{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T09:51:38Z","timestamp":1743155498081,"version":"3.40.3"},"publisher-location":"Cham","reference-count":41,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319140537"},{"type":"electronic","value":"9783319140544"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-14054-4_11","type":"book-chapter","created":{"date-parts":[[2014,12,10]],"date-time":"2014-12-10T03:39:19Z","timestamp":1418182759000},"page":"167-189","source":"Crossref","is-referenced-by-count":5,"title":["Secure Modular Password Authentication for the Web Using Channel Bindings"],"prefix":"10.1007","author":[{"given":"Mark","family":"Manulis","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Douglas","family":"Stebila","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nick","family":"Denham","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"11_CR1","doi-asserted-by":"crossref","unstructured":"Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor\u2019s new security indicators. In: 2007 IEEE Symposium on Security and Privacy, pp. 51\u201365. IEEE Computer Society Press (2007)","DOI":"10.1109\/SP.2007.35"},{"key":"11_CR2","unstructured":"Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., Cranor, L.F.: Crying wolf: An empirical study of SSL warning effectiveness. In: USENIX Security 2009 (2009)"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: HTTP Authentication: Basic and Digest Access Authentication. RFC 2617 (Draft Standard), Updated by RFC 7235 (1999)","DOI":"10.17487\/rfc2617"},{"key":"11_CR4","unstructured":"Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, pp. 72\u201384. IEEE Computer Society Press (1992)"},{"key":"11_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-45539-6_11","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"M. Bellare","year":"2000","unstructured":"Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol.\u00a01807, pp. 139\u2013155. Springer, Heidelberg (2000)"},{"key":"11_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1007\/11426639_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"R. Canetti","year":"2005","unstructured":"Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol.\u00a03494, pp. 404\u2013421. Springer, Heidelberg (2005)"},{"key":"11_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1007\/978-3-540-79263-5_22","volume-title":"Topics in Cryptology \u2013 CT-RSA 2008","author":"M. Abdalla","year":"2008","unstructured":"Abdalla, M., Catalano, D., Chevalier, C., Pointcheval, D.: Efficient two-party password-based key exchange protocols in the UC framework. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol.\u00a04964, pp. 335\u2013351. Springer, Heidelberg (2008)"},{"key":"11_CR8","unstructured":"International Organization for Standardization (ISO): ISO\/IEC 11770-4: Information technology \u2014 security techniques \u2014 key management \u2014 part 4: Mechanisms based on weak secrets (2006)"},{"key":"11_CR9","unstructured":"ITU-T X.1035: Password-authenticated key exchange (PAK) protocol (2007)"},{"key":"11_CR10","unstructured":"IEEE P1363.2: Standard specifications for password-based public-key cryptographic techniques (2008)"},{"key":"11_CR11","unstructured":"Wu, T.D.: The secure remote password protocol. In: NDSS 1998. The Internet Society (1998)"},{"key":"11_CR12","unstructured":"Engler, J., Karlof, C., Shi, E., Song, D.: Is it too late for PAKE? In: Web 2.0 Security and Privacy (W2SP) 2009 (2009)"},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"Taylor, D., Wu, T., Mavrogiannopoulos, N., Perrin, T.: Using the Secure Remote Password (SRP) Protocol for TLS Authentication. RFC 5054, Informational (2007)","DOI":"10.17487\/rfc5054"},{"key":"11_CR14","doi-asserted-by":"crossref","unstructured":"Abdalla, M., Bresson, E., Chevassut, O., M\u00f6ller, B., Pointcheval, D.: Provably secure password-based authentication in TLS. In: Lin, F.C., Lee, D.T., Lin, B.S., Shieh, S., Jajodia, S. (eds.) ASIACCS 2006, pp. 35\u201345. ACM Press (2006)","DOI":"10.1145\/1128817.1128827"},{"key":"11_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-540-30574-3_14","volume-title":"Topics in Cryptology \u2013 CT-RSA 2005","author":"M. Abdalla","year":"2005","unstructured":"Abdalla, M., Pointcheval, D.: Simple password-based encrypted key exchange protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol.