{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T06:07:37Z","timestamp":1775110057750,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":81,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,5,30]],"date-time":"2022-05-30T00:00:00Z","timestamp":1653868800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1617474,CNS-1562485"],"award-info":[{"award-number":["CNS-1617474,CNS-1562485"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,5,30]]},"DOI":"10.1145\/3488932.3497756","type":"proceedings-article","created":{"date-parts":[[2022,5,24]],"date-time":"2022-05-24T04:23:26Z","timestamp":1653366206000},"page":"2-16","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["SMS OTP Security (SOS)"],"prefix":"10.1145","author":[{"given":"Christian","family":"Peeters","sequence":"first","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}]},{"given":"Christopher","family":"Patton","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}]},{"given":"Imani N. S.","family":"Munyaka","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}]},{"given":"Daniel","family":"Olszewski","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}]},{"given":"Thomas","family":"Shrimpton","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}]},{"given":"Patrick","family":"Traynor","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL, USA"}]}],"member":"320","published-online":{"date-parts":[[2022,5,30]]},"reference":[{"key":"e_1_3_2_2_2_1","unstructured":"2020. Authy. https:\/\/authy.com\/.  2020. Authy. https:\/\/authy.com\/."},{"key":"e_1_3_2_2_3_1","unstructured":"2020. Duo U2F and Biometrics. https:\/\/duo.com\/product\/multi-factor- authentication-mfa\/authentication-methods\/u2f-and-biometrics.  2020. Duo U2F and Biometrics. https:\/\/duo.com\/product\/multi-factor- authentication-mfa\/authentication-methods\/u2f-and-biometrics."},{"key":"e_1_3_2_2_4_1","unstructured":"2020. FIDO2 U2F Passwordless authentication. https:\/\/www.yubico.com\/ authentication-standards\/fido2\/.  2020. FIDO2 U2F Passwordless authentication. https:\/\/www.yubico.com\/ authentication-standards\/fido2\/."},{"key":"e_1_3_2_2_5_1","unstructured":"2020. Google Authenticator. https:\/\/support.google.com\/accounts\/answer\/ 1066447.  2020. Google Authenticator. https:\/\/support.google.com\/accounts\/answer\/ 1066447."},{"key":"e_1_3_2_2_6_1","unstructured":"2020. List of websites and whether or not they support 2FA. https:\/\/ twofactorauth.org.  2020. List of websites and whether or not they support 2FA. https:\/\/ twofactorauth.org."},{"key":"e_1_3_2_2_7_1","unstructured":"2020. Ting Mobile Rates. https:\/\/ting.com\/rates.  2020. Ting Mobile Rates. https:\/\/ting.com\/rates."},{"key":"e_1_3_2_2_8_1","unstructured":"2020. Tips to complete account recovery steps. https:\/\/support.google.com\/ accounts\/answer\/7299973.  2020. Tips to complete account recovery steps. https:\/\/support.google.com\/ accounts\/answer\/7299973."},{"key":"e_1_3_2_2_9_1","unstructured":"2020. \"Two-factor authentication for Apple ID\". https:\/\/support.apple.com\/en- us\/HT204915.  2020. \"Two-factor authentication for Apple ID\". https:\/\/support.apple.com\/en- us\/HT204915."},{"key":"e_1_3_2_2_10_1","unstructured":"2020. Use of SMS or Call Log Permsissions. https:\/\/support.google.com\/ googleplay\/android-developer\/answer\/9047303.  2020. Use of SMS or Call Log Permsissions. https:\/\/support.google.com\/ googleplay\/android-developer\/answer\/9047303."},{"key":"e_1_3_2_2_11_1","unstructured":"2020. What is Diameter Protocol? https:\/\/ribboncommunications.com\/company\/ get-help\/glossary\/diameter-protocol.  2020. What is Diameter Protocol? https:\/\/ribboncommunications.com\/company\/ get-help\/glossary\/diameter-protocol."},{"key":"e_1_3_2_2_12_1","unstructured":"2020. What is the Additional verification page? https:\/\/docs.microsoft.com\/en- us\/azure\/active-directory\/user-help\/multi-factor-authentication-end-user- first-time.  2020. What is the Additional verification page? https:\/\/docs.microsoft.com\/en- us\/azure\/active-directory\/user-help\/multi-factor-authentication-end-user- first-time."},{"key":"e_1_3_2_2_13_1","unstructured":"2020. Works with YubiKey Catalog. https:\/\/www.yubico.com\/works-with- yubikey\/catalog\/.  