{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,28]],"date-time":"2025-11-28T12:21:04Z","timestamp":1764332464490,"version":"3.37.3"},"reference-count":178,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Commun. Surv. Tutorials"],"published-print":{"date-parts":[[2017]]},"DOI":"10.1109\/comst.2017.2651741","type":"journal-article","created":{"date-parts":[[2017,1,11]],"date-time":"2017-01-11T19:10:15Z","timestamp":1484161815000},"page":"1080-1111","source":"Crossref","is-referenced-by-count":31,"title":["Social Authentication Applications, Attacks, Defense Strategies and Future Research Directions: A Systematic Review"],"prefix":"10.1109","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9052-999X","authenticated-orcid":false,"given":"Noura","family":"Alomar","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mansour","family":"Alsaleh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdulrahman","family":"Alarifi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"journal-title":"ACM Digital Library","year":"2016","key":"ref170"},{"journal-title":"IEEE Xplore Digital Library","year":"2016","key":"ref172"},{"journal-title":"ScienceDirect","year":"2016","key":"ref171"},{"journal-title":"Wiley Online Library","year":"2016","key":"ref174"},{"journal-title":"Springer Link","year":"2016","key":"ref173"},{"key":"ref176","first-page":"55","article-title":"An evaluation of quality checklist proposals: A participant-observer case study","author":"kitchenham","year":"2009","journal-title":"Proc 13th Int Conf Eval Assess Softw Eng"},{"key":"ref175","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2006.07.009"},{"key":"ref178","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.59"},{"key":"ref177","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2007.59"},{"article-title":"Procedures for performing systematic reviews","year":"2004","author":"kitchenham","key":"ref168"},{"key":"ref169","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2013.56"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/2333112.2333114"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.11"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660317"},{"article-title":"Using social information for authenticating a user session","year":"2014","author":"shepard","key":"ref32"},{"journal-title":"A Continued Commitment to Security","year":"2011","key":"ref31"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/CCNC.2009.4784910"},{"journal-title":"Facebook introducing trusted contacts","year":"2013","key":"ref37"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCSW.2014.30"},{"journal-title":"Google 2-step verification","year":"2015","key":"ref35"},{"journal-title":"Introducing Login Approvals","year":"2011","key":"ref34"},{"article-title":"Social authentication","year":"2014","author":"murarka","key":"ref28"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/1397735.1397748"},{"article-title":"Generating authentication challenges based on social network activity information","year":"2015","author":"staddon","key":"ref29"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/2639108.2642900"},{"article-title":"User authentication for social networks","year":"2012","author":"headley","key":"ref22"},{"article-title":"Personalizing Web applications according to social network user profiles","year":"2012","author":"klemm","key":"ref21"},{"key":"ref24","first-page":"18","article-title":"A user authentication based on personal history&#x2014;A user authentication system using e-mail history","volume":"5","author":"nishigaki","year":"2007","journal-title":"J Systemics Cybernetics and Informatics"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.5121\/ijnsa.2013.5501"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1007\/11496137_7"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(96)00014-4"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1016\/0306-4379(91)90005-T"},{"article-title":"Social authentication for accessing health records","year":"2013","author":"shah","key":"ref25"},{"article-title":"Authorization and authentication based on an individual&#x2019;s social network","year":"2012","author":"lunt","key":"ref50"},{"article-title":"Using social graph for account recovery","year":"2010","author":"rubinstein","key":"ref51"},{"key":"ref154","doi-asserted-by":"publisher","DOI":"10.1145\/2501654.2501661"},{"key":"ref153","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2011.042711.00083"},{"key":"ref156","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-69311-6_21"},{"key":"ref155","doi-asserted-by":"publisher","DOI":"10.1007\/BF02289527"},{"key":"ref150","first-page":"339","article-title":"Trust and privacy concern within social networking sites: A comparison of Facebook and myspace","author":"dwyer","year":"2007","journal-title":"Proc AMCIS"},{"key":"ref152","first-page":"911","article-title":"A survey of trust in workflows and relevant contexts","volume":"14","author":"viriyasitavat","year":"2012","journal-title":"IEEE Commun Surveys