{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T03:26:37Z","timestamp":1769743597866,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":55,"publisher":"ACM","license":[{"start":{"date-parts":[[2008,9,22]],"date-time":"2008-09-22T00:00:00Z","timestamp":1222041600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2008,9,22]]},"DOI":"10.1145\/1595676.1595680","type":"proceedings-article","created":{"date-parts":[[2009,8,24]],"date-time":"2009-08-24T14:08:35Z","timestamp":1251122915000},"page":"13-21","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Localization of credential information to address increasingly inevitable data breaches"],"prefix":"10.1145","author":[{"given":"Mohammad","family":"Mannan","sequence":"first","affiliation":[{"name":"Carleton University, Ottawa, Ontario, Canada"}]},{"given":"P. C.","family":"van Oorschot","sequence":"additional","affiliation":[{"name":"Carleton University, Ottawa, Ontario, Canada"}]}],"member":"320","published-online":{"date-parts":[[2008,9,22]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"International Conference of Information Systems (ICIS'06)","author":"Acquisti A.","year":"2006"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/844102.844110"},{"key":"e_1_3_2_1_3_1","unstructured":"BBC News. 'I was falsely branded a paedophile'. News article (Apr. 3 2008). http:\/\/news.bbc.co.uk\/1\/hi\/magazine\/7326736.stm.  BBC News. 'I was falsely branded a paedophile'. News article (Apr. 3 2008). http:\/\/news.bbc.co.uk\/1\/hi\/magazine\/7326736.stm."},{"key":"e_1_3_2_1_4_1","unstructured":"BBC News. Monster attack steals user data. News article (Aug. 21 2007). http:\/\/news.bbc.co.uk\/2\/hi\/technology\/6956349.stm.  BBC News. Monster attack steals user data. News article (Aug. 21 2007). http:\/\/news.bbc.co.uk\/2\/hi\/technology\/6956349.stm."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1600176.1600188"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/646140.680945"},{"key":"e_1_3_2_1_7_1","unstructured":"K. Cameron. The laws of identity. Blog article (May 12 2005). http:\/\/www.identityblog.com\/stories\/2005\/05\/13\/TheLawsOfIdentity.pdf.  K. Cameron. The laws of identity. Blog article (May 12 2005). http:\/\/www.identityblog.com\/stories\/2005\/05\/13\/TheLawsOfIdentity.pdf."},{"key":"e_1_3_2_1_8_1","unstructured":"ChannelRegister.co.uk. IT pro admits stealing 8.4M consumer records. News article (Dec. 4 2007). http:\/\/www.channelregister.co.uk\/2007\/12\/04\/admin_steals_consumer_records\/.  ChannelRegister.co.uk. IT pro admits stealing 8.4M consumer records. News article (Dec. 4 2007). http:\/\/www.channelregister.co.uk\/2007\/12\/04\/admin_steals_consumer_records\/."},{"key":"e_1_3_2_1_9_1","unstructured":"CNN.com. FBI seeks stolen personal data on 26 million vets. News article (May 23 2006). http:\/\/www.cnn.com\/2006\/US\/05\/22\/vets.data\/index.html.  CNN.com. FBI seeks stolen personal data on 26 million vets. News article (May 23 2006). http:\/\/www.cnn.com\/2006\/US\/05\/22\/vets.data\/index.html."},{"key":"e_1_3_2_1_10_1","unstructured":"ComputerWorld.com. TJX violated nine of 12 PCI controls at time of breach court filings say. News article (Oct. 26 2007).  ComputerWorld.com. TJX violated nine of 12 PCI controls at time of breach court filings say. News article (Oct. 26 2007)."},{"key":"e_1_3_2_1_11_1","volume-title":"House of Representatives (June 21","author":"Electronic Privacy Information Center (EPIC).","year":"2007"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1083-6101.2007.00371.x"},{"key":"e_1_3_2_1_13_1","unstructured":"Federal Trade Commission. Identity theft survey report Sept. 2003. http:\/\/www.ftc.gov\/os\/2003\/09\/synovatereport.pdf.  Federal Trade Commission. Identity theft survey report Sept. 2003. http:\/\/www.ftc.gov\/os\/2003\/09\/synovatereport.pdf."},{"key":"e_1_3_2_1_14_1","unstructured":"Federal Trade Commission. Security in numbers: SSNs and ID theft workshop Dec. 2007. http:\/\/ftc.gov\/bcp\/workshops\/ssn\/index.shtml.  Federal Trade Commission. Security in numbers: SSNs and ID theft workshop Dec. 2007. http:\/\/ftc.gov\/bcp\/workshops\/ssn\/index.shtml."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/986655.986670"},{"key":"e_1_3_2_1_16_1","unstructured":"Government Accountability Office (GAO). Personal information: Data breaches are frequent but evidence of resulting identity theft is limited; however the full extent is unknown June 2007. Report to Congressional Requesters GAO-07-737 http:\/\/www.gao.gov\/new.items\/d07935t.pdf.  Government Accountability Office (GAO). Personal information: Data breaches are frequent but evidence of resulting identity theft is limited; however the full extent is unknown June 2007. Report to Congressional Requesters GAO-07-737 http:\/\/www.gao.gov\/new.items\/d07935t.pdf."