{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T08:25:54Z","timestamp":1777623954303,"version":"3.51.4"},"publisher-location":"New York, New York, USA","reference-count":40,"publisher":"ACM Press","license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"NSERC Discovery Grant"},{"name":"Tekes","award":["3881\/31\/2016"],"award-info":[{"award-number":["3881\/31\/2016"]}]},{"name":"Intel Collaborative Research Institute for Secure Computing"},{"name":"NordSecMob Scholarship"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1145\/3178876.3186101","type":"proceedings-article","created":{"date-parts":[[2018,4,13]],"date-time":"2018-04-13T15:53:48Z","timestamp":1523634828000},"page":"349-358","source":"Crossref","is-referenced-by-count":20,"title":["SafeKeeper"],"prefix":"10.1145","author":[{"given":"Klaudia","family":"Krawiecka","sequence":"first","affiliation":[{"name":"Aalto University, Espoo, Finland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Arseny","family":"Kurnikov","sequence":"additional","affiliation":[{"name":"Aalto University, Espoo, Finland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrew","family":"Paverd","sequence":"additional","affiliation":[{"name":"Aalto University, Espoo, Finland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohammad","family":"Mannan","sequence":"additional","affiliation":[{"name":"Concordia University, Montreal, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"N.","family":"Asokan","sequence":"additional","affiliation":[{"name":"Aalto University, Espoo, Finland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","reference":[{"key":"key-10.1145\/3178876.3186101-1","unstructured":"Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata . 2013. Innovative Technology for CPU Based Attestation and Sealing International Workshop on Hardware and Architectural Support for Security and Privacy. https:\/\/doi.org\/10.1.1.405.8266"},{"key":"key-10.1145\/3178876.3186101-2","unstructured":"APWG.org . 2016. Phishing Activity Trends Report (4th Quarter). (2016). http:\/\/docs.apwg.org\/reports\/apwg_trends_report_q4_2016.pdf"},{"key":"key-10.1145\/3178876.3186101-3","unstructured":"Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia K\"asper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt . 2016. DROWN: Breaking TLS Using SSLv2. In USENIX Security Symposium. https:\/\/drownattack.com\/drown-attack-paper.pdf"},{"key":"key-10.1145\/3178876.3186101-4","unstructured":"Joseph Birr-Pixton . 2016. Using SGX to harden password hashing. (2016). https:\/\/jbp.io\/2016\/01\/17\/using-sgx-to-hash-passwords"},{"key":"key-10.1145\/3178876.3186101-5","doi-asserted-by":"crossref","unstructured":"A. Biryukov, D. Dinu, and D. Khovratovich . 2016. Argon2: New Generation of Memory-Hard Functions for Password Hashing and Other Applications IEEE European Symposium on Security and Privacy. https:\/\/doi.org\/10.1109\/EuroSP.2016.31","DOI":"10.1109\/EuroSP.2016.31"},{"key":"key-10.1145\/3178876.3186101-6","doi-asserted-by":"crossref","unstructured":"J. Blocki and A. Datta . 2016. CASH: A Cost Asymmetric Secure Hash Algorithm for Optimal Password Protection IEEE Computer Security Foundations Symposium. https:\/\/doi.org\/10.1109\/CSF.2016.33","DOI":"10.1109\/CSF.2016.33"},{"key":"key-10.1145\/3178876.3186101-7","doi-asserted-by":"crossref","unstructured":"Joseph Bonneau . 2012. The Science of Guessing: Analyzing an Anonymized Corpus of 70 million Passwords IEEE Symposium on Security and Privacy. https:\/\/doi.org\/10.1109\/SP.2012.49","DOI":"10.1109\/SP.2012.49"},{"key":"key-10.1145\/3178876.3186101-8","doi-asserted-by":"crossref","unstructured":"Joseph Bonneau, Cormac Herley, Paul C Van Oorschot, and Frank Stajano . 2012. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In IEEE Symposium on Security and Privacy. https:\/\/doi.org\/10.1109\/SP.2012.44","DOI":"10.1109\/SP.2012.44"},{"key":"key-10.1145\/3178876.3186101-9","doi-asserted-by":"crossref","unstructured":"Helena Brekalo, Raoul Strackx, and Frank Piessens . 2016. Mitigating Password Database Breaches with Intel SGX Workshop on System Software for Trusted Execution. https:\/\/doi.org\/10.1145\/3007788.3007789","DOI":"10.1145\/3007788.3007789"},{"key":"key-10.1145\/3178876.3186101-10","unstructured":"HTTrack Website Copier . 