{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,15]],"date-time":"2026-06-15T23:55:43Z","timestamp":1781567743571,"version":"3.54.5"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032195661","type":"print"},{"value":"9783032195678","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-19567-8_7","type":"book-chapter","created":{"date-parts":[[2026,6,15]],"date-time":"2026-06-15T23:38:05Z","timestamp":1781566685000},"page":"133-161","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Cryptographic Binding Should Not Be Optional: A Formal-Methods Analysis of\u00a0FIDO UAF Channel Binding"],"prefix":"10.1007","author":[{"given":"Enis","family":"Golaszewski","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Alan T.","family":"Sherman","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Edward","family":"Zieglar","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jonathan D.","family":"Fuchs","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sophia","family":"Hamer","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2026,5,1]]},"reference":[{"key":"7_CR1","unstructured":"Alliance, F.: FIDO alliance member companies and organizations, January 2023. https:\/\/fidoalliance.org\/members\/"},{"key":"7_CR2","unstructured":"Alliance, F.: FIDO certified products, January 2023. https:\/\/fidoalliance.org\/certification\/fido-certified-products\/"},{"key":"7_CR3","doi-asserted-by":"publisher","unstructured":"Altman, J.E., Zhu, L., Williams, N.: Channel bindings for TLS. RFC 5929, July 2010. https:\/\/doi.org\/10.17487\/RFC5929. https:\/\/rfc-editor.org\/rfc\/rfc5929.txt","DOI":"10.17487\/RFC5929"},{"key":"7_CR4","unstructured":"Baghdasaryan, D., Balfanz, D., Hill, B., Hodges, J., Yang, K.: FIDO UAF protocol specification v1.2. Technical report, FIDO Alliance (2020)"},{"key":"7_CR5","unstructured":"Baghdasaryan, D., Hill, B., Sasson, R., Hodges, J., Yang, K.: FIDO UAF authenticator-specific module API (2022)"},{"key":"7_CR6","unstructured":"Balfanz, D., Hamilton, R.: Transport Layer Security (TLS) Channel IDs, June 2013. https:\/\/datatracker.ietf.org\/doc\/draft-balfanz-tls-channelid\/01\/. Work in Progress"},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Barbosa, M., Boldyreva, A., Chen, S., Warinschi, B.: Provable security analysis of FIDO2. In: Annual International Cryptology Conference, pp. 125\u2013156. Springer (2021)","DOI":"10.1007\/978-3-030-84252-9_5"},{"key":"7_CR8","doi-asserted-by":"publisher","unstructured":"Bhandary, P., Zieglar, E., Nicholas, C.: Searching for selfie in TLS 1.3 with the cryptographic protocol shapes analyzer. In: Dougherty, D., Meseguer, J., M\u00f6dersheim, S.A., Rowe, P.D. (eds.) Protocols, Strands, and Logic - Essays Dedicated to Joshua Guttman on the Occasion of his 66th Birthday. LNCS, vol. 13066, pp. 50\u201376. Springer (2021). https:\/\/doi.org\/10.1007\/978-3-030-91631-2_3","DOI":"10.1007\/978-3-030-91631-2_3"},{"key":"7_CR9","doi-asserted-by":"crossref","unstructured":"B\u00fcttner, A., Gruschka, N.: Protecting FIDO extensions against man-in-the-middle attacks. In: Emerging Technologies for Authorization and Authentication: 5th International Workshop, ETAA 2022, Copenhagen, Denmark, 30 September 2022, Revised Selected Papers, pp. 70\u201387. Springer, Berlin, Germany (2023)","DOI":"10.1007\/978-3-031-25467-3_5"},{"issue":"4","key":"7_CR10","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MCOMSTD.001.1900020","volume":"3","author":"DW Chadwick","year":"2019","unstructured":"Chadwick, D.W., Laborde, R., Oglaza, A., Venant, R., Wazan, S., Nijjar, M.: Improved identity management with verifiable credentials and FIDO. IEEE Commun. Stand. Mag. 3(4), 14\u201320 (2019)","journal-title":"IEEE Commun. Stand. Mag."