},{"key":"e_1_3_2_1_17_1","unstructured":"Government Accountability Office (GAO). Social Security Numbers: Use is widespread and protection could be improved June 2007. Testimony Before the Subcommittee on Social Security Committee on Ways and Means House of Representatives GAO-07-1023T http:\/\/www.gao.gov\/new.items\/d071023t.pdf.  Government Accountability Office (GAO). Social Security Numbers: Use is widespread and protection could be improved June 2007. Testimony Before the Subcommittee on Social Security Committee on Ways and Means House of Representatives GAO-07-1023T http:\/\/www.gao.gov\/new.items\/d071023t.pdf."},{"key":"e_1_3_2_1_18_1","volume-title":"House of Representatives (Oct. 13, 2006","author":"Government Reform Committee","year":"2006"},{"key":"e_1_3_2_1_19_1","unstructured":"Guardian.co.uk. Lost in the post - 25 million at risk after data discs go missing. News article (Nov. 21 2007). http:\/\/www.guardian.co.uk\/politics\/2007\/nov\/21\/immigrationpolicy.economy3.  Guardian.co.uk. Lost in the post - 25 million at risk after data discs go missing. News article (Nov. 21 2007). http:\/\/www.guardian.co.uk\/politics\/2007\/nov\/21\/immigrationpolicy.economy3."},{"key":"e_1_3_2_1_20_1","volume-title":"USENIX Security Symp.","author":"Halderman J.A.","year":"2008"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1179559.1179561"},{"key":"e_1_3_2_1_22_1","unstructured":"Help Net Security (HNS). Server with top-secret data stolen from Forensic Telecommunications Services. News article (Aug. 13 2007). http:\/\/www.net-security.org\/secworld.php?id=5418.  Help Net Security (HNS). Server with top-secret data stolen from Forensic Telecommunications Services. News article (Aug. 13 2007). http:\/\/www.net-security.org\/secworld.php?id=5418."},{"key":"e_1_3_2_1_23_1","volume-title":"Security in Numbers: SSNs and ID Theft Workshop","author":"Hoofnagle C.J.","year":"2007"},{"key":"e_1_3_2_1_24_1","volume-title":"ITRC 2008 breach list. Security breaches from 2005 to 2008 (Apr. 8, 2008","author":"Identity Theft Resource Center (ITRC).","year":"2008"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1600176.1600191"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/987683.987902"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.elerap.2005.06.002"},{"key":"e_1_3_2_1_28_1","volume-title":"Trinidad and Tobago","author":"Molloy I.","year":"2007"},{"key":"e_1_3_2_1_29_1","unstructured":"MSNBC. Breach exposes 4.2 million credit debit cards. News article (Mar. 17 2008). http:\/\/www.msnbc.msn.com\/id\/23678909\/.  MSNBC. Breach exposes 4.2 million credit debit cards. News article (Mar. 17 2008). http:\/\/www.msnbc.msn.com\/id\/23678909\/."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88313-5_9"},{"key":"e_1_3_2_1_31_1","unstructured":"News.com. TJX says 45.7 million customer records were compromised. News article (Mar. 29 2007).  News.com. TJX says 45.7 million customer records were compromised. News article (Mar. 29 2007)."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1231047.1231084"},{"key":"e_1_3_2_1_33_1","unstructured":"Ponemon Institute. 2007 annual study: U.S. cost of a data breach Nov. 2007. Research report sponsored by PGP and Symantec http:\/\/www.pgp.com\/downloads\/research_reports\/.  Ponemon Institute. 2007 annual study: U.S. cost of a data breach Nov. 2007. Research report sponsored by PGP and Symantec http:\/\/www.pgp.com\/downloads\/research_reports\/."},{"key":"e_1_3_2_1_34_1","unstructured":"Privacy Rights Clearing House. A chronology of data breaches. http:\/\/www.privacyrights.org\/ar\/ChronDataBreaches.htm.  Privacy Rights Clearing House. A chronology of data breaches. http:\/\/www.privacyrights.org\/ar\/ChronDataBreaches.htm."},{"key":"e_1_3_2_1_35_1","volume-title":"Workshop on the Economics of Information Security (WEIS'08)","author":"Romanosky S.","year":"2008"},{"key":"e_1_3_2_1_36_1","volume-title":"USENIX Security Symposium","author":"Ross B.","year":"2005"},{"issue":"1","key":"e_1_3_2_1_37_1","article-title":"Independent one-time passwords","volume":"9","author":"Rubin A.","year":"1996","journal-title":"USENIX Journal of Computing Systems"},{"key":"e_1_3_2_1_38_1","volume-title":"British West Indies","author":"Rubin A.","year":"2001"},{"key":"e_1_3_2_1_39_1","unstructured":"Samuelson Law Technology&Public Policy Clinic University of California-Berkeley School of Law. Security breach notification laws: Views from chief security officers Dec. 2007. http:\/\/groups.ischool.berkeley.edu\/samuelsonclinic\/files\/cso_study.pdf.  