2020. Works with YubiKey Catalog. https:\/\/www.yubico.com\/works-with- yubikey\/catalog\/."},{"key":"e_1_3_2_2_14_1","unstructured":"2020. Yubico. https:\/\/www.yubico.com\/.  2020. Yubico. https:\/\/www.yubico.com\/."},{"key":"e_1_3_2_2_15_1","unstructured":"Robert Abel. 2019. SS7 exploited to intercept 2FA bank confirmation codes to raid accounts. scmagazine.com. hrefhttps:\/\/www.scmagazine.com\/home\/security-news\/cybercriminals-are-exploiting-flaws-in-ss7-a-protocol-used-by-telecom-companies-to-coordinate-how-they-route-texts-and-calls-around-the-world-to-empty-bank-accounts\/.  Robert Abel. 2019. SS7 exploited to intercept 2FA bank confirmation codes to raid accounts. scmagazine.com. hrefhttps:\/\/www.scmagazine.com\/home\/security-news\/cybercriminals-are-exploiting-flaws-in-ss7-a-protocol-used-by-telecom-companies-to-coordinate-how-they-route-texts-and-calls-around-the-world-to-empty-bank-accounts\/."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131904"},{"key":"e_1_3_2_2_17_1","unstructured":"Paddy Baker. 2020. Crypto Exec's $1.8M SIM-Swap Lawsuit Has `Critical Holes ` Says AT&T. https:\/\/www.coindesk.com\/crypto-execs-1--8m-sim-swap-lawsuit-full-of-critical-holes-says-att.  Paddy Baker. 2020. Crypto Exec's $1.8M SIM-Swap Lawsuit Has `Critical Holes ` Says AT&T. https:\/\/www.coindesk.com\/crypto-execs-1--8m-sim-swap-lawsuit-full-of-critical-holes-says-att."},{"key":"e_1_3_2_2_18_1","unstructured":"Sam Baker. 2019. Criminals hacking phone codes used by customers to verify bank transactions. https:\/\/www.telegraph.co.uk\/money\/consumer-affairs\/banks-hit-mobile-phone-hacke\/.  Sam Baker. 2019. Criminals hacking phone codes used by customers to verify bank transactions. https:\/\/www.telegraph.co.uk\/money\/consumer-affairs\/banks-hit-mobile-phone-hacke\/."},{"key":"e_1_3_2_2_19_1","unstructured":"Richard Barnes Benjamin Beurdouche Jon Millican Emad Omara Katriel Cohn-Gordon and Raphael Robert. 2019. The Messaging Layer Security (MLS) Protocol. Internet-Draft draft-ietf-mls-protocol-08. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-mls-protocol-08 Work in Progress.  Richard Barnes Benjamin Beurdouche Jon Millican Emad Omara Katriel Cohn-Gordon and Raphael Robert. 2019. The Messaging Layer Security (MLS) Protocol. Internet-Draft draft-ietf-mls-protocol-08. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-mls-protocol-08 Work in Progress."},{"key":"e_1_3_2_2_20_1","volume-title":"Advances in Cryptology -- CRYPTO' 93","author":"Bellare Mihir","unstructured":"Mihir Bellare and Phillip Rogaway . 1994. Entity Authentication and Key Distribution . In Advances in Cryptology -- CRYPTO' 93 . Springer Berlin Heidelberg , Berlin, Heidelberg , 232--249. Mihir Bellare and Phillip Rogaway. 1994. Entity Authentication and Key Distribution. In Advances in Cryptology -- CRYPTO' 93. Springer Berlin Heidelberg, Berlin, Heidelberg, 232--249."},{"key":"e_1_3_2_2_21_1","volume-title":"PKC -- Proceedings of the 9th International Conference on Theory and Practice of Public Key Cryptography. 207--228.","author":"Bernstein Daniel J.","unstructured":"Daniel J. Bernstein . 2006. Curve25519: New Diffie-Hellman Speed Records . In PKC -- Proceedings of the 9th International Conference on Theory and Practice of Public Key Cryptography. 207--228. Daniel J. Bernstein. 2006. Curve25519: New Diffie-Hellman Speed Records. In PKC -- Proceedings of the 9th International Conference on Theory and Practice of Public Key Cryptography. 207--228."},{"key":"e_1_3_2_2_22_1","unstructured":"Peter Bright. 2011. RSA finally comes clean: SecurID is compromised. https:\/\/arstechnica.com\/information-technology\/2011\/06\/rsa-finally-comes-clean-securid-is-compromised\/.  Peter Bright. 2011. RSA finally comes clean: SecurID is compromised. https:\/\/arstechnica.com\/information-technology\/2011\/06\/rsa-finally-comes-clean-securid-is-compromised\/."},{"key":"e_1_3_2_2_23_1","unstructured":"John Brooke et al. 1996. SUS-A quick and dirty usability scale. Usability evaluation in industry Vol. 189 194 (1996) 4--7.  John Brooke et al. 1996. SUS-A quick and dirty usability scale. Usability evaluation in industry Vol. 189 194 (1996) 4--7."