{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T23:02:03Z","timestamp":1765062123810,"version":"3.41.0"},"publisher-location":"Cham","reference-count":50,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319765808"},{"type":"electronic","value":"9783319765815"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-76581-5_15","type":"book-chapter","created":{"date-parts":[[2018,2,28]],"date-time":"2018-02-28T09:41:20Z","timestamp":1519810880000},"page":"431-461","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":31,"title":["Two-Factor Authentication with\u00a0End-to-End Password Security"],"prefix":"10.1007","author":[{"given":"Stanislaw","family":"Jarecki","sequence":"first","affiliation":[]},{"given":"Hugo","family":"Krawczyk","sequence":"additional","affiliation":[]},{"given":"Maliheh","family":"Shirvanian","sequence":"additional","affiliation":[]},{"given":"Nitesh","family":"Saxena","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,3,1]]},"reference":[{"key":"15_CR1","unstructured":"Duo Security Two-Factor Authentication. https:\/\/goo.gl\/wT3ur9"},{"key":"15_CR2","unstructured":"FIDO Universal 2nd Factor. https:\/\/www.yubico.com\/"},{"key":"15_CR3","unstructured":"Google acquires slicklogin, the sound-based password alternative. https:\/\/goo.gl\/V9J8rv"},{"key":"15_CR4","unstructured":"Google Authenticator Android app. https:\/\/goo.gl\/Q4LU7k"},{"key":"15_CR5","unstructured":"Google Cloud Messaging. https:\/\/goo.gl\/EFvXt9"},{"key":"15_CR6","unstructured":"LinkedIn Confirms Account Passwords Hacked. http:\/\/goo.gl\/UBWuY0"},{"key":"15_CR7","unstructured":"RSA breach leaks data for hacking securid tokens. http:\/\/goo.gl\/tcEoS"},{"key":"15_CR8","unstructured":"Sign in faster with 2-Step Verification phone prompts. https:\/\/goo.gl\/3vjngW"},{"key":"15_CR9","unstructured":"Sound Login Two Factor Authentication. https:\/\/goo.gl\/LJFkvT"},{"key":"15_CR10","unstructured":"TOTP: Time-Based One-Time Password Algorithm. https:\/\/goo.gl\/9Ba5hv"},{"key":"15_CR11","unstructured":"Two-factor authentication - authy. https:\/\/www.authy.com\/"},{"key":"15_CR12","unstructured":"Yahoo Says 1 Billion User Accounts Were Hacked. https:\/\/goo.gl\/q4WZi9"},{"key":"15_CR13","unstructured":"YubiKeys: Your key to two-factor authentication. https:\/\/goo.gl\/LLACvP"},{"key":"15_CR14","unstructured":"RFC 4226 HOTP: An HMAC-based One-Time Password Algorithm (2005). https:\/\/goo.gl\/wxHBvT"},{"key":"15_CR15","unstructured":"Russian Hackers Amass Over a Billion Internet Passwords (2014). https:\/\/goo.gl\/KCrFjS"},{"key":"15_CR16","unstructured":"London Calling: Two-Factor Authentication Phishing From Iran (2015). https:\/\/goo.gl\/w6RD67"},{"key":"15_CR17","unstructured":"Hack Brief: Yahoo Breach Hits Half a Billion Users (2016). https:\/\/goo.gl\/nz4uJG"},{"key":"15_CR18","unstructured":"SIM swap fraud: The multi-million pound security issue that UK banks won\u2019t talk about (2016). http:\/\/www.ibtimes.co.uk\/sim-swap-fraud-multi-million-pound-security-issue-that-uk-banks-wont-talk-about-1553035"},{"key":"15_CR19","unstructured":"SMS Deprecated (2016). https:\/\/github.com\/usnistgov\/800-63-3\/issues\/168"},{"key":"15_CR20","unstructured":"Over 560 Million Passwords Discovered in Anonymous Online Database (2017). https:\/\/goo.gl\/upDqzt"},{"key":"15_CR21","unstructured":"Real-World SS7 Attack - Hackers Are Stealing Money From Bank Accounts (2017). https:\/\/thehackernews.com\/2017\/05\/ss7-vulnerability-bank-hacking.html"},{"key":"15_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-45353-9_12","volume-title":"Topics in Cryptology\u2014CT-RSA 2001","author":"M Abdalla","year":"2001","unstructured":"Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143\u2013158. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45353-9_12"},{"issue":"13","key":"15_CR23","doi-asserted-by":"publisher","first-page":"2597","DOI":"10.1016\/j.comnet.2013.05.007","volume":"57","author":"T Acar","year":"2013","unstructured":"Acar, T., Belenkiy, M., K\u00fcp\u00e7\u00fc, A.: Single password authentication. Comput. Netw. 57(13), 2597\u20132614 (2013)","journal-title":"Comput. Netw."