{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T02:53:49Z","timestamp":1775271229828,"version":"3.50.1"},"publisher-location":"Singapore","reference-count":26,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819691005","type":"print"},{"value":"9789819691012","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-9101-2_2","type":"book-chapter","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:50:44Z","timestamp":1752141044000},"page":"22-41","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Strong Federated Authentication With Password-Based Credential Against Identity Server Corruption"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6510-3380","authenticated-orcid":false,"given":"Changsong","family":"Jiang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5411-7621","authenticated-orcid":false,"given":"Chunxiang","family":"Xu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4949-7738","authenticated-orcid":false,"given":"Guomin","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-1663-2622","authenticated-orcid":false,"given":"Li","family":"Duan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1309-8786","authenticated-orcid":false,"given":"Jing","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,7,7]]},"reference":[{"key":"2_CR1","unstructured":"What is OpenID Connect. https:\/\/openid.net\/developers\/how-connect-works\/. Accessed 10 Sept 2024"},{"key":"2_CR2","unstructured":"The OAuth 2.0 Authorization Framework: Bearer Token Usage. https:\/\/datatracker.ietf.org\/doc\/html\/rfc6750. Accessed 21 Aug 2024"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"Agrawal, S., Miao, P., Mohassel, P., Mukherjee, P.: PASTA: password-based threshold authentication. In: Proceedings ACM CCS, pp. 2042\u20132059 (2018)","DOI":"10.1145\/3243734.3243839"},{"key":"2_CR4","doi-asserted-by":"crossref","unstructured":"Armando, A., Carbone, R., Compagna, L., Cuellar, J., Tobarra, L.: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps. In: Proceedings of FMSE, pp. 1\u201310 (2008)","DOI":"10.1145\/1456396.1456397"},{"key":"2_CR5","doi-asserted-by":"crossref","unstructured":"Barbosa, M., Boldyreva, A., Chen, S., Warinschi, B.: Provable security analysis of FIDO2. In: Proceedings of CRYPTO, pp. 125\u2013156 (2021)","DOI":"10.1007\/978-3-030-84252-9_5"},{"key":"2_CR6","doi-asserted-by":"crossref","unstructured":"Bindel, N., Cremers, C., Zhao, M.: Fido2, ctap 2.1, and webauthn 2: provable security and post-quantum instantiation. In: Proceedings of IEEE Security &Privacy, pp. 1471\u20131490 (2023)","DOI":"10.1109\/SP46215.2023.10179454"},{"key":"2_CR7","unstructured":"Boeyen, S., Santesson, S., Polk, T., Housley, R., Farrell, S., Cooper, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (2008)"},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"Chakraborty, D., Bugiel, S.: SimFIDO: FIDO2 user authentication with simtpm. In: Proceedings of ACM CCS, pp. 2569\u20132571 (2019)","DOI":"10.1145\/3319535.3363258"},{"key":"2_CR9","unstructured":"Davit, B., Roni, S., Brad, H., Jeff, H., Ka, Y.: FIDO UAF authenticator commands. FIDO Alliance (2020)"},{"key":"2_CR10","doi-asserted-by":"crossref","unstructured":"Dayanikli, D., Lehmann, A.: Password-based credentials with security against server compromise. In: Proceedings of ESORICS, pp. 147\u2013167 (2023)","DOI":"10.1007\/978-3-031-50594-2_8"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6) (1976)","DOI":"10.1109\/TIT.1976.1055638"},{"key":"2_CR12","doi-asserted-by":"crossref","unstructured":"Dowling, B., Fischlin, M., G\u00fcnther, F., Stebila, D.: A cryptographic analysis of the tls 1.3 handshake protocol. J. Cryptol. 