},{"key":"e_1_3_2_2_24_1","unstructured":"Elie Bursztein. 2018. The bleak picture of two-factor authentication adoption in the wild. https:\/\/elie.net\/blog\/security\/the-bleak-picture-of-two-factor-authentication-adoption-in-the-wild\/#toc-4.  Elie Bursztein. 2018. The bleak picture of two-factor authentication adoption in the wild. https:\/\/elie.net\/blog\/security\/the-bleak-picture-of-two-factor-authentication-adoption-in-the-wild\/#toc-4."},{"key":"e_1_3_2_2_25_1","volume-title":"Microsoft: Using multi-factor authentication blocks 99.9% of account hacks. zdnet.com. hrefhttps:\/\/www.zdnet.com\/article\/microsoft-using-multi- factor-authentication-blocks- 99-9-of-account-hacks\/.","author":"Cimpanu Catalin","year":"2019","unstructured":"Catalin Cimpanu . 2019 . Microsoft: Using multi-factor authentication blocks 99.9% of account hacks. zdnet.com. hrefhttps:\/\/www.zdnet.com\/article\/microsoft-using-multi- factor-authentication-blocks- 99-9-of-account-hacks\/. Catalin Cimpanu. 2019. Microsoft: Using multi-factor authentication blocks 99.9% of account hacks. zdnet.com. hrefhttps:\/\/www.zdnet.com\/article\/microsoft-using-multi- factor-authentication-blocks- 99-9-of-account-hacks\/."},{"key":"e_1_3_2_2_26_1","volume-title":"Fifteenth Symposium on Usable Privacy and Security (SOUPS","author":"Ciolino St\u00e9phane","year":"2019","unstructured":"St\u00e9phane Ciolino , Simon Parkin , and Paul Dunphy . 2019 . Of Two Minds about Two-Factor: Understanding Everyday FIDO U2F Usability through Device Comparison and Experience Sampling. https:\/\/www.usenix.org\/conference\/soups2019\/presentation\/ciolino . In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association, Santa Clara, CA. St\u00e9phane Ciolino, Simon Parkin, and Paul Dunphy. 2019. Of Two Minds about Two-Factor: Understanding Everyday FIDO U2F Usability through Device Comparison and Experience Sampling. https:\/\/www.usenix.org\/conference\/soups2019\/presentation\/ciolino. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association, Santa Clara, CA."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174030"},{"key":"e_1_3_2_2_28_1","unstructured":"Joseph Cox. 2017. Senator Demands Answers From Telecom Giants on Phone Spying. https:\/\/www.thedailybeast.com\/senator-demands-answers-from-telecom-giants-on-phone-spying.  Joseph Cox. 2017. Senator Demands Answers From Telecom Giants on Phone Spying. https:\/\/www.thedailybeast.com\/senator-demands-answers-from-telecom-giants-on-phone-spying."},{"key":"e_1_3_2_2_29_1","unstructured":"Joseph Cox. 2019. Criminals Are Tapping into the Phone Network Backbone to Empty Bank Accounts. https:\/\/motherboard.vice.com\/en_us\/article\/mbzvxv\/criminals-hackers-ss7-uk-banks-metro-bank.  Joseph Cox. 2019. Criminals Are Tapping into the Phone Network Backbone to Empty Bank Accounts. https:\/\/motherboard.vice.com\/en_us\/article\/mbzvxv\/criminals-hackers-ss7-uk-banks-metro-bank."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.144"},{"key":"e_1_3_2_2_31_1","unstructured":"Dominique Lazanski. 2016. Interconnect Security.  Dominique Lazanski. 2016. Interconnect Security."},{"key":"e_1_3_2_2_32_1","unstructured":"Thomas Fox-Brewster. 2017. All That's Needed To Hack Gmail And Rob Bitcoin: A Name And A Phone Number. https:\/\/www.forbes.com\/sites\/thomasbrewster\/2017\/09\/18\/ss7-google-coinbase-bitcoin-hack\/#484e841941a4.  Thomas Fox-Brewster. 2017. All That's Needed To Hack Gmail And Rob Bitcoin: A Name And A Phone Number. https:\/\/www.forbes.com\/sites\/thomasbrewster\/2017\/09\/18\/ss7-google-coinbase-bitcoin-hack\/#484e841941a4."},{"key":"e_1_3_2_2_33_1","unstructured":"Kathleen Garska. 2018. Two-Factor Authentication (2FA) Explained: Email and SMS OTPs. https:\/\/blog.identityautomation.com\/two-factor-authentication-2fa-explained-email-and-sms-otps.  Kathleen Garska. 2018. Two-Factor Authentication (2FA) Explained: Email and SMS OTPs. https:\/\/blog.identityautomation.com\/two-factor-authentication-2fa-explained-email-and-sms-otps."},{"key":"e_1_3_2_2_34_1","volume-title":"SMS: The most popular and least secure 2FA method. https:\/\/www.thingsauth.com\/2018\/02\/27\/sms-the-most-popular-and-least-secure-2fa-method\/.","author":"Gilsenan Conor","year":"2018","unstructured":"Conor Gilsenan . 