2017. (2017). https:\/\/www.httrack.com\/"},{"key":"key-10.1145\/3178876.3186101-11","doi-asserted-by":"crossref","unstructured":"Qian Cui, Guy-Vincent Jourdan, Gregor V. Bochmann, Russell Couturier, and Iosif-Viorel Onut . 2017. Tracking Phishing Attacks Over Time. In Conference on World Wide Web. https:\/\/doi.org\/10.1145\/3038912.3052654","DOI":"10.1145\/3038912.3052654"},{"key":"key-10.1145\/3178876.3186101-12","unstructured":"Dan Cvrcek . 2014. Hardware Scrambling - No More Password Leaks. (2014). https:\/\/www.lightbluetouchpaper.org\/2014\/03\/07\/hardware-scrambling-no-more-password-leaks"},{"key":"key-10.1145\/3178876.3186101-13","doi-asserted-by":"crossref","unstructured":"Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and XiaoFeng Wang . 2014. The Tangled Web of Password Reuse. In Network and Distributed Systems Symposium. https:\/\/doi.org\/10.14722\/ndss.2014.23357","DOI":"10.14722\/ndss.2014.23357"},{"key":"key-10.1145\/3178876.3186101-14","unstructured":"The Breached Database Directory . 2017. (2017). https:\/\/vigilante.pw"},{"key":"key-10.1145\/3178876.3186101-15","unstructured":"Adam Everspaugh, Rahul Chatterjee, Samuel Scott, Ari Juels, and Thomas Ristenpart . 2015. The Pythia PRF Service. In USENIX Security Symposium. https:\/\/www.usenix.org\/node\/190917"},{"key":"key-10.1145\/3178876.3186101-16","unstructured":"Shay Gueron . 2016. A Memory Encryption Engine Suitable for General Purpose Processors. (2016). https:\/\/eprint.iacr.org\/2016\/204"},{"key":"key-10.1145\/3178876.3186101-17","doi-asserted-by":"crossref","unstructured":"Weili Han, Zhigong Li, Minyue Ni, Guofei Gu, and Wenyuan Xu . 2016. Shadow Attacks based on Password Reuses: A Quantitative Empirical View. IEEE Transactions on Dependable and Secure Computing (2016). https:\/\/doi.org\/10.1109\/TDSC.2016.2568187","DOI":"10.1109\/TDSC.2016.2568187"},{"key":"key-10.1145\/3178876.3186101-18","unstructured":"Kashmir Hill and Surya Mattu . 2017. Before You Hit 'Submit,' This Company Has Already Logged Your Personal Data (Gizmodo). (2017). https:\/\/gizmodo.com\/before-you-hit-submit-this-company-has-already-logge-1795906081"},{"key":"key-10.1145\/3178876.3186101-19","doi-asserted-by":"crossref","unstructured":"Jun Ho Huh, Hyoungshick Kim, Swathi S.V.P. Rayala, Rakesh B. Bobba, and Konstantin Beznosov . 2017. I'm too Busy to Reset my LinkedIn Password: On the Effectiveness of Password Reset Emails ACM SIGCHI Conference on Human Factors in Computing Systems. https:\/\/doi.org\/10.1145\/3025453.3025788","DOI":"10.1145\/3025453.3025788"},{"key":"key-10.1145\/3178876.3186101-20","unstructured":"Intel Corporation . 2017 a. 1U System Delivering Cryptographic Isolation Technology. (2017). https:\/\/www.intel.com\/content\/www\/us\/en\/data-center-blocks\/business\/secure-enclaves-blocks.html"},{"key":"key-10.1145\/3178876.3186101-21","unstructured":"Intel Corporation . 2017 b. Software Guard Extensions (Intel SGX). (2017). https:\/\/software.intel.com\/en-us\/sgx"},{"key":"key-10.1145\/3178876.3186101-22","unstructured":"David Jaeger, Chris Pelchen, Hendrik Graupner, Feng Cheng, and Christoph Meinel . 2016. Analysis of Publicly Leaked Credentials and the Long Story of Password (Re-)use Conference on Passwords. http:\/\/www.passwordresearch.com\/papers\/paper686.html"},{"key":"key-10.1145\/3178876.3186101-23","doi-asserted-by":"crossref","unstructured":"Georgios Kontaxis, Elias Athanasopoulos, Georgios Portokalidis, and Angelos D. Keromytis . 2013. SAuth: Protecting User Accounts from Password Database Leaks ACM Conference on Computer and Communications Security. https:\/\/doi.org\/10.1145\/2508859.2516746","DOI":"10.1145\/2508859.2516746"},{"key":"key-10.1145\/3178876.3186101-24","unstructured":"Klaudia Krawiecka, Arseny Kurnikov, Andrew Paverd, Mohammad Mannan, and N. Asokan . 2017. Protecting Web Passwords from Rogue Servers using Trusted Execution Environments. (2017). https:\/\/arxiv.org\/abs\/1709.01261"},{"key":"key-10.1145\/3178876.3186101-25","doi-asserted-by":"crossref","unstructured":"Klaudia Krawiecka, Arseny Kurnikov, Andrew Paverd, Mohammad Mannan, and N. Asokan . 2018. SafeKeeper Project. (2018). https:\/\/github.com\/safekeeper","DOI":"10.1145\/3178876.3186101"},{"key":"key-10.1145\/3178876.3186101-26","doi-asserted-by":"crossref","unstructured":"Klaudia Krawiecka, Andrew Paverd, and N. Asokan . 