Samuelson Law Technology&Public Policy Clinic University of California-Berkeley School of Law. Security breach notification laws: Views from chief security officers Dec. 2007. http:\/\/groups.ischool.berkeley.edu\/samuelsonclinic\/files\/cso_study.pdf."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1403027.1403036"},{"key":"e_1_3_2_1_41_1","unstructured":"SecurityFocus.com. Employee steals 2.3m records from data firm. News article (July 5 2007). http:\/\/www.securityfocus.com\/brief\/541.  SecurityFocus.com. Employee steals 2.3m records from data firm. News article (July 5 2007). http:\/\/www.securityfocus.com\/brief\/541."},{"key":"e_1_3_2_1_42_1","volume-title":"British West Indies","author":"Shamir A.","year":"2001"},{"key":"e_1_3_2_1_43_1","first-page":"54","article-title":"Identity theft, privacy, and the architecture of vulnerability","author":"Solove D.J.","year":"2003","journal-title":"Hastings Law Journal"},{"key":"e_1_3_2_1_44_1","unstructured":"L. Spitzner. Honeytokens: The other honeypot. SecurityFocus Infocus technical article (July 17 2003). http:\/\/www.securityfocus.com\/infocus\/1713.  L. Spitzner. Honeytokens: The other honeypot. SecurityFocus Infocus technical article (July 17 2003). http:\/\/www.securityfocus.com\/infocus\/1713."},{"key":"e_1_3_2_1_45_1","unstructured":"Symantec.com. Symantec global Internet security threat report: Trends for July - December 07. Published in Apr. 2008 (Volume XIII).  Symantec.com. Symantec global Internet security threat report: Trends for July - December 07. Published in Apr. 2008 (Volume XIII)."},{"key":"e_1_3_2_1_46_1","unstructured":"The Arizona Republic. Man's ID theft nightmare takes 2 years to iron out. News article (Feb. 13 2008). http:\/\/www.azcentral.com\/community\/mesa\/articles\/0213mr-idtheft0214.html.  The Arizona Republic. Man's ID theft nightmare takes 2 years to iron out. News article (Feb. 13 2008). http:\/\/www.azcentral.com\/community\/mesa\/articles\/0213mr-idtheft0214.html."},{"key":"e_1_3_2_1_47_1","unstructured":"TheSun.co.uk. Your life for sale. News article (June 23 2005). http:\/\/www.thesun.co.uk\/sol\/homepage\/news\/article108989.ece.  TheSun.co.uk. Your life for sale. News article (June 23 2005). http:\/\/www.thesun.co.uk\/sol\/homepage\/news\/article108989.ece."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/1086762.1086772"},{"key":"e_1_3_2_1_49_1","unstructured":"Trusted Computing Group. TCG physical presence interface specification Apr. 2007. Version 1.00 final revision 1.00 for TPM family 1.2; level 2.  Trusted Computing Group. TCG physical presence interface specification Apr. 2007. Version 1.00 final revision 1.00 for TPM family 1.2; level 2."},{"key":"e_1_3_2_1_50_1","unstructured":"US Monitor. Mail monitoring and list protection service. http:\/\/www.usmonitor.com.  US Monitor. Mail monitoring and list protection service. http:\/\/www.usmonitor.com."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/11507840_3"},{"key":"e_1_3_2_1_52_1","unstructured":"Verizon Business Risk Team. 2008 data breach investigations report. Analysis of 500 security breach and data compromise engagements between 2004 - 2007. http:\/\/www.verizonbusiness.com\/resources\/security\/databreachreport.pdf.  Verizon Business Risk Team. 2008 data breach investigations report. Analysis of 500 security breach and data compromise engagements between 2004 - 2007. http:\/\/www.verizonbusiness.com\/resources\/security\/databreachreport.pdf."},{"key":"e_1_3_2_1_53_1","unstructured":"Wired.com. LifeLock founder resigns amid controversy. Wired blog article (June 11 2007). http:\/\/blog.wired.com\/27bstroke6\/2007\/06\/lifelock_founde_1.html.  Wired.com. LifeLock founder resigns amid controversy. Wired blog article (June 11 2007). http:\/\/blog.wired.com\/27bstroke6\/2007\/06\/lifelock_founde_1.html."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/1325555.1325567"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.24"}],"event":{"name":"NSPW '08: 2008 New Security Paradigms Workshop","location":"Lake Tahoe California USA","acronym":"NSPW '08","sponsor":["ACM Association for Computing Machinery"]},"container-title":["Proceedings of the 2008 New Security Paradigms Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1595676.1595680","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1595676.1595680","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:18:03Z","timestamp":1750249083000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1595676.1595680"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,9,22]]},"references-count":55,"alternative-id":["10.1145\/1595676.1595680","10.1145\/1595676"],"URL":"https:\/\/doi.org\/10.1145\/1595676.1595680","relation":{},"subject":[],"published":{"date-parts":[[2008,9,22]]},"assertion":[{"value":"2008-09-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}