2018 . SMS: The most popular and least secure 2FA method. https:\/\/www.thingsauth.com\/2018\/02\/27\/sms-the-most-popular-and-least-secure-2fa-method\/. Conor Gilsenan. 2018. SMS: The most popular and least secure 2FA method. https:\/\/www.thingsauth.com\/2018\/02\/27\/sms-the-most-popular-and-least-secure-2fa-method\/."},{"key":"e_1_3_2_2_35_1","volume-title":"ResearchMatch: a national registry to recruit volunteers for clinical research","author":"Harris Paul A","unstructured":"Paul A Harris , Kirstin W Scott , Laurie Lebo , NikNik Hassan , Chad Lighter , and Jill Pulley . 2012. ResearchMatch: a national registry to recruit volunteers for clinical research . Academic medicine: journal of the Association of American Medical Colleges, Vol. 87, 1 (2012), 66. Paul A Harris, Kirstin W Scott, Laurie Lebo, NikNik Hassan, Chad Lighter, and Jill Pulley. 2012. ResearchMatch: a national registry to recruit volunteers for clinical research. Academic medicine: journal of the Association of American Medical Colleges, Vol. 87, 1 (2012), 66."},{"key":"e_1_3_2_2_36_1","volume-title":"Advances in psychology.","author":"Hart Sandra G","unstructured":"Sandra G Hart and Lowell E Staveland . 1988. Development of NASA-TLX (Task Load Index): Results of empirical and theoretical research . In Advances in psychology. Vol. 52 . Elsevier , 139--183. Sandra G Hart and Lowell E Staveland. 1988. Development of NASA-TLX (Task Load Index): Results of empirical and theoretical research. In Advances in psychology. Vol. 52. Elsevier, 139--183."},{"key":"e_1_3_2_2_37_1","unstructured":"Evolved Intelligence. [n.d.]. SS7 & Diameter Firewall. https:\/\/www.evolved-intelligence.com\/products\/fraud-and-security\/signalling-firewall.  Evolved Intelligence. [n.d.]. SS7 & Diameter Firewall. https:\/\/www.evolved-intelligence.com\/products\/fraud-and-security\/signalling-firewall."},{"key":"e_1_3_2_2_38_1","unstructured":"Michael Kan. 2018. Hackers Beat Two-Factor Protection With Automated Phishing Attacks. pcmag. hrefhttps:\/\/www.pcmag.com\/news\/hackers-beat-two-factor-protection-with-automated-phishing-attacks.  Michael Kan. 2018. Hackers Beat Two-Factor Protection With Automated Phishing Attacks. pcmag. hrefhttps:\/\/www.pcmag.com\/news\/hackers-beat-two-factor-protection-with-automated-phishing-attacks."},{"key":"e_1_3_2_2_39_1","volume-title":"Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound. In USENIX Security Symposium (USENIX Security 15)","author":"Karapanos Nikolaos","year":"2015","unstructured":"Nikolaos Karapanos , Claudio Marforio , Claudio Soriente , and Srdjan Capkun . 2015 . Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound. In USENIX Security Symposium (USENIX Security 15) . USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/karapanos Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, and Srdjan Capkun. 2015. Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound. In USENIX Security Symposium (USENIX Security 15). USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/karapanos"},{"key":"e_1_3_2_2_40_1","volume-title":"SecurePay: Strengthening Two-Factor Authentication for Arbitrary Transactions. In 5th IEEE European Symposium on Security and Privacy (EuroS&P","author":"Konoth Radhesh Krishnan","year":"2020","unstructured":"Radhesh Krishnan Konoth , Bj\u00f6rn Fischer , Wan Fokkink , Elias Athanasopoulos , Kaveh Razavi , and Herbert Bos . 2020 . SecurePay: Strengthening Two-Factor Authentication for Arbitrary Transactions. In 5th IEEE European Symposium on Security and Privacy (EuroS&P 2020). Radhesh Krishnan Konoth, Bj\u00f6rn Fischer, Wan Fokkink, Elias Athanasopoulos, Kaveh Razavi, and Herbert Bos. 2020. SecurePay: Strengthening Two-Factor Authentication for Arbitrary Transactions. In 5th IEEE European Symposium on Security and Privacy (EuroS&P 2020)."},{"key":"e_1_3_2_2_41_1","unstructured":"Brian Krebs. 2019. Why Phone Numbers Stink As Identity Proof. https:\/\/krebsonsecurity.com\/tag\/sim-swap\/.  Brian Krebs. 2019. Why Phone Numbers Stink As Identity Proof. https:\/\/krebsonsecurity.com\/tag\/sim-swap\/."