide from 1st quarter 2020 to 3rd quarter 2024 (in millions). Chart (Oct 2024). https:\/\/www.statista.com\/statistics\/1307426\/number-of-data-breaches-worldwide\/"},{"key":"7_CR42","unstructured":"The Chromium Projects: SPDY: An Experimental Protocol for a Faster Web (2009). https:\/\/www.chromium.org\/spdy\/spdy-whitepaper\/"},{"key":"7_CR43","doi-asserted-by":"publisher","unstructured":"Wang, R., Selimis, G., Maes, R., Goossens, S.: Long-term continuous assessment of SRAM PUF and source of random numbers. In: Proceedings of the 23rd Conference on Design, Automation and Test in Europe, pp. 7\u201312. DATE \u201920, EDA Consortium, San Jose, CA, USA (2020). https:\/\/doi.org\/10.23919\/DATE48585.2020.9116353","DOI":"10.23919\/DATE48585.2020.9116353"},{"key":"7_CR44","unstructured":"Weatherley, R.: Crypto Library for Arduino. Rweather Arduino Libraries. https:\/\/rweather.github.io\/arduinolibs\/crypto.html"},{"key":"7_CR45","doi-asserted-by":"publisher","unstructured":"Zhang, Y., Ge, Y.: Evaluation of microcontroller-based SRAM PUF and the authentication scheme. In: Proceedings of the 4th International Conference on Computer, Internet of Things and Control Engineering, pp. 79\u201386. CITCE \u201924, Association for Computing Machinery, New York, NY, USA (2025). https:\/\/doi.org\/10.1145\/3705677.3705691","DOI":"10.1145\/3705677.3705691"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-07894-0_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T19:06:53Z","timestamp":1760728013000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-07894-0_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,18]]},"ISBN":["9783032078933","9783032078940"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-07894-0_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,18]]},"assertion":[{"value":"18 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.esorics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}