{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,29]],"date-time":"2025-11-29T16:26:12Z","timestamp":1764433572591,"version":"3.37.3"},"reference-count":46,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"22","license":[{"start":{"date-parts":[[2024,11,15]],"date-time":"2024-11-15T00:00:00Z","timestamp":1731628800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,11,15]],"date-time":"2024-11-15T00:00:00Z","timestamp":1731628800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,11,15]],"date-time":"2024-11-15T00:00:00Z","timestamp":1731628800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key Research and Development Program of China","award":["2023YFB3106400","2023QY1202"],"award-info":[{"award-number":["2023YFB3106400","2023QY1202"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U2336203","U1836210"],"award-info":[{"award-number":["U2336203","U1836210"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Key Research and Development Science and Technology of Hainan Province","award":["GHYF2022010"],"award-info":[{"award-number":["GHYF2022010"]}]},{"name":"Beijing Natural Science Foundation","award":["4242031"],"award-info":[{"award-number":["4242031"]}]},{"name":"Yunnan Foundational Research Plan Project","award":["202301BA070001-039"],"award-info":[{"award-number":["202301BA070001-039"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Internet Things J."],"published-print":{"date-parts":[[2024,11,15]]},"DOI":"10.1109\/jiot.2024.3429417","type":"journal-article","created":{"date-parts":[[2024,8,1]],"date-time":"2024-08-01T18:20:56Z","timestamp":1722536456000},"page":"36841-36857","source":"Crossref","is-referenced-by-count":3,"title":["Uncovering Access Token Security Flaws in Multiuser Scenario of Smart Home Platforms"],"prefix":"10.1109","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7452-3934","authenticated-orcid":false,"given":"Yiyu","family":"Yang","sequence":"first","affiliation":[{"name":"National Computer Network Intrusion Protection Center, School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jice","family":"Wang","sequence":"additional","affiliation":[{"name":"National Computer Network Intrusion Protection Center, School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5091-8464","authenticated-orcid":false,"given":"Peng","family":"Liu","sequence":"additional","affiliation":[{"name":"College of Information Sciences and Technology, Pennsylvania State University, State College, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1632-5737","authenticated-orcid":false,"given":"Anmin","family":"Fu","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8306-7195","authenticated-orcid":false,"given":"Yuqing","family":"Zhang","sequence":"additional","affiliation":[{"name":"National Computer Network Intrusion Protection Center, School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300498"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2020-0035"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3463676.3485600"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382238"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897874"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660323"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991105"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00036"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.44"},{"key":"ref10","first-page":"1687","article-title":"Sensitive information tracking in commodity IoT","volume-title":"Proc. 27th USENIX Secur. Symp. (USENIX Secur.)","author":"Celik"},{"key":"ref11","first-page":"1102","article-title":"If this then what? controlling flows in IoT Apps","volume-title":"Proc. ACM SIGSAC Conf. Comput. Commun. Secur.","author":"Bastys"},{"key":"ref12","first-page":"1133","article-title":"Discovering and understanding the security hazards in the interactions between IoT devices, mobile apps, and clouds on smart home platforms","volume-title":"Proc. 28th USENIX Secur. Symp. (USENIX Secur.)","author":"Zhou"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00051"},{"key":"ref14","first-page":"2","article-title":"ContexloT: Towards providing contextual integrity to appified IoT platforms","volume-title":"Proc. NDSS","author":"Jia"},{"key":"ref15","first-page":"361","article-title":"SmartAuth: User-centered authorization for the Internet of Things","volume-title":"Proc. 26th USENIX Secur. Symp. (USENIX Secur.)","author":"Tian"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2914911"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3042049"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23119"},{"key":"ref19","first-page":"1183","article-title":"Shattered chain of trust: Understanding security risks in cross-cloud IoT access delegation","volume-title":"Proc. 29th USENIX Secur. Symp. (USENIX Secur.)","author":"Yuan"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ICC45855.2022.9838581"},{"key":"ref21","doi-asserted-by":"crossref","DOI":"10.17487\/rfc6749","volume-title":"The OAuth 2.0 authorization framework","author":"Hardt","year":"2012"},{"key":"ref22","doi-asserted-by":"crossref","DOI":"10.17487\/rfc6819","volume-title":"OAuth 2.0 threat model and security considerations","author":"Lodderstedt","year":"2013"},{"volume-title":"The OAuth 2.0 authorization framework: Bearer token usage","year":"2012","author":"Jones","key":"ref23"},{"key":"ref24","doi-asserted-by":"crossref","DOI":"10.17487\/rfc7009","volume-title":"OAuth 2.0 token revocation","author":"Lodderstedt","year":"2013"},{"key":"ref25","doi-asserted-by":"crossref","DOI":"10.17487\/RFC8693","volume-title":"OAuth 2.0 token exchange","author":"Jones","year":"2020"},{"key":"ref26","doi-asserted-by":"crossref","DOI":"10.17487\/RFC7519","volume-title":"JSON Web token (JWT)","author":"Jones","year":"2015"},{"key":"ref27","doi-asserted-by":"crossref","DOI":"10.17487\/RFC8725","volume-title":"JSON Web token best current practices","author":"Sheffer","year":"2020"},{"key":"ref28","doi-asserted-by":"crossref","DOI":"10.17487\/RFC9068","volume-title":"JSON Web token (JWT) profile for OAuth 2.0 access tokens","author":"Bertocci","year":"2021"},{"volume-title":"Soot\u2014A framework for analyzing and transforming java and android applications.","year":"2021","key":"ref29"},{"volume-title":"Levenshtein distance\u2014Wikipedia","year":"2021","key":"ref30"},{"volume-title":"China smart device; IoT markets overview 2022","year":"2023","key":"ref31"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3395351.3399358"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359828"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00148"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00009"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/DSN53405.2022.00055"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818024"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2019.00034"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3162312"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3323713"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2960690"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2427841"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2647225"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2924624"},{"key":"ref45","first-page":"159","article-title":"Understanding and improving security and privacy in multi-user smart homes: A design exploration and in-home user study","volume-title":"Proc. 28th USENIX Secur. Symp. (USENIX Secur.)","author":"Zeng"},{"key":"ref46","first-page":"141","article-title":"Secure multi-user content sharing for augmented reality applications","volume-title":"Proc. 28th USENIX Secur. Symp. (USENIX Secur.)","author":"Ruth"}],"container-title":["IEEE Internet of Things Journal"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6488907\/10747044\/10620436.pdf?arnumber=10620436","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,27]],"date-time":"2024-11-27T00:11:56Z","timestamp":1732666316000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10620436\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,15]]},"references-count":46,"journal-issue":{"issue":"22"},"URL":"https:\/\/doi.org\/10.1109\/jiot.2024.3429417","relation":{},"ISSN":["2327-4662","2372-2541"],"issn-type":[{"type":"electronic","value":"2327-4662"},{"type":"electronic","value":"2372-2541"}],"subject":[],"published":{"date-parts":[[2024,11,15]]}}}