2016. Protecting Password Databases Using Trusted Hardware Workshop on System Software for Trusted Execution. https:\/\/doi.org\/10.1145\/3007788.3007798","DOI":"10.1145\/3007788.3007798"},{"key":"key-10.1145\/3178876.3186101-27","unstructured":"Jake Leichtling . 2015. Continuing to protect Chrome users from malicious extensions. (2015). https:\/\/blog.chromium.org\/2015\/05\/continuing-to-protect-chrome-users-from.html"},{"key":"key-10.1145\/3178876.3186101-28","unstructured":"PHP-CPP: A C"},{"key":"key-10.1145\/3178876.3186101-29","unstructured":"library for developing PHP extensions . 2017. (2017). http:\/\/www.php-cpp.com\/"},{"key":"key-10.1145\/3178876.3186101-30","doi-asserted-by":"crossref","unstructured":"Samuel Marchal, Kalle Saari, Nidhi Singh, and N. Asokan . 2016. Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets IEEE International Conference on Distributed Computing Systems. https:\/\/doi.org\/10.1109\/ICDCS.2016.10","DOI":"10.1109\/ICDCS.2016.10"},{"key":"key-10.1145\/3178876.3186101-31","unstructured":"Netcraft.com . 2017. Let's Encrypt and Comodo issue thousands of certificates for phishing. (2017). https:\/\/news.netcraft.com\/archives\/2017\/04\/12\/lets-encrypt-and-comodo-issue-thousands-of-certificates-for-phishing.html"},{"key":"key-10.1145\/3178876.3186101-32","unstructured":"PHPass: Portable PHP password hashing framework . 2017. (2017). http:\/\/www.openwall.com\/phpass\/"},{"key":"key-10.1145\/3178876.3186101-33","unstructured":"Paul Grassi and others . 2017. NIST Special Publication 800--63B, Digital Identity Guidelines, Authentication and Lifecycle Management. (2017). https:\/\/doi.org\/10.6028\/NIST.SP.800--63b"},{"key":"key-10.1145\/3178876.3186101-34","unstructured":"PhishTank.com . 2017. Statistics about phishing activity and PhishTank usage. (2017). https:\/\/www.phishtank.com\/stats.php"},{"key":"key-10.1145\/3178876.3186101-35","unstructured":"Have I Been Pwned . 2017. (2017). https:\/\/haveibeenpwned.com\/pwnedwebsites"},{"key":"key-10.1145\/3178876.3186101-36","unstructured":"Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, and John C. Mitchell . 2005. Stronger Password Authentication Using Browser Extensions USENIX Security Symposium. http:\/\/usenix.org\/publications\/library\/proceedings\/sec05\/tech\/full_papers\/ross\/ross.pdf"},{"key":"key-10.1145\/3178876.3186101-37","unstructured":"Y. Sheffer, R. Holz, and P. Saint-Andre . 2015. RFC7457: Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). (2015). https:\/\/tools.ietf.org\/html\/rfc7457"},{"key":"key-10.1145\/3178876.3186101-38","unstructured":"W3Techs World Wide Web Technology Surveys . 2017. (2017). https:\/\/w3techs.com\/"},{"key":"key-10.1145\/3178876.3186101-39","unstructured":"Santiago Torres and Justin Cappos . 2014. PolyPasswordHasher: Improving Password Storage Security. ;login: The USENIX Magazine Vol. 39, 6 (Dec. . 2014), 18--21. https:\/\/password-hashing.net\/submissions\/specs\/PolyPassHash-v1.pdf"},{"key":"key-10.1145\/3178876.3186101-40","unstructured":"Chun Wang, Steve T.K. Jan, Hang Hu, and Gang Wang . 2017. Empirical Analysis of Password Reuse and Modification across Online Service. (2017). https:\/\/arxiv.org\/abs\/1706.01939v2"}],"event":{"name":"the 2018 World Wide Web Conference","location":"Lyon, France","acronym":"WWW '18","number":"2018","sponsor":["SIGWEB, ACM Special Interest Group on Hypertext, Hypermedia, and Web","IW3C2, International World Wide Web Conference Committee"],"start":{"date-parts":[[2018,4,23]]},"end":{"date-parts":[[2018,4,27]]}},"container-title":["Proceedings of the 2018 World Wide Web Conference on World Wide Web - WWW '18"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3178876.3186101","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/dl.acm.org\/ft_gateway.cfm?id=3186101&ftid=1957512&dwn=1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:28Z","timestamp":1750212688000},"score":1,"resource":{"primary":{"URL":"http:\/\/dl.acm.org\/citation.cfm?doid=3178876.3186101"}},"subtitle":["Protecting Web Passwords using Trusted Execution Environments"],"proceedings-subject":"World Wide Web","short-title":[],"issued":{"date-parts":[[2018]]},"references-count":40,"URL":"https:\/\/doi.org\/10.1145\/3178876.3186101","relation":{},"subject":[],"published":{"date-parts":[[2018]]}}}