},{"key":"e_1_3_2_2_42_1","volume-title":"Duolytics: Four Years with Four Factors. https:\/\/duo.com\/blog\/duolytics-four-years-with-four-factors.","author":"Lady Kyle","year":"2015","unstructured":"Kyle Lady . 2015 . Duolytics: Four Years with Four Factors. https:\/\/duo.com\/blog\/duolytics-four-years-with-four-factors. Kyle Lady. 2015. Duolytics: Four Years with Four Factors. https:\/\/duo.com\/blog\/duolytics-four-years-with-four-factors."},{"key":"e_1_3_2_2_43_1","volume-title":"Provable Security,","author":"LaMacchia Brian","unstructured":"Brian LaMacchia , Kristin Lauter , and Anton Mityagin . 2007. Stronger Security of Authenticated Key Exchange . In Provable Security, , Willy Susilo, Joseph K. Liu, and Yi Mu (Eds.). Springer Berlin Heidelberg , Berlin, Heidelberg , 1--16. Brian LaMacchia, Kristin Lauter, and Anton Mityagin. 2007. Stronger Security of Authenticated Key Exchange. In Provable Security,, Willy Susilo, Joseph K. Liu, and Yi Mu (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 1--16."},{"key":"e_1_3_2_2_44_1","unstructured":"Ponemon Institute LLC. 2019. The 2019 State of Password and Authentication Security Behaviors Report. https:\/\/www.yubico.com\/wp-content\/uploads\/2019\/01\/Ponemon-Authentication-Report.pdf.  Ponemon Institute LLC. 2019. The 2019 State of Password and Authentication Security Behaviors Report. https:\/\/www.yubico.com\/wp-content\/uploads\/2019\/01\/Ponemon-Authentication-Report.pdf."},{"key":"e_1_3_2_2_45_1","unstructured":"Napier Lopez. 2019. Google data shows 2-factor authentication blocks 100% of automated bot hacks. https:\/\/thenextweb.com\/google\/ 2019\/05\/23\/google-data-shows-2 -factor-authentication-blocks- 100-of-automated-bot-hack.  Napier Lopez. 2019. Google data shows 2-factor authentication blocks 100% of automated bot hacks. https:\/\/thenextweb.com\/google\/ 2019\/05\/23\/google-data-shows-2 -factor-authentication-blocks- 100-of-automated-bot-hack."},{"key":"e_1_3_2_2_46_1","volume-title":"Proceedings of the Second Annual IEEE Systems, Man, and Cybernetics Information Assurance Workshop.","author":"Lorenz G.","year":"2001","unstructured":"G. Lorenz . 2001 . Securing SS7 telecommunications networks . Proceedings of the Second Annual IEEE Systems, Man, and Cybernetics Information Assurance Workshop. G. Lorenz. 2001. Securing SS7 telecommunications networks. Proceedings of the Second Annual IEEE Systems, Man, and Cybernetics Information Assurance Workshop."},{"key":"e_1_3_2_2_47_1","unstructured":"Ronnie Manning. 2019. Yubico Releases the 2019 State of Password and Authentication Security Behaviors Report. https:\/\/www.yubico.com\/2019\/01\/yubico-releases-the-2019-state-of-password-and-authentication-security-behaviors-report\/.  Ronnie Manning. 2019. Yubico Releases the 2019 State of Password and Authentication Security Behaviors Report. https:\/\/www.yubico.com\/2019\/01\/yubico-releases-the-2019-state-of-password-and-authentication-security-behaviors-report\/."},{"key":"e_1_3_2_2_48_1","unstructured":"Venkadesan Marimuthu. 2019. Fraudulent subscriber identity module (SIM) swap detection. United States Patent 10178223.  Venkadesan Marimuthu. 2019. Fraudulent subscriber identity module (SIM) swap detection. United States Patent 10178223."},{"key":"e_1_3_2_2_49_1","unstructured":"Rene Mayrhofer and Hans Gellersen. 2007. Shake Well Before Use: Authentication Based on Accelerometer Data. In Pervasive Computing Anthony LaMarca Marc Langheinrich and Khai N. Truong (Eds.).  Rene Mayrhofer and Hans Gellersen. 2007. Shake Well Before Use: Authentication Based on Accelerometer Data. In Pervasive Computing Anthony LaMarca Marc Langheinrich and Khai N. Truong (Eds.)."},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/MWSCAS.2002.1187082"},{"key":"e_1_3_2_2_51_1","unstructured":"Megan Morreale. 2017. Daily SMS Mobile Usage Statistics. https:\/\/www.smseagle.eu\/2017\/03\/06\/daily-sms-mobile-statistics\/.  Megan Morreale. 2017. Daily SMS Mobile Usage Statistics. https:\/\/www.smseagle.eu\/2017\/03\/06\/daily-sms-mobile-statistics\/."},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc4226"},{"key":"e_1_3_2_2_53_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment, Konrad Rieck, Patrick Stewin, and Jean-Pierre Seifert (Eds.)","author":"Mulliner Collin","unstructured":"Collin Mulliner , Ravishankar Borgaonkar , Patrick Stewin , and Jean-Pierre Seifert . 