{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,25]],"date-time":"2026-06-25T15:56:22Z","timestamp":1782402982893,"version":"3.54.5"},"reference-count":48,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2012,4,1]],"date-time":"2012-04-01T00:00:00Z","timestamp":1333238400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2012,4]]},"DOI":"10.1109\/tifs.2011.2169958","type":"journal-article","created":{"date-parts":[[2011,10,5]],"date-time":"2011-10-05T00:52:04Z","timestamp":1317775924000},"page":"651-663","source":"Crossref","is-referenced-by-count":92,"title":["oPass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks"],"prefix":"10.1109","volume":"7","author":[{"given":"Hung-Min","family":"Sun","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yao-Hsin","family":"Chen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yue-Hsun","family":"Lin","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866327"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.2001.930138"},{"key":"ref33","year":"0","journal-title":"TS 35 202 Specification 3GPP Confidentiality Integrity Algorithms Document 2 KASUMI Specification"},{"key":"ref32","year":"0","journal-title":"TS 35 201 Specification 3GPP Confidentiality Integrity Algorithms Document 1 f8 and f9 Specification"},{"key":"ref31","author":"report","year":"0","journal-title":"ITU Internet Rep 2006 Digital Life"},{"key":"ref30","year":"0","journal-title":"TS 23 040 Technical Realization Short Message Service (SMS)"},{"key":"ref37","author":"blanchet","year":"0","journal-title":"ProVerif Cryptographic Protocol Verifier Formal Model"},{"key":"ref36","doi-asserted-by":"crossref","first-page":"310","DOI":"10.1007\/3-540-44647-8_19","article-title":"The order of encryption and authentication for protecting communications (or: How secure is SSL?)","author":"krawczyk","year":"2001","journal-title":"Advances in Crypto 2001"},{"key":"ref35","doi-asserted-by":"crossref","first-page":"531","DOI":"10.1007\/3-540-44448-3_41","article-title":"Authenticated encryption: Relations among notions and analysis of the generic composition paradigm","author":"bellare","year":"2000","journal-title":"Advances CryptologyASIACRYPT 2000"},{"key":"ref34","first-page":"2","article-title":"Stronger password authentication using browser extensions","author":"ross","year":"2005","journal-title":"SSYM'05 Proc 14th Conf USENIX Security Symp"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/586131.586133"},{"key":"ref40","author":"delenikas","year":"0","journal-title":"SMSLib APIJava Library for Sending\/Receiving SMS"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/1060745.1060815"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143126"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/1280680.1280682"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1518701.1518837"},{"key":"ref15","first-page":"10","article-title":"Graphical dictionaries and the memorable space of graphical passwords","author":"thorpe","year":"2004","journal-title":"SSYM'04 Proc 13th Conf USENIX Security Symp"},{"key":"ref16","first-page":"1","article-title":"Human-seeded attacks and exploiting hot-spots in graphical passwords","author":"thorpe","year":"2007","journal-title":"SS'07 Proc 16th USENIX Security Symp USENIX Security"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2010.2053706"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124861"},{"key":"ref19","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1145\/1315245.1315254","article-title":"Dynamic pharming attacks and locked same-origin policies for web browsers","author":"karlof","year":"2007","journal-title":"CCS '07 Proc 14th ACM Conf Computer Communications Security"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/358790.358797"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653722"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2003.819611"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242661"},{"key":"ref6","first-page":"131","article-title":"Hash visualization: A new technique to improve real-world security","author":"perrig","year":"1999","journal-title":"Proc Int Workshop Cryptographic Techniques E-Commerce"},{"key":"ref29","first-page":"175","article-title":"Security analysis of SHA-256 and sisters","author":"gilbert","year":"2003","journal-title":"Selected Areas Cryptography"},{"key":"ref5","first-page":"1","article-title":"The design and analysis of graphical passwords","author":"jermyn","year":"1999","journal-title":"SSYM'99 Proc 8th Conf USENIX Security Symp"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2005.04.010"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.44"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143127"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/1133265.1133303"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/975817.975820"},{"key":"ref46","first-page":"321","article-title":"Perspectives: Improving ssh-style host authentication with multi-path probing","author":"wendlandt","year":"2008","journal-title":"Proc USENIX 2008 Annu Tech Conf"},{"key":"ref20","first-page":"1","article-title":"Learning more about the underground economy: A case-study of keyloggers and dropzones","author":"holz","year":"2010","journal-title":"Proc Computer Security ESORICS 2009"},{"key":"ref45","doi-asserted-by":"crossref","first-page":"125","DOI":"10.1145\/1620545.1620566","article-title":"SessionMagnifier: A simple approach to secure and convenient kiosk browsing","author":"yue","year":"2009","journal-title":"Proc 11th Int Conf Ubiquitous Computing"},{"key":"ref48","article-title":"Graphical passwords: Learning from the first twelve years","author":"biddle","year":"2010","journal-title":"ACM Computing Surveys Carleton Univ"},{"key":"ref22","year":"0","journal-title":"Phishing Activity Trends Rep 2nd Quarter\/2010"},{"key":"ref47","article-title":"Emperor's new security indicators: An evaluation of website authentication and the effect of role playing on usability studies","author":"schechter","year":"2007","journal-title":"Proc 2007 IEEE Symp Security Privacy"},{"key":"ref21","article-title":"The ghost in the browser: Analysis of web-based malware","author":"provos","year":"2007","journal-title":"Proc 1st Conf Workshop Hot Topics in Understanding Botnets"},{"key":"ref42","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/11693383_1","author":"barkan","year":"2006","journal-title":"Selected Areas in Cryptography"},{"key":"ref24","doi-asserted-by":"crossref","first-page":"116","DOI":"10.1145\/1315245.1315261","article-title":"Panorama: Capturing system-wide information flow for malware detection and analysis","author":"yin","year":"2007","journal-title":"CCS '07 Proc e 14th ACM Conf Computer Communications Security"},{"key":"ref41","article-title":"Secure web authentication with mobile phones","author":"wu","year":"2004","journal-title":"DIMACS Workshop Usable Privacy Security Software"},{"key":"ref23","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/11889663_1","article-title":"Phoolproof phishing prevention","author":"parno","year":"2006","journal-title":"Financial Cryptography and Data Security"},{"key":"ref44","first-page":"185","article-title":"Bump in the ether: A framework for securing sensitive user input","author":"mccune","year":"2006","journal-title":"USENIX Annu Tech Conf"},{"key":"ref26","year":"0","journal-title":"RSA SecureID"},{"key":"ref43","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1007\/978-3-540-77366-5_11","article-title":"Using a personal device to strengthen password authentication from an untrusted computer","author":"mannan","year":"2007","journal-title":"Financial Cryptography and Data Security"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1378600.1378623"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/10206\/6166811\/06030929.pdf?arnumber=6030929","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,10]],"date-time":"2021-10-10T23:47:16Z","timestamp":1633909636000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6030929\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,4]]},"references-count":48,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tifs.2011.2169958","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,4]]}}}