34(4), 37 (2021)","DOI":"10.1007\/s00145-021-09384-1"},{"key":"2_CR13","unstructured":"Gibbs, S.: Dropbox hack leads to leaking of 68m user passwords on the internet (2016), https:\/\/www.theguardian.com\/technology\/2016\/aug\/31\/dropbox-hack-passwords-68m-data-breach. Accessed 10 Sept 2024"},{"key":"2_CR14","unstructured":"Goel, V., Perlroth, N.: Yahoo says 1 billion user accounts were hacked (2016). https:\/\/www.nytimes.com\/2016\/12\/14\/technology\/yahoo-hack.html. Accessed 10 Sept 2024"},{"key":"2_CR15","unstructured":"Hackett, R.: Linkedin lost 167 million account credentials in data breach (2016). https:\/\/fortune.com\/2016\/05\/18\/linkedin-data-breach-email-password\/. Accessed 10 Sept 2024"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Hanzlik, L., Loss, J., Wagner, B.: Token meets wallet: formalizing privacy and revocation for fido2. In: Proceedings of IEEE Security &Privacy, pp. 1491\u20131508 (2023)","DOI":"10.1109\/SP46215.2023.10179373"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Jager, T., Kohlar, F., Sch\u00e4ge, S., Schwenk, J.: On the security of tls-dhe in the standard model. In: Proceedings of CRYPTO, pp. 273\u2013293 (2012)","DOI":"10.1007\/978-3-642-32009-5_17"},{"key":"2_CR18","doi-asserted-by":"publisher","first-page":"3844","DOI":"10.1109\/TIFS.2024.3372812","volume":"19","author":"C Jiang","year":"2024","unstructured":"Jiang, C., Xu, C., Han, Y., Zhang, Z., Chen, K.: Two-factor authenticated key exchange from biometrics with low entropy rates. IEEE Trans. Inf. Forensics Secur. 19, 3844\u20133856 (2024)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Jiang, C., Xu, C., Yang, G., Duan, L., Wang, J.: Strong federated authentication with password-based credential against identity server corruption. Cryptology ePrint Archive (2025)","DOI":"10.1007\/978-981-96-9101-2_2"},{"key":"2_CR20","doi-asserted-by":"publisher","first-page":"2006","DOI":"10.1109\/TIFS.2025.3539955","volume":"20","author":"C Jiang","year":"2025","unstructured":"Jiang, C., Xu, C., Yang, G., Zhang, Z., Chen, J.: Device-enhanced password-based threshold single-sign-on authentication. IEEE Trans. Inf. Forensics Secur. 20, 2006\u20132021 (2025)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"2_CR21","doi-asserted-by":"crossref","unstructured":"Li, Y., Sch\u00e4ge, S.: No-match attacks and robust partnering definitions: defining trivial attacks for security protocols is not trivial. In: Proceedings of ACM CCS, pp. 1343\u20131360 (2017)","DOI":"10.1145\/3133956.3134006"},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Menezes, A.J., Van\u00a0Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC press, Boca Raton (2018)","DOI":"10.1201\/9781439821916"},{"key":"2_CR23","doi-asserted-by":"crossref","unstructured":"Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446 (2018)","DOI":"10.17487\/RFC8446"},{"key":"2_CR24","doi-asserted-by":"crossref","unstructured":"Reynolds, J., Smith, T., Reese, K., Dickinson, L., Ruoti, S., Seamons, K.: A tale of two studies: the best and worst of yubikey usability. In: Proceedings of IEEE Security & Privacy, pp. 872\u2013888 (2018)","DOI":"10.1109\/SP.2018.00067"},{"key":"2_CR25","doi-asserted-by":"crossref","unstructured":"Xu, R., Yang, S., Zhang, F., Fang, Z.: Miso: legacy-compatible privacy-preserving single sign-on using trusted execution environments. In: Proceedings of EuroS &P, pp. 352\u2013372 (2023)","DOI":"10.1109\/EuroSP57164.2023.00029"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Zhang, Z., Wang, Y., Yang, K.: Strong authentication without temper-resistant hardware and application to federated identities. In: Proceedings of NDSS (2020)","DOI":"10.14722\/ndss.2020.24462"}],"container-title":["Lecture Notes in Computer Science","Information Security and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-9101-2_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T14:55:41Z","timestamp":1775228141000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-9101-2_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819691005","9789819691012"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-9101-2_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"7 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACISP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australasian Conference on Information Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Wollongong, NSW","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"acisp2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/uow-ic2.github.io\/acisp2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}