2013. SMS-Based One-Time Passwords: Attacks and Defense . In Detection of Intrusions and Malware, and Vulnerability Assessment, Konrad Rieck, Patrick Stewin, and Jean-Pierre Seifert (Eds.) . Springer Berlin Heidelberg . Collin Mulliner, Ravishankar Borgaonkar, Patrick Stewin, and Jean-Pierre Seifert. 2013. SMS-Based One-Time Passwords: Attacks and Defense. In Detection of Intrusions and Malware, and Vulnerability Assessment, Konrad Rieck, Patrick Stewin, and Jean-Pierre Seifert (Eds.). Springer Berlin Heidelberg."},{"key":"e_1_3_2_2_54_1","unstructured":"Action Fraud News. 2014. Alert - how you can be scammed by a method called SIM Splitting.  Action Fraud News. 2014. Alert - how you can be scammed by a method called SIM Splitting."},{"key":"e_1_3_2_2_55_1","unstructured":"Newsbtc. 2017. Hackers Find Exploit Through SS7 SMS 2FA to Empty Bitcoin Wallets. https:\/\/www.newsbtc.com\/2017\/09\/30\/hackers-find-exploit-sms-two-factor-authentication-empty-bitcoin-wallets\/.  Newsbtc. 2017. Hackers Find Exploit Through SS7 SMS 2FA to Empty Bitcoin Wallets. https:\/\/www.newsbtc.com\/2017\/09\/30\/hackers-find-exploit-sms-two-factor-authentication-empty-bitcoin-wallets\/."},{"key":"e_1_3_2_2_56_1","first-page":"464","article-title":"Wireless two-factor authentication, authorization and audit system with close proximity between mass storage device and communication device","volume":"14","author":"Ngan Sai Fong","year":"2015","unstructured":"Sai Fong Ngan , Wai Ching Vincent Lok , and Kwok Hung Cheung . 2015 . Wireless two-factor authentication, authorization and audit system with close proximity between mass storage device and communication device . US Patent App. 14\/284 , 464 . Sai Fong Ngan, Wai Ching Vincent Lok, and Kwok Hung Cheung. 2015. Wireless two-factor authentication, authorization and audit system with close proximity between mass storage device and communication device. US Patent App. 14\/284,464.","journal-title":"US Patent App."},{"key":"e_1_3_2_2_57_1","volume-title":"Public Key Cryptography","author":"Okamoto Tatsuaki","unstructured":"Tatsuaki Okamoto and David Pointcheval . 2001. The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes . In Public Key Cryptography . Springer Berlin Heidelberg , Berlin, Heidelberg , 104--118. Tatsuaki Okamoto and David Pointcheval. 2001. The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes. In Public Key Cryptography. Springer Berlin Heidelberg, Berlin, Heidelberg, 104--118."},{"key":"e_1_3_2_2_58_1","unstructured":"Thuy Ong. 2018. Over 90 percent of Gmail users still don't use two-factor authentication. https:\/\/www.theverge.com\/2018\/1\/23\/16922500\/gmail-users-two-factor-authentication-google.  Thuy Ong. 2018. Over 90 percent of Gmail users still don't use two-factor authentication. https:\/\/www.theverge.com\/2018\/1\/23\/16922500\/gmail-users-two-factor-authentication-google."},{"key":"e_1_3_2_2_59_1","unstructured":"Tom Parker. 2019. Shane Dawson James Charles King Bach and other YouTubers hacked after alleged AT&T SIM swap. https:\/\/reclaimthenet.org\/shane-dawson-james-charles-youtubers-hacked-att-sim-swap\/.  Tom Parker. 2019. Shane Dawson James Charles King Bach and other YouTubers hacked after alleged AT&T SIM swap. https:\/\/reclaimthenet.org\/shane-dawson-james-charles-youtubers-hacked-att-sim-swap\/."},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00006"},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/2751323.2751327"},{"key":"e_1_3_2_2_62_1","unstructured":"Nathaniel Popper. 2019. Hackers Hit Twitter C.E.O. Jack Dorsey in a `SIM Swap.` You're at Risk Too. https:\/\/www.nytimes.com\/2019\/09\/05\/technology\/sim-swap-jack-dorsey-hack.html.  Nathaniel Popper. 2019. Hackers Hit Twitter C.E.O. Jack Dorsey in a `SIM Swap.` You're at Risk Too. https:\/\/www.nytimes.com\/2019\/09\/05\/technology\/sim-swap-jack-dorsey-hack.html."},{"key":"e_1_3_2_2_63_1","volume-title":"Proceedings of the USENIX Security Symposium (SECURITY).","author":"Reaves Bradley","year":"2015","unstructured":"Bradley Reaves , Nolen Scaife , Adam Bates , Patrick Traynor , and Kevin Butler . 