{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,2]],"date-time":"2025-06-02T18:40:08Z","timestamp":1748889608611,"version":"3.41.0"},"reference-count":45,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Institute of Information and Communications Technology Planning and Evaluation (IITP) Grant funded by Korea Government (MSIT), Robust AI and Distributed Attack Detection for Edge AI Security","award":["2021-0-00511"],"award-info":[{"award-number":["2021-0-00511"]}]},{"name":"Development of Countermeasure Technologies for Generative AI Security Threats","award":["RS-2024-00398353"],"award-info":[{"award-number":["RS-2024-00398353"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3570377","type":"journal-article","created":{"date-parts":[[2025,5,15]],"date-time":"2025-05-15T17:33:41Z","timestamp":1747330421000},"page":"92086-92101","source":"Crossref","is-referenced-by-count":0,"title":["HiPass: Hijacking CTAP in Passkey Authentication"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-2033-4341","authenticated-orcid":false,"given":"Donghyun","family":"Kim","sequence":"first","affiliation":[{"name":"Department of Software, Soongsil University, Seoul, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-0290-8011","authenticated-orcid":false,"given":"Junseok","family":"Shin","sequence":"additional","affiliation":[{"name":"Department of Software, Soongsil University, Seoul, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4713-9486","authenticated-orcid":false,"given":"Gwonsang","family":"Ryu","sequence":"additional","affiliation":[{"name":"Department of Artificial Intelligence, Kongju National University, Cheonan, South Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1438-0265","authenticated-orcid":false,"given":"Daeseon","family":"Choi","sequence":"additional","affiliation":[{"name":"Department of Software, Soongsil University, Seoul, South Korea"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03549-4_14"},{"volume-title":"The Past, Present, and Future of Password Security","year":"2018","key":"ref2"},{"key":"ref3","first-page":"1556","article-title":"Protecting accounts from credential stuffing with password breach alerting","volume-title":"Proc. 28th USENIX Secur. Symp. (USENIX Secur. 19)","author":"Thomas"},{"volume-title":"Passkeys, Cross-Account Protection and New Ways We\u2019re Protecting Your Accounts","year":"2024","author":"Blog","key":"ref4"},{"volume-title":"New Survey: Half of People Use Passkeys as Frustrations With Passwords Continue","year":"2024","key":"ref5"},{"issue":"1","key":"ref6","first-page":"202","article-title":"The dawn of passkeys: Evaluating a passwordless future","volume":"2","author":"George","year":"2024","journal-title":"Partners Universal Innov. Res. Publication"},{"issue":"2","key":"ref7","first-page":"723","article-title":"Passkeys and the paradigm shift in authentication: A comprehensive analysis of phishing-resistant IAM","volume":"7","author":"Thurupati","year":"2024","journal-title":"Int. J. Res. Comput. Appl. Inf. Technol."},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-65175-5_21"},{"key":"ref9","first-page":"7231","article-title":"Why aren\u2019t we using passkeys? Obstacles companies face deploying FIDO2 passwordless authentication","volume-title":"Proc. 33rd USENIX Secur. Symp. (USENIX Security)","author":"Lassak"},{"volume-title":"W3C and FIDO Alliance Finalize Web Standard for Secure, Passwordless Logins","year":"2019","key":"ref10"},{"article-title":"Benchmarking FIDO2 and SQRL two-party public-key authentication schemes","year":"2022","author":"Slottved","key":"ref11"},{"key":"ref12","article-title":"How many FIDO protocols are needed? Surveying the design, security and market perspectives","author":"Angelogianni","year":"2021","journal-title":"arXiv:2107.00577"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/CCNC46108.2020.9045440"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179454"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ICSCDS53736.2022.9760934"},{"volume-title":"Expanded Support for FIDO Authentication in IOS and MACOS","year":"2020","author":"Shikiar","key":"ref16"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-61042-1_43"},{"volume-title":"Meet Passkeys","year":"2022","author":"Developer","key":"ref18"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.3390\/cryptography2010001"},{"volume-title":"Question About Passkey FIDO CTAP Protocol","year":"2023","author":"Developer","key":"ref20"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417292"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1155\/2020\/8819790"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3600160.3600174"},{"key":"ref24","first-page":"4","article-title":"FATKit: Detecting malicious library injection and upping the \u2018anti","volume":"4","author":"Walters","year":"2006"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/EECCIS.2018.8692931"},{"issue":"3","key":"ref26","first-page":"854","article-title":"Network traffic analysis using packet sniffer","volume":"2","author":"Asrodia","year":"2012","journal-title":"Int. J. Eng. Res. Appl."},{"key":"ref27","article-title":"An introduction to ARP spoofing","volume":"563","author":"Whalen","year":"2001"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/s12046-017-0749-y"},{"key":"ref29","first-page":"1","article-title":"The state of the art in DNS spoofing","volume-title":"Proc. 4th Intl. Conf. Appl. Cryptography Netw. Secur. (ACNS)","author":"Steinhoff"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/1391949.1391950"},{"issue":"4","key":"ref31","first-page":"1","article-title":"IP spoofing","volume":"10","author":"Ali","year":"2007","journal-title":"Internet Protocol J."},{"key":"ref32","first-page":"2619","article-title":"Off-Path network traffic manipulation via revitalized ICMP redirect attacks","volume-title":"Proc. 31st USENIX Secur. Symp.","author":"Feng"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.4018\/jaci.2012010103"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.1997.596787"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11599-3_14"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/ICECET58911.2023.10389394"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/ICECCS.2017.24"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/LCNW.2012.6424041"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/1167253.1167291"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.3837\/tiis.2021.05.016"},{"volume-title":"Using Webauthn","year":"2022","author":"io","key":"ref41"},{"volume-title":"Documentation","year":"2016","key":"ref42"},{"key":"ref43","first-page":"1323","article-title":"Measuring HTTPS adoption on the Web","volume-title":"Proc. 26th USENIX Secur. Symp. (USENIX Secur. 17)","author":"Felt"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3507657.3528536"},{"volume-title":"Opening Doors and Stealing Cars: Bluetooth Le Link Layer Relay Attacks","year":"2022","author":"Khan","key":"ref45"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/11005460.pdf?arnumber=11005460","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,2]],"date-time":"2025-06-02T18:03:47Z","timestamp":1748887427000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11005460\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":45,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3570377","relation":{},"ISSN":["2169-3536"],"issn-type":[{"type":"electronic","value":"2169-3536"}],"subject":[],"published":{"date-parts":[[2025]]}}}