{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:57:40Z","timestamp":1772042260830,"version":"3.50.1"},"reference-count":40,"publisher":"Wiley","license":[{"start":{"date-parts":[[2021,7,23]],"date-time":"2021-07-23T00:00:00Z","timestamp":1626998400000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100003621","name":"Ministry of Science, ICT and Future Planning","doi-asserted-by":"publisher","award":["2019-0-01343"],"award-info":[{"award-number":["2019-0-01343"]}],"id":[{"id":"10.13039\/501100003621","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2021,7,23]]},"abstract":"<jats:p>Windows Hello is a Fast IDentity Online- (FIDO-) based new login system for Windows 10, which provides a single sign-on (SSO) service to diverse online applications. Hardware protection is essential for Window Hello\u2019s security. This paper aims to examine the security of Windows Hello on a device where hardware protection is unavailable. We present the first detailed analysis of Windows Hello\u2019s security. The results show that, on a hardware-unsupported device, the authentication data for Windows Hello is not properly protected. We propose a migration attack to compromise Windows Hello\u2019s security. In the proposed attack, an attacker extracts authentication data from a device to impersonate a victim in his or her Microsoft online account. We consider the possibility of such an attack to be serious and harmful to our society and demand immediate attention for remediation.<\/jats:p>","DOI":"10.1155\/2021\/6245306","type":"journal-article","created":{"date-parts":[[2021,7,24]],"date-time":"2021-07-24T01:05:08Z","timestamp":1627088708000},"page":"1-13","source":"Crossref","is-referenced-by-count":4,"title":["Security Analysis and Bypass User Authentication Bound to Device of Windows Hello in the Wild"],"prefix":"10.1155","volume":"2021","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5552-5718","authenticated-orcid":true,"given":"Ejin","family":"Kim","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon 16419, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5342-5913","authenticated-orcid":true,"given":"Hyoung-Kee","family":"Choi","sequence":"additional","affiliation":[{"name":"College of Software, Sungkyunkwan University, Suwon 16419, Republic of Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","reference":[{"key":"1","article-title":"FIDO2: WebAuthn & CTAP","author":"FIDO Alliance"},{"key":"2","article-title":"Windows hello for business overview","author":"M. Docs"},{"key":"3","article-title":"Trusted platform module technology overview","author":"M. Docs"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-50500-8_1"},{"key":"5","doi-asserted-by":"publisher","DOI":"10.1109\/access.2019.2932400"},{"key":"6","article-title":"An API for accessing public key credentials level 2","author":"World Wide Web Consortium (W3C)","year":"2020"},{"key":"7","article-title":"Client to authenticator protocol (CTAP) proposed standard","author":"FIDO Alliance"},{"key":"8","article-title":"Why a pin is better than a password","author":"M. Docs"},{"key":"9","article-title":"Enable passwordless sign-in with the microsoft authenticator app","author":"M. Docs","year":"2020"},{"key":"10","article-title":"Access control: understanding windows file and registry permissions","author":"M. Docs"},{"key":"11","article-title":"Security identifiers","author":"M. Docs"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.1186\/s40163-019-0097-9"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2019.01.002"},{"key":"14","article-title":"How user account control works","author":"M. Docs"},{"key":"15","doi-asserted-by":"crossref","article-title":"SoK: ATT&CK techniques and trends in Windows malware","author":"K. Oosthoek","DOI":"10.1007\/978-3-030-37228-6_20"},{"key":"16","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4842-5914-6_5"},{"key":"17","article-title":"C. K., \u201cPrivilege escalation\u201d","author":"A. T. T. Mitre"},{"key":"18","article-title":"Common vulnerabilities and Exposures list","author":"CVE"},{"key":"19","article-title":"XML protocol activity\u201d, W3C\u2019s architecture domain","author":"Word Wide Web Consortium (W3C)"},{"key":"20","article-title":"XML encryption syntax and processing version 1.1","author":"Word Wide Web Consortium (W3C)","year":"2013"},{"key":"21","article-title":"XML signature syntax and processing version 1.1","author":"Word Wide Web Consortium (W3C)","year":"2013"},{"key":"22","article-title":"Recovering Windows secrets and EFS certificates offline","author":"E. Burzstein"},{"key":"23","article-title":"Microsoft NTLM","author":"M. Docs"},{"key":"24","article-title":"Mimikatz","author":"B. Delpy"},{"key":"25","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2898"},{"key":"26","article-title":"Distribution of all-numeric passwords based on length","author":"DataGenetics"},{"key":"27","article-title":"Specifications overview","author":"FIDO Alliance"},{"key":"28","doi-asserted-by":"publisher","DOI":"10.1109\/cc.2016.7897543"},{"key":"29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-67639-5_11"},{"key":"30","article-title":"Formal verification of the web authentication protocol","author":"I. Guirant"},{"key":"31","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-61078-4_8"},{"key":"32","doi-asserted-by":"publisher","DOI":"10.1145\/3409452"},{"key":"33","article-title":"Breaking FIDO: are exploits in there?","author":"J. Chong"},{"key":"34","doi-asserted-by":"crossref","article-title":"Formal analysis of the FIDO 1. x protocol","author":"O. Pereira","DOI":"10.1007\/978-3-319-75650-9_5"},{"key":"35","doi-asserted-by":"publisher","DOI":"10.1145\/3440712"},{"key":"36","doi-asserted-by":"crossref","article-title":"Provable security analysis of FIDO2","author":"M. Barbosa","DOI":"10.1007\/978-3-030-84252-9_5"},{"key":"37","article-title":"Please remember me: security analysis of U2F remember me implementations in the wild","author":"G. Patat"},{"key":"38","doi-asserted-by":"publisher","DOI":"10.1155\/2020\/8819790"},{"key":"39","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24363"},{"key":"40","article-title":"YubiKey","author":"Yubico"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/6245306.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/6245306.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2021\/6245306.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,5]],"date-time":"2023-01-05T10:27:29Z","timestamp":1672914449000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2021\/6245306\/"}},"subtitle":[],"editor":[{"given":"Ahmad Samer","family":"Wazan","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]}],"short-title":[],"issued":{"date-parts":[[2021,7,23]]},"references-count":40,"alternative-id":["6245306","6245306"],"URL":"https:\/\/doi.org\/10.1155\/2021\/6245306","relation":{},"ISSN":["1939-0122","1939-0114"],"issn-type":[{"value":"1939-0122","type":"electronic"},{"value":"1939-0114","type":"print"}],"subject":[],"published":{"date-parts":[[2021,7,23]]}}}