2015 . Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World . In Proceedings of the USENIX Security Symposium (SECURITY). Bradley Reaves, Nolen Scaife, Adam Bates, Patrick Traynor, and Kevin Butler. 2015. Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World. In Proceedings of the USENIX Security Symposium (SECURITY)."},{"key":"e_1_3_2_2_64_1","volume-title":"Fifteenth Symposium on Usable Privacy and Security (SOUPS).","author":"Reese Ken","year":"2019","unstructured":"Ken Reese , Trevor Smith , Jonathan Dutson , Jonathan Armknecht , Jacob Cameron , and Kent Seamons . 2019 . A usability study of five two-factor authentication methods . In Fifteenth Symposium on Usable Privacy and Security (SOUPS). Ken Reese, Trevor Smith, Jonathan Dutson, Jonathan Armknecht, Jacob Cameron, and Kent Seamons. 2019. A usability study of five two-factor authentication methods. In Fifteenth Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_2_65_1","first-page":"2012","volume-title":"Measuring U","author":"Sauro J","year":"2012","unstructured":"J Sauro . 2012 . 10 things to know about the Single Ease Question (SEQ) . Measuring U , 2012 (2012). J Sauro. 2012. 10 things to know about the Single Ease Question (SEQ). Measuring U, 2012 (2012)."},{"key":"e_1_3_2_2_66_1","volume-title":"Share of internet users in the United States who use two-factor authentication in 2010 and","author":"Security Duo","year":"2017","unstructured":"Duo Security . 2017a. Share of internet users in the United States who use two-factor authentication in 2010 and 2017 , by method. https:\/\/www.statista.com\/statistics\/789942\/us-use-of-two-factor-authentication\/. Duo Security. 2017a. Share of internet users in the United States who use two-factor authentication in 2010 and 2017, by method. https:\/\/www.statista.com\/statistics\/789942\/us-use-of-two-factor-authentication\/."},{"key":"e_1_3_2_2_67_1","volume-title":"Share of internet users in the United States who use two-factor authentication in 2013 and","author":"Security Duo","year":"2017","unstructured":"Duo Security . 2017b. Share of internet users in the United States who use two-factor authentication in 2013 and 2017 . https:\/\/www.statista.com\/statistics\/789473\/us-use-of-two-factor-authentication\/. Duo Security. 2017b. Share of internet users in the United States who use two-factor authentication in 2013 and 2017. https:\/\/www.statista.com\/statistics\/789473\/us-use-of-two-factor-authentication\/."},{"key":"e_1_3_2_2_68_1","volume-title":"RSA SecurID Solution Named Best Third-Party Authentication Device by Windows IT Pro Magazine Readers' Choice","author":"Security RSA","year":"2004","unstructured":"RSA Security . 2004. RSA SecurID Solution Named Best Third-Party Authentication Device by Windows IT Pro Magazine Readers' Choice 2004 . https:\/\/web.archive.org\/web\/20100106232859\/http:\/\/rsa.com\/press_release.aspx?id=5028. RSA Security. 2004. RSA SecurID Solution Named Best Third-Party Authentication Device by Windows IT Pro Magazine Readers' Choice 2004. https:\/\/web.archive.org\/web\/20100106232859\/http:\/\/rsa.com\/press_release.aspx?id=5028."},{"key":"e_1_3_2_2_69_1","volume-title":"R: A language and environment for statistical computing.","author":"Team R Core","year":"2013","unstructured":"R Core Team . 2013 . R: A language and environment for statistical computing. (2013). R Core Team. 2013. R: A language and environment for statistical computing. (2013)."},{"key":"e_1_3_2_2_70_1","unstructured":"Positive Technologies. 2018. Diameter vulnerabilities exposure report. https:\/\/www.ptsecurity.com\/ww-en\/analytics\/diameter-2018\/.  Positive Technologies. 2018. Diameter vulnerabilities exposure report. https:\/\/www.ptsecurity.com\/ww-en\/analytics\/diameter-2018\/."},{"key":"e_1_3_2_2_71_1","unstructured":"Kurt Thomas Damon McCoy Chris Grier Alek Kolcz and Vern Paxson. 2013. Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse.. In USENIX Security. 195--210.  Kurt Thomas Damon McCoy Chris Grier Alek Kolcz and Vern Paxson. 2013. Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse.. In USENIX Security. 195--210."},{"key":"e_1_3_2_2_72_1","unstructured":"Bill Toulas. 