Tuts"},{"key":"ref151","doi-asserted-by":"publisher","DOI":"10.1145\/1592665.1592667"},{"key":"ref146","doi-asserted-by":"publisher","DOI":"10.1145\/1102199.1102214"},{"key":"ref147","doi-asserted-by":"publisher","DOI":"10.1145\/2462410.2462421"},{"key":"ref148","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2009.5350374"},{"key":"ref149","doi-asserted-by":"publisher","DOI":"10.1145\/1658939.1658959"},{"article-title":"Brain password: Exploring a psychophysiological approach for secure user authentication","year":"0","author":"jin","key":"ref59"},{"article-title":"Analyzing facial recognition data and social network data for user authentication","year":"2015","author":"madhu","key":"ref58"},{"article-title":"Online user authentication","year":"2013","author":"kasturi","key":"ref57"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.3758\/s13414-013-0468-3"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2014.6890968"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2015.7232972"},{"journal-title":"National Cybersecurity Awareness Month Updates","year":"2011","key":"ref53"},{"article-title":"Social authentication for account recovery","year":"2014","author":"schechter","key":"ref52"},{"key":"ref40","first-page":"70","article-title":"Captchas: Survey of existing techniques and a new approach","author":"vaishakh","year":"2011","journal-title":"Proc Nat Conf Recent Trends Comput Technol"},{"key":"ref167","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2321628"},{"key":"ref166","article-title":"A survey on recognition based graphical user authentication algorithms","volume":"6","author":"towhidi","year":"2009","journal-title":"Int J Comput Sci Inf Security"},{"key":"ref165","first-page":"195","article-title":"A survey on usability and security features in graphical user authentication algorithms","volume":"9","author":"lashkari","year":"2009","journal-title":"Int J Comput Sci Netw Security"},{"key":"ref164","first-page":"463","article-title":"Graphical passwords: A survey","author":"suo","year":"2005","journal-title":"Proc 21st Annu Comput Secur Appl Conf"},{"key":"ref163","doi-asserted-by":"publisher","DOI":"10.1016\/0167-4048(89)90006-0"},{"key":"ref162","doi-asserted-by":"publisher","DOI":"10.1016\/0167-4048(89)90051-5"},{"key":"ref161","first-page":"19","article-title":"A survey of biometric gait recognition: Approaches, security and challenges","author":"gafurov","year":"2007","journal-title":"Proc Norwegian Conf Comput Sci"},{"key":"ref160","doi-asserted-by":"publisher","DOI":"10.1147\/sj.403.0614"},{"article-title":"Social network based PKI authentication","year":"2012","author":"narayanan","key":"ref4"},{"article-title":"Trust-based authentication in a social networking system","year":"2015","author":"rubinstein","key":"ref3"},{"article-title":"Social authentication of users","year":"2014","author":"castro","key":"ref6"},{"article-title":"Method, apparatus and system for wireless network authentication through social networking","year":"2011","author":"donelson","key":"ref5"},{"key":"ref159","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2003.819611"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2014.2330311"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382235"},{"article-title":"System and method for authenticating users in a social network","year":"2008","author":"doyle","key":"ref7"},{"key":"ref157","doi-asserted-by":"publisher","DOI":"10.1109\/IB2COM.2010.5723618"},{"key":"ref158","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2386915"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2010.04.004"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/IAW.2007.381906"},{"journal-title":"Google plans to bring password-free logins to android apps by year-end","year":"2016","key":"ref45"},{"journal-title":"Computing with Social Trust","year":"2008","author":"golbeck","key":"ref48"},{"article-title":"Decentralized peer-based indirect authentication method for personal online social networking profiles","year":"2014","author":"ramsaur","key":"ref47"},{"article-title":"Social age verification engine","year":"2014","author":"underwood","key":"ref42"},{"article-title":"System and method for authentication in a social network service","year":"2008","author":"wahl","key":"ref41"},{"journal-title":"Facebook The Grapg API","year":"2017","key":"ref44"},{"article-title":"System and method for location-aware social networking authentication","year":"2012","author":"puflea","key":"ref43"},{"key":"ref127","doi-asserted-by":"publisher","DOI":"10.1145\/1943513.1943520"},{"key":"ref126","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1145\/2808769.2808779","article-title":"Detecting clusters of fake accounts in online social networks","author":"xiao","year":"2015","journal-title":"Proc ACM Workshop Artif Intell Security"},{"key":"ref125","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2011.50"},{"key":"ref124","doi-asserted-by":"publisher","DOI":"10.1177\/0270467607311484"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/1526709.1526784"},{"article-title":"Determining a trust level in a social network