},{"key":"15_CR24","doi-asserted-by":"crossref","unstructured":"Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Advances in Cryptology - Eurocrypt (2000)","DOI":"10.1007\/3-540-45539-6_11"},{"key":"15_CR25","doi-asserted-by":"crossref","unstructured":"Bellovin, S.M., Merritt, M.: Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise. In: ACM Conference on Computer and Communications Security (1993)","DOI":"10.1145\/168588.168618"},{"key":"15_CR26","doi-asserted-by":"crossref","unstructured":"Bernstein, D.J., Hamburg, M., Krasnova, A., Lange, T.: Elligator: elliptic-curve points indistinguishable from uniform random strings (2013)","DOI":"10.1145\/2508859.2516734"},{"key":"15_CR27","doi-asserted-by":"crossref","unstructured":"Boyen, X.: Hidden credential retrieval from a reusable password. In: Proceedings of ASIACCS (2009)","DOI":"10.1145\/1533057.1533089"},{"key":"15_CR28","unstructured":"Brainard, J., Juels, A., Kaliski, B., Szydlo, M.: A new two-server approach for authentication with short secrets. In: 12th USENIX Security Symposium (2003)"},{"key":"15_CR29","doi-asserted-by":"crossref","unstructured":"Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 453\u2013474 (2001)","DOI":"10.1007\/3-540-44987-6_28"},{"key":"15_CR30","doi-asserted-by":"crossref","unstructured":"Czeskis, A., Dietz, M., Kohno, T., Wallach, D., Balfanz, D.: Strengthening user authentication through opportunistic cryptographic identity assertions. In: Proceedings of ACM Conference on Computer and Communications Security (2012)","DOI":"10.1145\/2382196.2382240"},{"key":"15_CR31","doi-asserted-by":"crossref","unstructured":"Ford, W., Kaliski, Jr, B.S.: Server-assisted generation of a strong secret from a password. In: WETICE, pp. 176\u2013180 (2000)","DOI":"10.1109\/ENABL.2000.883724"},{"key":"15_CR32","doi-asserted-by":"crossref","unstructured":"Gentry, C., MacKenzie, P., Ramzan, Z.: A method for making password-based key exchange resilient to server compromise. In: Advances in Cryptology (2006)","DOI":"10.1007\/11818175_9"},{"issue":"3","key":"15_CR33","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1145\/322510.322514","volume":"2","author":"S Halevi","year":"1999","unstructured":"Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Trans. Inf. Syst. Secur. 2(3), 230\u2013268 (1999)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"15_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-642-32009-5_17","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"T Jager","year":"2012","unstructured":"Jager, T., Kohlar, F., Sch\u00e4ge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 273\u2013293. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_17"},{"key":"15_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/978-3-662-45608-8_13","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"S Jarecki","year":"2014","unstructured":"Jarecki, S., Kiayias, A., Krawczyk, H.: Round-optimal password-protected secret sharing and T-PAKE in the password-only model. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 233\u2013253. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45608-8_13"},{"key":"15_CR36","doi-asserted-by":"crossref","unstructured":"Jarecki, S., Kiayias, A., Krawczyk, H., Xu, J.: Highly efficient and composable password-protected secret sharing. In: 1st IEEE European Symposium on Security and Privacy (EuroS&P) (2015)","DOI":"10.1109\/EuroSP.2016.30"},{"key":"15_CR37","unstructured":"Jarecki, S., Krawczyk, H., Shirvanian, M., Saxena, N.: Device-enhanced password protocols with optimal online-offline protection. In: ASIACCS 2016 (2016). http:\/\/eprint.iacr.org\/2015\/1099"},{"key":"15_CR38","doi-asserted-by":"crossref","unstructured":"Jarecki, S., Krawczyk, H., Shirvanian, M., Saxena, N.: Two-factor authentication with end-to-end password security. IACR Cryptology ePrint Archive: Report 2018\/033, January 2018. http:\/\/eprint.iacr.org\/2018\/033","DOI":"10.1007\/978-3-319-76581-5_15"},{"key":"15_CR39","unstructured":"Karapanos, N., Marforio, C., Soriente, C., Capkun, S.: Sound-proof: usable two-factor authentication based on ambient sound. In: 24th USENIX Security Symposium (USENIX Security 15) (2015)"},{"key":"15_CR40","doi-asserted-by":"crossref","unstructured":"Katz, J., MacKenzie, P.D., Taban, G., Gligor, V.D.: Two-server password-only authenticated key exchange. In: ACNS, pp. 1\u201316 (2005)","DOI":"10.1007\/11496137_1"},{"key":"15_CR41","doi-asserted-by":"crossref","unstructured":"Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Annual International Cryptology Conference, pp. 546\u2013566 (2005)","DOI":"10.1007\/11535218_33"},{"key":"15_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"422","DOI":"10.1007\/978-3-662-54970-4_25","volume-title":"Financial Cryptography and Data Security","author":"J Lang","year":"2017","unstructured":"Lang, J., Czeskis, A., Balfanz, D., Schilder, M., Srinivas, S.: Security keys: practical cryptographic second factors for the modern web. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 422\u2013440. Springer, Heidelberg (2017). https:\/\/doi.org\/10.1007\/978-3-662-54970-4_25"},{"key":"15_CR43","doi-asserted-by":"crossref","unstructured":"Lin, C.-C., Li, H., Zhou, X.-Y., Wang, X.: Screenmilker: how to milk your android screen for secrets. In: Network & Distributed System Security Symposium (2014)","DOI":"10.14722\/ndss.2014.23049"},{"key":"15_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1007\/3-540-45708-9_25","volume-title":"Advances in Cryptology\u2014CRYPTO 2002","author":"P MacKenzie","year":"2002","unstructured":"MacKenzie, P., Shrimpton, T., Jakobsson, M.: Threshold password-authenticated key exchange. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 385\u2013400. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45708-9_25"},{"key":"15_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"277","DOI":"10.1007\/978-3-540-68914-0_17","volume-title":"Applied Cryptography and Network Security","author":"D Pointcheval","year":"2008","unstructured":"Pointcheval, D., Zimmer, S.: Multi-factor authenticated key exchange. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 277\u2013295. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-68914-0_17"},{"key":"15_CR46","doi-asserted-by":"crossref","unstructured":"Saxena, N., Ekberg, J.-E., Kostiainen, K., Asokan, N.: Secure device pairing based on a visual channel. In: IEEE Symposium on Security and Privacy (2006)","DOI":"10.1109\/SP.2006.35"},{"key":"15_CR47","doi-asserted-by":"crossref","unstructured":"Shirvanian, M., Jarecki, S., Saxena, N., Nathan, N.: Two-factor authentication resilient to server compromise using mix-bandwidth devices. In: Network & Distributed System Security Symposium (2014)","DOI":"10.14722\/ndss.2014.23167"},{"key":"15_CR48","unstructured":"Shoup, V.: ISO 18033\u20132: an emerging standard for public-key encryption. Final Committee Draft, December 2004"},{"key":"15_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"307","DOI":"10.1007\/978-3-540-77366-5_29","volume-title":"Financial Cryptography and Data Security","author":"E Uzun","year":"2007","unstructured":"Uzun, E., Karvonen, K., Asokan, N.: Usability analysis of secure pairing methods. In: Dietrich, S., Dhamija, R. (eds.) FC 2007. LNCS, vol. 4886, pp. 307\u2013324. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-77366-5_29"},{"key":"15_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1007\/11535218_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"S Vaudenay","year":"2005","unstructured":"Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309\u2013326. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11535218_19"}],"container-title":["Lecture Notes in Computer Science","Public-Key Cryptography \u2013 PKC 2018"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-76581-5_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,2]],"date-time":"2025-07-02T03:21:55Z","timestamp":1751426515000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-76581-5_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319765808","9783319765815"],"references-count":50,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-76581-5_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"1 March 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PKC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IACR International Workshop on Public Key Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rio de Janeiro","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Brazil","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 March 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 March 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pkc2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/pkc.iacr.org\/2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}