2019. SS7 Attacks Against Telecom Infrastructure Now on the Rise. https:\/\/www.technadu.com\/telecom-infrastructure-ss7-attacks-rise\/56704\/.  Bill Toulas. 2019. SS7 Attacks Against Telecom Infrastructure Now on the Rise. https:\/\/www.technadu.com\/telecom-infrastructure-ss7-attacks-rise\/56704\/."},{"key":"e_1_3_2_2_73_1","unstructured":"International Telecommunication Union. [n.d.]. ITU Standard Q.700 : Introduction to CCITT Signalling System No. 7. https:\/\/www.itu.int\/rec\/T-REC-Q.700\/en.  International Telecommunication Union. [n.d.]. ITU Standard Q.700 : Introduction to CCITT Signalling System No. 7. https:\/\/www.itu.int\/rec\/T-REC-Q.700\/en."},{"key":"e_1_3_2_2_74_1","doi-asserted-by":"publisher","DOI":"10.1007\/11535218_19"},{"key":"e_1_3_2_2_75_1","volume-title":"SoundAuth: Secure Zero-Effort Two-Factor Authentication Based on Audio Signals. In 2018 IEEE Conference on Communications and Network Security (CNS). IEEE, 1--9.","author":"Wang Mingyue","year":"2018","unstructured":"Mingyue Wang , Wen-Tao Zhu , Shen Yan , and Qiongxiao Wang . 2018 . SoundAuth: Secure Zero-Effort Two-Factor Authentication Based on Audio Signals. In 2018 IEEE Conference on Communications and Network Security (CNS). IEEE, 1--9. Mingyue Wang, Wen-Tao Zhu, Shen Yan, and Qiongxiao Wang. 2018. SoundAuth: Secure Zero-Effort Two-Factor Authentication Based on Audio Signals. In 2018 IEEE Conference on Communications and Network Security (CNS). IEEE, 1--9."},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2008.09.008"},{"key":"e_1_3_2_2_77_1","unstructured":"Kenneth P. Weiss. 1984. Method and apparatus for positively identifying an individual. U.S. Patent US4720860A .  Kenneth P. Weiss. 1984. Method and apparatus for positively identifying an individual. U.S. Patent US4720860A ."},{"key":"e_1_3_2_2_78_1","volume-title":"Breakthroughs in statistics","author":"Wilcoxon Frank","unstructured":"Frank Wilcoxon . 1992. Individual comparisons by ranking methods . In Breakthroughs in statistics . Springer , 196--202. Frank Wilcoxon. 1992. Individual comparisons by ranking methods. In Breakthroughs in statistics. Springer, 196--202."},{"key":"e_1_3_2_2_79_1","unstructured":"Ben Winck. 2019. One cryptocurrency investor reportedly lost $24 million worth of bitcoin in a SIM swap attack. https:\/\/markets.businessinsider.com\/currencies\/news\/bitcoin-investor-loses-24-million-of-crypto-sim-swap-hackers-2019-11-1028677818.  Ben Winck. 2019. One cryptocurrency investor reportedly lost $24 million worth of bitcoin in a SIM swap attack. https:\/\/markets.businessinsider.com\/currencies\/news\/bitcoin-investor-loses-24-million-of-crypto-sim-swap-hackers-2019-11-1028677818."},{"key":"e_1_3_2_2_80_1","unstructured":"Yubico. 2018. YubiKey 5 Series: The Multi-Protocol Security Key. https:\/\/www.yubico.com\/wp-content\/uploads\/2019\/08\/191238-YK5Series-Solution-Brief-r10.pdf.  Yubico. 2018. YubiKey 5 Series: The Multi-Protocol Security Key. https:\/\/www.yubico.com\/wp-content\/uploads\/2019\/08\/191238-YK5Series-Solution-Brief-r10.pdf."},{"key":"e_1_3_2_2_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290607.3313093"},{"key":"e_1_3_2_2_82_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2019.08.006"}],"event":{"name":"ASIA CCS '22: ACM Asia Conference on Computer and Communications Security","location":"Nagasaki Japan","acronym":"ASIA CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3488932.3497756","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3488932.3497756","content-type":"text\/html","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3488932.3497756","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3488932.3497756","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:28Z","timestamp":1750193308000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3488932.3497756"}},"subtitle":["Hardening SMS-Based Two Factor Authentication"],"short-title":[],"issued":{"date-parts":[[2022,5,30]]},"references-count":81,"alternative-id":["10.1145\/3488932.3497756","10.1145\/3488932"],"URL":"https:\/\/doi.org\/10.1145\/3488932.3497756","relation":{},"subject":[],"published":{"date-parts":[[2022,5,30]]},"assertion":[{"value":"2022-05-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}