environment","year":"2013","author":"callahan","key":"ref72"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1111\/1467-9280.00144"},{"journal-title":"The Art of Deception Controlling the Human Element of Security","year":"2011","author":"mitnick","key":"ref129"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1007\/BF00309318"},{"key":"ref128","doi-asserted-by":"publisher","DOI":"10.1109\/ASONAM.2012.185"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2013.SUP.0513055"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2011.5935226"},{"key":"ref130","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866410"},{"key":"ref74","article-title":"User authentication from Web browsing behavior","author":"abramson","year":"2013","journal-title":"Proc FLAIRS Conf"},{"key":"ref75","article-title":"Active authentication on mobile devices via stylometry, application usage, Web browsing, and GPS location","author":"fridman","year":"0","journal-title":"IEEE Syst J"},{"article-title":"Method and apparatus for user authentication","year":"2015","author":"liu","key":"ref133"},{"article-title":"Method and system for customizing views of information associated with a social network user","year":"2007","author":"hull","key":"ref134"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1073\/pnas.0900282106"},{"key":"ref131","doi-asserted-by":"publisher","DOI":"10.1145\/1572532.1572543"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/PerComW.2014.6815263"},{"key":"ref132","doi-asserted-by":"publisher","DOI":"10.2202\/1944-2866.1013"},{"key":"ref136","doi-asserted-by":"publisher","DOI":"10.1145\/1518701.1518736"},{"article-title":"System and method for managing information flow between members of an online social network","year":"2011","author":"galbreath","key":"ref135"},{"article-title":"Systems and methods for identity authentication using a social network","year":"2013","author":"de villiers prichard","key":"ref138"},{"article-title":"Authentication based on social graph transaction history data","year":"2013","author":"shishkov","key":"ref137"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/AUTOID.2007.380623"},{"article-title":"Method and apparatus for sending authentication request message in a social network","year":"2013","author":"mo","key":"ref139"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2012.040912.00180"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2381246"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2415528"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2012.060912.00108"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2371813"},{"article-title":"Detect and qualify relationships between people and find the best path through the resulting social network","year":"2002","author":"dom","key":"ref140"},{"key":"ref66","first-page":"279","article-title":"Multi-person localization via RF body reflections","author":"adib","year":"2015","journal-title":"Proc USENIX Symp Netw Syst Design Implem (NSDI)"},{"key":"ref141","article-title":"Exposing impersonation attacks in online social networks","author":"goga","year":"2014","journal-title":"Proc ACM Conf Online Social Networks"},{"journal-title":"Continuous Authentication Using Biometrics Data Models and Metrics Data Models and Metrics","year":"2011","author":"traore","key":"ref67"},{"key":"ref142","first-page":"197","article-title":"Aiding the detection of fake accounts in large scale social online services","author":"cao","year":"0"},{"article-title":"Social security: Combating device theft with community-based video notarization","year":"2013","author":"libonati","key":"ref68"},{"key":"ref143","first-page":"1","article-title":"You are how you click: Clickstream analysis for Sybil detection","author":"wang","year":"2013","journal-title":"Proc Usenix Security"},{"key":"ref69","first-page":"714","article-title":"Searching in the dark: A framework for authenticating unknown users in online social networks","author":"li","year":"2012","journal-title":"Proc Global Commun Conf (GLOBECOM)"},{"key":"ref144","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23260"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2015.23002"},{"key":"ref145","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.44"},{"journal-title":"Facebook Reports Second Quarter 2015 Results","year":"2015","author":"park","key":"ref1"},{"journal-title":"Faces of Facebook Privacy in the Age of Augmented Reality","year":"2011","author":"acquisti","key":"ref109"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1145\/1408664.1408667"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1109\/AFGR.2008.4813471"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2012.032612.00004"},{"key":"ref107","first-page":"98","article-title":"Pictures or questions?: Examining user responses to association-based authentication","author":"renaud","year":"2010","journal-title":"Proc 24th BCS Interact Spec Group Conf"},{"key":"ref93","doi-asserted-by":"crossref","first-page":"556","DOI":"10.1109\/SURV.2013.042313.00103","article-title":"A survey of social-aware routing protocols in delay tolerant networks: Applications, taxonomy