\u00a03376, pp. 191\u2013208. Springer, Heidelberg (2005)"},{"key":"11_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/978-3-642-22137-8_23","volume-title":"Security Protocols XVI","author":"F. Hao","year":"2011","unstructured":"Hao, F., Ryan, P.Y.A.: Password authenticated key exchange by juggling. In: Christianson, B., Malcolm, J.A., Matyas, V., Roe, M. (eds.) Security Protocols 2008. LNCS, vol.\u00a06615, pp. 159\u2013171. Springer, Heidelberg (2011)"},{"key":"11_CR17","doi-asserted-by":"crossref","unstructured":"Altman, J., Williams, N., Zhu, L.: Channel Bindings for TLS. RFC 5929 (Proposed Standard) (2010)","DOI":"10.17487\/rfc5929"},{"key":"11_CR18","doi-asserted-by":"crossref","unstructured":"Oiwa, Y., Takagi, H., Watanabe, H., Suzuki, H.: PAKE-based mutual HTTP authentication for preventing phishing attacks. In: Maarek, Y., Nejdl, W. (eds.) Proc. 18th International World Wide Web Conference (WWW 2009), pp. 1143\u20131144. ACM (2009)","DOI":"10.1145\/1526709.1526898"},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"Oiwa, Y., Watanabe, H., Takagi, H.: PAKE-based mutual HTTP authentication for preventing phishing attacks (2009), \n                      http:\/\/arxiv.org\/abs\/0911.5230","DOI":"10.1145\/1526709.1526898"},{"key":"11_CR20","unstructured":"Oiwa, Y., Watanabe, H., Takagi, H., Ioku, Y., Hayashi, T.: Mutual authentication protocol for HTTP (2012), Internet-Draft, \n                      http:\/\/tools.ietf.org\/html\/draft-oiwa-http-mutualauth-12"},{"key":"11_CR21","unstructured":"AIST Research Center for Information Security: (Mutual authentication protocol for HTTP), \n                      https:\/\/www.rcis.aist.go.jp\/special\/MutualAuth"},{"key":"11_CR22","unstructured":"Kwon, T.: Authentication and key agreement via memorable passwords. In: NDSS 2001. The Internet Society (2001)"},{"key":"11_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1007\/978-3-642-33167-1_12","volume-title":"Computer Security \u2013 ESORICS 2012","author":"I. Dacosta","year":"2012","unstructured":"Dacosta, I., Ahamad, M., Traynor, P.: Trust no one else: Detecting MITM attacks against SSL\/TLS without third-parties. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol.\u00a07459, pp. 199\u2013216. Springer, Heidelberg (2012)"},{"key":"11_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/3-540-45539-6_12","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"V. Boyko","year":"2000","unstructured":"Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using diffie-hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol.\u00a01807, pp. 156\u2013171. Springer, Heidelberg (2000)"},{"key":"11_CR25","doi-asserted-by":"crossref","unstructured":"Borisov, N., Goldberg, I., Brewer, E.A.: Off-the-record communication, or, why not to use PGP. In: ACM Workshop on Privacy in Electronic Society (WPES 2004), pp. 77\u201384. ACM Press (2004)","DOI":"10.1145\/1029179.1029200"},{"key":"11_CR26","doi-asserted-by":"crossref","unstructured":"Alexander, C., Goldberg, I.: Improved user authentication in Off-The-Record messaging. In: Yu, T. (ed.) ACM Workshop on Privacy in Electronic Society (WPES 2007), pp. 41\u201347. ACM Press (2007)","DOI":"10.1145\/1314333.1314340"},{"key":"11_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-642-32009-5_17","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"T. Jager","year":"2012","unstructured":"Jager, T., Kohlar, F., Sch\u00e4ge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol.\u00a07417, pp. 273\u2013293. Springer, Heidelberg (2012)"},{"key":"11_CR28","doi-asserted-by":"crossref","unstructured":"Bergsma, F., Dowling, B., Kohlar, F., Schwenk, J., Stebila, D.: Multi-ciphersuite security of the Secure Shell (SSH) protocol. In: Yung, M., Li, N. (eds.) ACM CCS 2014. ACM Press (2014)","DOI":"10.1145\/2660267.2660286"},{"key":"11_CR29","doi-asserted-by":"crossref","unstructured":"Brzuska, C., Smart, N.P., Warinschi, B., Watson, G.J.: An analysis of the EMV channel establishment protocol. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 373\u2013386. ACM Press (2013)","DOI":"10.1145\/2508859.2516748"},{"key":"11_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1007\/978-3-642-40041-4_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"H. Krawczyk","year":"2013","unstructured":"Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the TLS protocol: A systematic analysis. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol.\u00a08042, pp. 429\u2013448. Springer, Heidelberg (2013)"},{"key":"11_CR31","unstructured":"Kohlar, F., Sch\u00e4ge, S., Schwenk, J.: On the security of TLS-DH and TLS-RSA in the standard model. Cryptology ePrint Archive, Report 2013\/367 (2013), \n                      http:\/\/eprint.iacr.org\/2013\/367"},{"key":"11_CR32","doi-asserted-by":"crossref","unstructured":"Giesen, F., Kohlar, F., Stebila, D.: On the security of TLS renegotiation. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 387\u2013398. ACM Press (2013)","DOI":"10.1145\/2508859.2516694"},{"key":"11_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-75670-5_1","volume-title":"Provable Security","author":"B.A. LaMacchia","year":"2007","unstructured":"LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol.\u00a04784, pp. 1\u201316. Springer, Heidelberg (2007)"},{"key":"11_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/978-3-642-17373-8_14","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"T. Jager","year":"2010","unstructured":"Jager, T., Kohlar, F., Sch\u00e4ge, S., Schwenk, J.: Generic compilers for authenticated key exchange. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol.\u00a06477, pp. 232\u2013249. Springer, Heidelberg (2010)"},{"key":"11_CR35","unstructured":"Fleischhacker, N., Manulis, M., Azodi, A.: A Modular Framework for Multi-Factor Authentication and Key Exchange. Cryptology ePrint Archive, Report 2012\/181 (2012), \n                      http:\/\/eprint.iacr.org\/2012\/181"},{"key":"11_CR36","doi-asserted-by":"crossref","unstructured":"Manulis, M., Stebila, D., Denham, N.: Secure modular password authentication for the web using channel bindings (full version). Cryptology ePrint Archive, Report 2014\/731 (2014), \n                      http:\/\/eprint.iacr.org\/2014\/731","DOI":"10.1007\/978-3-319-14054-4_11"},{"key":"11_CR37","unstructured":"National Institute of Standards and Technology: Recommended elliptic curves for federal government use (1999), \n                      http:\/\/csrc.nist.gov\/groups\/ST\/toolkit\/documents\/dss\/NISTReCur.pdf"},{"key":"11_CR38","doi-asserted-by":"crossref","unstructured":"Dhamija, R., Tygar, J.D.: The battle against phishing: Dynamic security skins. In: Cranor, L.F., Zurko, M.E. (eds.) Symposium on Usable Privacy and Security (SOUPS 2005), pp. 77\u201388. ACM Press (2005)","DOI":"10.1145\/1073001.1073009"},{"key":"11_CR39","doi-asserted-by":"crossref","unstructured":"Rescorla, E.: Keying Material Exporters for Transport Layer Security (TLS). RFC 5705 (Proposed Standard) (2010)","DOI":"10.17487\/rfc5705"},{"key":"11_CR40","doi-asserted-by":"publisher","first-page":"284","DOI":"10.1504\/IJSN.2007.013181","volume":"2","author":"M. Abdalla","year":"2007","unstructured":"Abdalla, M., Bresson, E., Chevassut, O., M\u00f6ller, B., Pointcheval, D.: Strong password-based authentication in TLS using the three-party group Diffie\u2013Hellman protocol. International Journal of Security and Networks\u00a02, 284\u2013296 (2007)","journal-title":"International Journal of Security and Networks"},{"key":"11_CR41","unstructured":"Certicom Research: SEC 1: Elliptic curve cryptography, Version 2.0 (2009)"}],"container-title":["Lecture Notes in Computer Science","Security Standardisation Research"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-14054-4_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,28]],"date-time":"2023-01-28T09:18:43Z","timestamp":1674897523000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-14054-4_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319140537","9783319140544"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-14054-4_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}