{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,13]],"date-time":"2025-05-13T02:43:29Z","timestamp":1747104209187},"publisher-location":"Cham","reference-count":43,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319490991"},{"type":"electronic","value":"9783319491004"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-49100-4_5","type":"book-chapter","created":{"date-parts":[[2016,11,1]],"date-time":"2016-11-01T14:41:42Z","timestamp":1478011302000},"page":"112-140","source":"Crossref","is-referenced-by-count":9,"title":["Security Analysis of the W3C Web Cryptography API"],"prefix":"10.1007","author":[{"given":"Kelsey","family":"Cairns","sequence":"first","affiliation":[]},{"given":"Harry","family":"Halpin","sequence":"additional","affiliation":[]},{"given":"Graham","family":"Steel","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,11,2]]},"reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J.A., Heninger, N., Springall, D., Thom\u00e9, E., Valenta, L., et al.: Imperfect forward secrecy: how Diffie-Hellman fails in practice. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 5\u201317. ACM (2015)","DOI":"10.1145\/2810103.2813707"},{"key":"5_CR2","doi-asserted-by":"crossref","unstructured":"Akhawe, D., Barth, A., Lam, P.E., Mitchell, J., Song, D.: Towards a formal foundation of web security. In: Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium, CSF 2010, pp. 290\u2013304. IEEE Computer Society, Washington, DC, USA (2010)","DOI":"10.1109\/CSF.2010.27"},{"key":"5_CR3","unstructured":"Sleevi, R., Watson, M.: Web Cryptography API. Candidate recommendation, IETF (2014). http:\/\/www.w3.org\/TR\/WebCryptoAPI\/"},{"key":"5_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/978-3-642-36830-1_7","volume-title":"Principles of Security and Trust","author":"C Bansal","year":"2013","unstructured":"Bansal, C., Bhargavan, K., Delignat-Lavaud, A., Maffeis, S.: Keys to the cloud: formal analysis and concrete attacks on encrypted web storage. In: Basin, D., Mitchell, J.C. (eds.) POST 2013. LNCS, vol. 7796, pp. 126\u2013146. Springer, Heidelberg (2013). doi: 10.1007\/978-3-642-36830-1_7"},{"key":"5_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"608","DOI":"10.1007\/978-3-642-32009-5_36","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"R Bardou","year":"2012","unstructured":"Bardou, R., Focardi, R., Kawamoto, Y., Simionato, L., Steel, G., Tsay, J.-K.: Efficient padding oracle attacks on cryptographic hardware. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 608\u2013625. Springer, Heidelberg (2012). doi: 10.1007\/978-3-642-32009-5_36"},{"key":"5_CR6","unstructured":"Barth, A., Veditz, D., West, M.: Content Security Policy level 1.1. Working draft, W3C (2012). http:\/\/www.w3.org\/TR\/2014\/WD-CSpp. 11-20140211\/"},{"key":"5_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/11818175_36","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M.: New proofs for NMAC and HMAC: security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602\u2013619. Springer, Heidelberg (2006). doi: 10.1007\/11818175_36"},{"key":"5_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1007\/3-540-68339-9_34","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1996","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399\u2013416. Springer, Heidelberg (1996). doi: 10.1007\/3-540-68339-9_34"},{"key":"5_CR9","doi-asserted-by":"crossref","unstructured":"Beurdouche, B., Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., Zinzindohoue, J.K.: A messy state of the union: taming the composite state machines of TLS. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 535\u2013552. IEEE (2015)","DOI":"10.1109\/SP.2015.39"},{"key":"5_CR10","doi-asserted-by":"crossref","unstructured":"Bhargavan, K., Lavaud, A.D., Fournet, C., Pironti, A., Strub, P.-Y.: Triple handshakes and cookie cutters: breaking and fixing authentication over TLS. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 98\u2013113. IEEE (2014)","DOI":"10.1109\/SP.2014.14"},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of the 14th IEEE Workshop on Computer Security Foundations, CSFW 2001, pp. 82\u201396. IEEE Computer Society, Washington, DC, USA (2001)","DOI":"10.1109\/CSFW.2001.930138"},{"key":"5_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/BFb0055716","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201998","author":"D Bleichenbacher","year":"1998","unstructured":"Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1\u201312. Springer, Heidelberg (1998). doi: 10.1007\/BFb0055716"},{"issue":"10","key":"5_CR13","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1109\/2.955101","volume":"34","author":"M Bond","year":"2001","unstructured":"Bond, M., Anderson, R.: API-level attacks on embedded systems. Computer 34(10), 67\u201375 (2001)","journal-title":"Computer"},{"key":"5_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1007\/3-540-44647-8_12","volume-title":"Advances in Cryptology \u2014 CRYPTO 2001","author":"D Boneh","year":"2001","unstructured":"Boneh, D., Shparlinski, I.E.: On the unpredictability of bits of the elliptic curve Diffie-Hellman scheme. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 201\u2013212. Springer, Heidelberg (2001). doi: 10.1007\/3-540-44647-8_12"},{"key":"5_CR15","unstructured":"Braun, F., Akhawe, D., Weinberger, J., West, M.: Subresource Integrity. Working draft, W3C (2014). http:\/\/www.w3.org\/TR\/SRI\/"},{"key":"5_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"414","DOI":"10.1007\/978-3-540-70545-1_38","volume-title":"Computer Aided Verification","author":"CJF Cremers","year":"2008","unstructured":"Cremers, C.J.F.: The Scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414\u2013418. Springer, Heidelberg (2008). doi: 10.1007\/978-3-540-70545-1_38"},{"issue":"6","key":"5_CR17","doi-asserted-by":"crossref","first-page":"1211","DOI":"10.3233\/JCS-2009-0394","volume":"18","author":"S Delaune","year":"2010","unstructured":"Delaune, S., Kremer, S., Steel, G.: Formal security analysis of PKCS#11 and proprietary extensions. J. Comput. Secur. 18(6), 1211\u20131245 (2010)","journal-title":"J. Comput. Secur."},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Dennis, G., Chang, F.S.-H., Jackson, D.: Modular verification of code with SAT. In: Proceedings of the ACM\/SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2006, 17\u201320 July 2006, Portland, Maine, USA, pp. 109\u2013120 (2006)","DOI":"10.1145\/1146238.1146251"},{"issue":"2","key":"5_CR19","doi-asserted-by":"crossref","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","volume":"29","author":"D Dolev","year":"1983","unstructured":"Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198\u2013208 (1983)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: validating SSL certificates in non-browser software. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 38\u201349. ACM, New York (2012)","DOI":"10.1145\/2382196.2382204"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"Halpin, H.: The W3C web cryptography API: motivation and overview. In: Proceedings of the Companion Publication of the 23rd International Conference on World Wide Web Companion, WWW Companion 2014, pp. 959\u2013964, Republic and Canton of Geneva, Switzerland. International World Wide Web Conferences Steering Committee (2014)","DOI":"10.1145\/2567948.2579224"},{"issue":"2","key":"5_CR22","doi-asserted-by":"crossref","first-page":"256","DOI":"10.1145\/505145.505149","volume":"11","author":"D Jackson","year":"2002","unstructured":"Jackson, D.: Alloy: a lightweight object modelling notation. ACM Trans. Softw. Eng. Methodol. 11(2), 256\u2013290 (2002)","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"5_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"752","DOI":"10.1007\/978-3-642-33167-1_43","volume-title":"Computer Security \u2013 ESORICS 2012","author":"T Jager","year":"2012","unstructured":"Jager, T., Schinzel, S., Somorovsky, J.: Bleichenbacher\u2019s attack strikes again: breaking PKCS#1 v1.5 in XML encryption. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 752\u2013769. Springer, Heidelberg (2012). doi: 10.1007\/978-3-642-33167-1_43"},{"key":"5_CR24","unstructured":"Kaliski, B.: PKCS #7: Cryptographic Message Syntax. RSA Security Inc., v1.5. https:\/\/www.ietf.org\/rfc\/rfc2315.txt"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Kaminsky, A., Kurdziel, M., Radziszowski, S.: An overview of cryptanalysis research for the advanced encryption standard. In: 2010 Military Communications Conference - MILCOM 2010 (2010)","DOI":"10.1109\/MILCOM.2010.5680130"},{"key":"5_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"631","DOI":"10.1007\/978-3-642-14623-7_34","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"H Krawczyk","year":"2010","unstructured":"Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631\u2013648. Springer, Heidelberg (2010). doi: 10.1007\/978-3-642-14623-7_34"},{"key":"5_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/978-3-642-38004-4_17","volume-title":"Security and Trust Management","author":"R K\u00fcnnemann","year":"2013","unstructured":"K\u00fcnnemann, R., Steel, G.: YubiSecure? Formal security analysis results for the Yubikey and YubiHSM. In: J\u00f8sang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 257\u2013272. Springer, Heidelberg (2013). doi: 10.1007\/978-3-642-38004-4_17"},{"key":"5_CR28","unstructured":"Laurie, B., Langley, A., Kasper, E.: RFC 6962 Certificate Transparency. Experimental, IETF (2013). https:\/\/tools.ietf.org\/html\/rfc6962"},{"key":"5_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/11556992_18","volume-title":"Information Security","author":"CJ Mitchell","year":"2005","unstructured":"Mitchell, C.J.: Error Oracle attacks on CBC mode: is there a future for CBC mode encryption? In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 244\u2013258. Springer, Heidelberg (2005). doi: 10.1007\/11556992_18"},{"key":"5_CR30","doi-asserted-by":"crossref","unstructured":"Near, J.P., Jackson, D.: Derailer: interactive security analysis for web applications. In: Proceedings of the 29th IEEE\/ACM International Conference on Automated Software Engineering (ASE), pp. 587\u2013598. IEEE\/ACM (2014)","DOI":"10.1145\/2642937.2643012"},{"key":"5_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/978-3-540-24660-2_24","volume-title":"Topics in Cryptology \u2013 CT-RSA 2004","author":"KG Paterson","year":"2004","unstructured":"Paterson, K.G., Yau, A.: Padding Oracle attacks on the ISO CBC mode encryption standard. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 305\u2013323. Springer, Heidelberg (2004). doi: 10.1007\/978-3-540-24660-2_24"},{"key":"5_CR32","unstructured":"Perrin, T.: Web Cryptography API. Editor\u2019s draft, W3C (2014). http:\/\/github.com\/trevp\/curve25519_webcrypto"},{"key":"5_CR33","unstructured":"Rizzo, J.: Duong., T.: Practical padding Oracle attacks. In: Proceedings of the 4th USENIX Conference on Offensive Technologies, WOOT 2010, pp. 1\u20138. USENIX Association, Berkeley, CA, USA (2010)"},{"key":"5_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/11761679_23","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"P Rogaway","year":"2006","unstructured":"Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373\u2013390. Springer, Heidelberg (2006). doi: 10.1007\/11761679_23"},{"key":"5_CR35","unstructured":"Rogaway, P.: Evaluation of some blockcipher modes of operation. Technical report, University of California, Davis, Evaluation carried out for the Cryptography Research and Evaluation Committees (CRYPTREC) for the Government of Japan, February 2011"},{"key":"5_CR36","doi-asserted-by":"crossref","unstructured":"Schmidt, B., Sasse, R., Cremers, C., Basin, D.: Automated verification of group key agreement protocols. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 179\u2013194. IEEE (2014)","DOI":"10.1109\/SP.2014.19"},{"key":"5_CR37","unstructured":"Smart, N.P., Rijmen, V., Warinschi, B., Watson, G., Patterson, K., Stam, M.: Algorithms, key sizes and parameters report: 2014 recommendations. Technical report, November 2014. ENISA Report. Version 1.0"},{"key":"5_CR38","doi-asserted-by":"crossref","unstructured":"Stark, E., Hamburg, M., Boneh, D.: Symmetric cryptography in Javascript. In: Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC 2009, pp. 373\u2013381. IEEE Computer Society, Washington, DC, USA (2009)","DOI":"10.1109\/ACSAC.2009.42"},{"key":"5_CR39","doi-asserted-by":"crossref","unstructured":"Taly, A., Erlingsson, \u00da., Mitchell, J.C., Miller, M.S., Nagra, J.: Automated analysis of security-critical Javascript APIs. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP 2011, pp. 363\u2013378. IEEE Computer Society, Washington, DC, USA (2011)","DOI":"10.1109\/SP.2011.39"},{"issue":"4","key":"5_CR40","doi-asserted-by":"crossref","first-page":"915","DOI":"10.1017\/S0960129512000291","volume":"23","author":"E Torlak","year":"2013","unstructured":"Torlak, E., Taghdiri, M., Dennis, G., Near, J.P.: Applications and extensions of alloy: past, present and future. Math. Struct. Comput. Sci. 23(4), 915\u2013933 (2013)","journal-title":"Math. Struct. Comput. Sci."},{"key":"5_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"534","DOI":"10.1007\/3-540-46035-7_35","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"S Vaudenay","year":"2002","unstructured":"Vaudenay, S.: Security flaws induced by CBC padding \u2014 applications to SSL, IPSEC, WTLS. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534\u2013545. Springer, Heidelberg (2002). doi: 10.1007\/3-540-46035-7_35"},{"key":"5_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1007\/978-3-642-29101-2_14","volume-title":"Information Security Practice and Experience","author":"CC Wen","year":"2012","unstructured":"Wen, C.C., Dawson, E., Gonz\u00e1lez Nieto, J.M., Simpson, L.: A framework for security analysis of key derivation functions. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 199\u2013216. Springer, Heidelberg (2012). doi: 10.1007\/978-3-642-29101-2_14"},{"key":"5_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1007\/978-3-540-30574-3_17","volume-title":"Topics in Cryptology \u2013 CT-RSA 2005","author":"FF Yao","year":"2005","unstructured":"Yao, F.F., Yin, Y.L.: Design and analysis of password-based key derivation functions. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 245\u2013261. Springer, Heidelberg (2005). doi: 10.1007\/978-3-540-30574-3_17"}],"container-title":["Lecture Notes in Computer Science","Security Standardisation Research"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-49100-4_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,25]],"date-time":"2017-06-25T02:31:37Z","timestamp":1498357897000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-49100-4_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319490991","9783319491004"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-49100-4_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]}}}