{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,19]],"date-time":"2025-09-19T11:12:30Z","timestamp":1758280350171,"version":"3.37.3"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319676388"},{"type":"electronic","value":"9783319676395"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-67639-5_11","type":"book-chapter","created":{"date-parts":[[2017,9,4]],"date-time":"2017-09-04T23:54:41Z","timestamp":1504569281000},"page":"127-142","source":"Crossref","is-referenced-by-count":7,"title":["A Security Evaluation of FIDO\u2019s UAF Protocol in Mobile and Embedded Devices"],"prefix":"10.1007","author":[{"given":"Christoforos","family":"Panos","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefanos","family":"Malliaros","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christoforos","family":"Ntantogian","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Angeliki","family":"Panou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christos","family":"Xenakis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,9,6]]},"reference":[{"key":"11_CR1","doi-asserted-by":"crossref","unstructured":"Das, A., et al.: The tangled web of password reuse. In: NDSS, vol. 14 (2014)","DOI":"10.14722\/ndss.2014.23357"},{"key":"11_CR2","unstructured":"55K Twitter Passwords Leaked. \nhttp:\/\/www.newser.com\/story\/145750\/55k-twitter-passwords-leaked.html"},{"key":"11_CR3","unstructured":"Yahoo Hacked: 450,000 passwords posted online. \nhttp:\/\/www.cnn.com\/2012\/07\/12\/tech\/web\/yahoo-users-hacked"},{"key":"11_CR4","unstructured":"6.46 million LinkedIn passwords leaked online. \nhttp:\/\/www.zdnet.com\/blog\/btl\/6-46-million-linkedin-passwords-leaked-online\/79290"},{"key":"11_CR5","unstructured":"FIDO Alliance: Fido security reference. \nhttp:\/\/www.fidoalliance.org\/specifications"},{"key":"11_CR6","unstructured":"Srinivas, S., et al.: Universal 2nd factor (U2F) overview. FIDO Alliance Proposed Standard, pp. 1\u20135 (2015)"},{"key":"11_CR7","unstructured":"FIDO Alliance: FIDO UAF Protocol Specification v1.1: FIDO Alliance Proposed Standard (2016)"},{"key":"11_CR8","unstructured":"FIDO Alliance: FIDO Certified Products. \nhttps:\/\/fidoalliance.org\/certification\/fido-certified-products\/\n\n. Accessed 5 June 2017"},{"key":"11_CR9","unstructured":"FIDO Alliance: Fido security reference (2014). \nwww.fidoalliance.org\/specifications"},{"key":"11_CR10","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1016\/j.comcom.2014.08.002","volume":"54","author":"C Panos","year":"2014","unstructured":"Panos, C., et al.: A specification-based intrusion detection engine for infrastructure-less networks. Comput. Commun. 54, 67\u201383 (2014)","journal-title":"Comput. Commun."},{"key":"11_CR11","unstructured":"Trusted Computing Platform Alliance: TCPA main specification v. 1.2. \nhttp:\/\/www.trustedcomputing.org"},{"key":"11_CR12","doi-asserted-by":"crossref","unstructured":"Winter, J.: Trusted computing building blocks for embedded linux-based ARM trustzone platforms. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing. ACM (2008)","DOI":"10.1145\/1456455.1456460"},{"key":"11_CR13","unstructured":"Common Criteria for Information Technology Security Evaluation. SAMSUNG SDS FIDO Server Solution V1.1 Certification Report (2016)"},{"key":"11_CR14","doi-asserted-by":"crossref","unstructured":"Helfmeier, C., Nedospasov, D., Tarnovsky, C., Krissler, J.S., Boit, C., Seifert, J.-P.: Breaking and entering through the silicon. In: Computer and Communications Security (CCS), pp. 733\u2013744 (2013)","DOI":"10.1145\/2508859.2516717"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"Cooijmans, T., de Ruiter, J., Poll, E.: Analysis of secure key storage solutions on Android. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices. ACM (2014)","DOI":"10.1145\/2666620.2666627"},{"key":"11_CR16","unstructured":"Cooijmans, T., et al.: Secure key storage and secure computation in Android. Master\u2019s thesis, Radboud University Nijmegen (2014)"},{"key":"11_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"346","DOI":"10.1007\/978-3-642-18178-8_30","volume-title":"Information Security","author":"L Davi","year":"2011","unstructured":"Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ili\u0107, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346\u2013360. Springer, Heidelberg (2011). doi:\n10.1007\/978-3-642-18178-8_30"},{"key":"11_CR18","unstructured":"Shen, D.: Exploiting Trustzone on Android. In: Black Hat USA (2015)"},{"key":"11_CR19","unstructured":"Rosenberg, D.: Qsee trustzone kernel integer over flow vulnerability. In: Black Hat Conference (2014)"},{"key":"11_CR20","unstructured":"Abhishek, P.C.: Student research abstract: analysing the vulnerability exploitation in Android with the device-mapper-verity (dm-verity) (2017)"},{"key":"11_CR21","unstructured":"Does, T., Maarse, M.: Subverting Android 6.0 fingerprint authentication (2016)"},{"key":"11_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/978-3-319-26502-5_10","volume-title":"Secure IT Systems","author":"I Loutfi","year":"2015","unstructured":"Loutfi, I., J\u00f8sang, A.: FIDO trust requirements. In: Buchegger, S., Dam, M. (eds.) NordSec 2015. LNCS, vol. 9417, pp. 139\u2013155. Springer, Cham (2015). doi:\n10.1007\/978-3-319-26502-5_10"},{"issue":"12","key":"11_CR23","doi-asserted-by":"crossref","first-page":"189","DOI":"10.1109\/CC.2016.7897543","volume":"13","author":"K Hu","year":"2016","unstructured":"Hu, K., Zhang, Z.: Security analysis of an attractive online authentication standard: FIDO UAF protocol. IEEE China Commun. 13(12), 189\u2013198 (2016)","journal-title":"IEEE China Commun."}],"container-title":["Communications in Computer and Information Science","Digital Communication. Towards a Smart and Secure Future Internet"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-67639-5_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,9,4]],"date-time":"2017-09-04T23:57:53Z","timestamp":1504569473000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-67639-5_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319676388","9783319676395"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-67639-5_11","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2017]]}}}