and design-related issues","volume":"16","author":"wei","year":"2014","journal-title":"IEEE Commun Surveys Tuts"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1145\/1578002.1578005"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2016.2558191"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.49"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2013.2256431"},{"key":"ref104","first-page":"1","article-title":"Popularity is everything: A new approach to protecting passwords from statistical-guessing attacks","author":"schechter","year":"2010","journal-title":"5th USENIX Conference on Hot Topics in Security"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2369742"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14577-3_10"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1109\/SECUREWARE.2007.4385315"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1109\/PerComW.2012.6197508"},{"key":"ref112","first-page":"476","article-title":"Social authentication: Vulnerabilities, mitigations, and redesign","author":"lancini","year":"2014","journal-title":"Proc DeepSec Conf"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1109\/ICCVW.2011.6130218"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.80"},{"journal-title":"Guidelines for identification and authentication","year":"2006","key":"ref99"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1145\/2736277.2741691"},{"key":"ref97","first-page":"143","article-title":"Designing authentication systems with challenge questions","author":"just","year":"2005","journal-title":"Security and Usability Designing Secure Systems that People Can Use"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.04.006"},{"key":"ref11","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1007\/978-3-642-22424-9_4","article-title":"Reverse social engineering attacks in online social networks","author":"irani","year":"2011","journal-title":"Detection of Intrusions and Malware and Vulnerability Assessment"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1518701.1519003"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-19032-2_3"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/CSE.2009.390"},{"key":"ref15","article-title":"New directions in social authentication","author":"jain","year":"2015","journal-title":"Proceedings of USE"},{"article-title":"Method and apparatus for network authentication of human interaction and user identity","year":"2013","author":"pratte","key":"ref118"},{"article-title":"System and method for creating a secure trusted social network","year":"2014","author":"tam","key":"ref82"},{"key":"ref16","first-page":"1","article-title":"Social authentication: Harder than it looks","author":"kim","year":"2012","journal-title":"Financial Cryptography and Data Security"},{"key":"ref117","doi-asserted-by":"publisher","DOI":"10.1145\/1281192.1281195"},{"article-title":"System and method for personal device sharing using social networks","year":"2011","author":"nath","key":"ref81"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2421008"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2012.07.010"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180427"},{"key":"ref119","doi-asserted-by":"publisher","DOI":"10.1145\/2335356.2335369"},{"journal-title":"The Wisdom of Crowds","year":"2005","author":"surowiecki","key":"ref83"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.1"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1145\/1651437.1651445"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.1109\/ASONAM.2009.61"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.1145\/1835804.1835853"},{"article-title":"Mobile device authentication and access to a social network","year":"2011","author":"liu","key":"ref80"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.04.003"},{"key":"ref120","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-60566-326-5.ch003"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2013.6733573"},{"key":"ref121","doi-asserted-by":"publisher","DOI":"10.1145\/1357054.1357086"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.1007\/s12394-009-0019-1"},{"key":"ref123","doi-asserted-by":"publisher","DOI":"10.1145\/1592568.1592585"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1109\/PERCOMW.2010.5470524"},{"journal-title":"WebIDL Specification","year":"2013","key":"ref86"},{"journal-title":"FOAF Vocabulary Specification 0 99","year":"2014","key":"ref87"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2491361"}],"container-title":["IEEE Communications Surveys &amp; Tutorials"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9739\/7936707\/07814222.pdf?arnumber=7814222","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T16:14:36Z","timestamp":1642004076000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7814222\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"references-count":178,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/comst.2017.2651741","relation":{},"ISSN":["1553-877X"],"issn-type":[{"type":"electronic","value":"1553-877X"}],"subject":[],"published":{"date-parts":[[2017]]}}}