},{"issue":"1","key":"7_CR11","first-page":"159","volume":"16","author":"CJ Chae","year":"2018","unstructured":"Chae, C.J., Cho, H.J., Jung, H.M.: Authentication method using multiple biometric information in FIDO environment. J. Digit. Convergence 16(1), 159\u2013164 (2018)","journal-title":"J. Digit. Convergence"},{"key":"7_CR12","doi-asserted-by":"publisher","unstructured":"Coker, G., et al.: Principles of remote attestation. Int. J. Inf. Sec. 10(2), 63\u201381 (2011). https:\/\/doi.org\/10.1007\/S10207-011-0124-7","DOI":"10.1007\/S10207-011-0124-7"},{"issue":"2","key":"7_CR13","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","volume":"29","author":"D Dolev","year":"1983","unstructured":"Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198\u2013208 (1983). https:\/\/doi.org\/10.1109\/TIT.1983.1056650","journal-title":"IEEE Trans. Inf. Theory"},{"key":"7_CR14","unstructured":"eBay: eBay FIDO UAF Implementation (2022). https:\/\/github.com\/eBay\/UAF. Accessed 31 Mar 2023"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Feng, H., Li, H., Pan, X., Zhao, Z., Cactilab, T.: A formal analysis of the FIDO UAF protocol. In: Proceedings of 28th Network And Distributed System Security Symposium (NDSS) (2021)","DOI":"10.14722\/ndss.2021.24363"},{"key":"7_CR16","unstructured":"Fuchs, J., Hamer, S., Liu, D.: A man-in-the-middle attack on the FIDO UAF registration protocol. In: CMSC-691 Special Topics: Cybersecurity Research (INSuRE) Course Project, CSEE Department, UMBC (2022, unpublished manuscript)"},{"key":"7_CR17","unstructured":"Golaszewski, E., Sherman, A.T., Zieglar, E., Fuchs, J.D., Hamer, S.: Cryptographic binding should not be optional: a formal-methods analysis of FIDO UAF channel binding. arXiv preprint http:\/\/arxiv.org\/abs\/2511.06028 (2025)"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"Golaszewski, E., Zieglar, E., Sherman, A.T., Elsaad, K.A., Fuchs, J.: Limitations of wrapping protocols and TLS channel bindings: formal-methods analysis of the Session Binding Proxy protocol. CSEE Department, UMBC, March 2024. Unpublished manuscript","DOI":"10.1007\/978-3-031-87541-0_5"},{"key":"7_CR19","doi-asserted-by":"crossref","unstructured":"Guan, J., Li, H., Ye, H., Zhao, Z.: A formal analysis of the FIDO2 protocols. In: European Symposium on Research in Computer Security, pp. 3\u201321. Springer (2022)","DOI":"10.1007\/978-3-031-17143-7_1"},{"issue":"4","key":"7_CR20","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1145\/54289.871709","volume":"22","author":"N Hardy","year":"1988","unstructured":"Hardy, N.: The confused deputy: (or why capabilities might have been invented). ACM SIGOPS Oper. Syst. Rev. 22(4), 36\u201338 (1988)","journal-title":"ACM SIGOPS Oper. Syst. Rev."},{"key":"7_CR21","unstructured":"Hill, B., Balfanz, D., Baghdasaryan, D.: FIDO AppID and facet specification. Technical report, FIDO Alliance (2018)"},{"issue":"12","key":"7_CR22","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1109\/CC.2016.7897543","volume":"13","author":"K Hu","year":"2016","unstructured":"Hu, K., Zhang, Z.: Security analysis of an attractive online authentication standard: FIDO UAF protocol. China Commun. 13(12), 189\u2013198 (2016)","journal-title":"China Commun."},{"key":"7_CR23","unstructured":"UPA Lab: PAL GitHub repository, April 2023. https:\/\/tinyurl.com\/3d2wnhuf"},{"issue":"2","key":"7_CR24","first-page":"66","volume":"16","author":"E Lanus","year":"2017","unstructured":"Lanus, E., Zieglar, E.: Analysis of a forced-latency defense against man-in-the-middle attacks. J. Inf. Warfare 16(2), 66\u201378 (2017)","journal-title":"J. Inf. Warfare"},{"key":"7_CR25","doi-asserted-by":"crossref","unstructured":"Liskov, M., Rowe, P., Thayer, J.: Completeness of CPSA. Technical report, MITRE (2011). https:\/\/www.mitre.org\/sites\/default\/files\/pdf\/12_0038.pdf","DOI":"10.21236\/ADA562264"},{"key":"7_CR26","unstructured":"Liskov, M.D., Ramsdell, J.D., Guttman, J.D., Rowe, P.D.: The cryptographic protocol shapes analyzer: a manual. The MITRE Corporation (2016)"},{"key":"7_CR27","doi-asserted-by":"crossref","unstructured":"Lodderstedt, T., Bradley, J., Labunets, A., Fett, D.: RFC 9700: Best current practice for OAuth 2.0 security (2025)","DOI":"10.17487\/RFC9700"},{"key":"7_CR28","doi-asserted-by":"crossref","unstructured":"Loutfi, I., J\u00f8sang, A.: FIDO trust requirements. In: Nordic Conference on Secure IT Systems, pp. 139\u2013155. Springer, Berlin, Germany (2015)","DOI":"10.1007\/978-3-319-26502-5_10"},{"key":"7_CR29","doi-asserted-by":"crossref","unstructured":"Lowe, G.: A hierarchy of authentication specifications. In: Proceedings 10th Computer Security Foundations Workshop, pp. 31\u201343. IEEE (1997)","DOI":"10.1109\/CSFW.1997.596782"},{"key":"7_CR30","doi-asserted-by":"publisher","unstructured":"Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993\u2013999 (1978). https:\/\/doi.org\/10.1145\/359657.359659","DOI":"10.1145\/359657.359659"},{"key":"7_CR31","doi-asserted-by":"crossref","unstructured":"Panos, C., Malliaros, S., Ntantogian, C., Panou, A., Xenakis, C.: A security evaluation of FIDO\u2019s UAF protocol in mobile and embedded devices. In: International Tyrrhenian Workshop on Digital Communication, pp. 127\u2013142. Springer, Berlin, Germany (2017)","DOI":"10.1007\/978-3-319-67639-5_11"},{"key":"7_CR32","doi-asserted-by":"crossref","unstructured":"Pereira, O., Rochet, F., Wiedling, C.: Formal analysis of the FIDO 1.x protocol. In: Foundations and Practice of Security: 10th International Symposium, FPS 2017, Nancy, France, 23\u201325 October 2017, Revised Selected Papers 10, pp. 68\u201382. Springer, Berlin, Germany (2018)","DOI":"10.1007\/978-3-319-75650-9_5"},{"key":"7_CR33","doi-asserted-by":"publisher","unstructured":"Popov, A., Nystrom, M., Balfanz, D., Langley, A., Hodges, J.: The Token Binding Protocol Version 1.0. RFC 8471, October 2018. https:\/\/doi.org\/10.17487\/RFC8471. https:\/\/rfc-editor.org\/rfc\/rfc8471.txt","DOI":"10.17487\/RFC8471"},{"key":"7_CR34","unstructured":"Rescorla, E.: SSL and TLS: Designing and Building Secure Systems. Addison-Wesley (2001)"},{"key":"7_CR35","doi-asserted-by":"crossref","unstructured":"Sherman, A.T., et al.: Formal methods analysis of the secure remote password protocol. In: Logic, Language, and Security, pp. 103\u2013126. Springer (2020)","DOI":"10.1007\/978-3-030-62077-6_9"},{"key":"7_CR36","unstructured":"Ulqinaku, E., Assal, H., Abdou, A., Chiasson, S., Capkun, S.: Is real-time phishing eliminated with FIDO? Social engineering downgrade attacks against FIDO protocols. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 3811\u20133828. USENIX Association, Berkley, CA, August 2021. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/ulqinaku"},{"key":"7_CR37","doi-asserted-by":"publisher","unstructured":"Whited, S.: Channel Bindings for TLS 1.3. RFC 9266, July 2022. https:\/\/doi.org\/10.17487\/RFC9266. https:\/\/www.rfc-editor.org\/info\/rfc9266","DOI":"10.17487\/RFC9266"}],"container-title":["Lecture Notes in Computer Science","Security Standardisation Research"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-19567-8_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,6,15]],"date-time":"2026-06-15T23:38:12Z","timestamp":1781566692000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-19567-8_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032195661","9783032195678"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-19567-8_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 May 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SSR","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Research in Security Standardisation","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Passau","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 December 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 December 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ssr2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.uni-passau.de\/ssr2025","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}