乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T23:49:39Z","timestamp":1725493779893},"reference-count":75,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2021,4,28]],"date-time":"2021-04-28T00:00:00Z","timestamp":1619568000000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NSF","award":["CNS-1714807, CNS-1526524, OAC-1547350 and CNS-2030501"]},{"DOI":"10.13039\/100009388","name":"Jazan University","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100009388","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2021,8,31]]},"abstract":"We present a secure two-factor authentication (TFA) scheme based on the user\u2019s possession of a password and a crypto-capable device. Security is \u201cend-to-end\u201d in the sense that the attacker can attack all parts of the system, including all communication links and any subset of parties (servers, devices, client terminals), can learn users\u2019 passwords, and perform active and passive attacks, online and offline. In all cases the scheme provides the highest attainable security bounds given the set of compromised components. Our solution builds a TFA scheme using any Device-enhanced Password-authenticated Key Exchange (PAKE), defined by Jarecki et\u00a0al., and any Short Authenticated String (SAS) Message Authentication, defined by Vaudenay. We show an efficient instantiation of this modular construction, which utilizes any password-based client-server authentication method, with or without reliance on public-key infrastructure. The security of the proposed scheme is proven in a formal model that we formulate as an extension of the traditional PAKE model. We also report on a prototype implementation of our schemes, including TLS-based and PKI-free variants, as well as several instantiations of the SAS mechanism, all demonstrating the practicality of our approach. Finally, we present a usability study evaluating the viability of our protocol contrasted with the traditional PIN-based TFA approach in terms of efficiency, potential for errors, user experience, and security perception of the underlying manual process.1<\/jats:sup><\/jats:p>","DOI":"10.1145\/3446807","type":"journal-article","created":{"date-parts":[[2021,4,28]],"date-time":"2021-04-28T22:12:02Z","timestamp":1619647922000},"page":"1-37","update-policy":"http:\/\/dx.doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Two-factor Password-authenticated Key Exchange with End-to-end Security"],"prefix":"10.1145","volume":"24","author":[{"given":"Stanislaw","family":"Jarecki","sequence":"first","affiliation":[{"name":"University of California Irvine, Irvine, CA, USA"}]},{"given":"Mohammed","family":"Jubur","sequence":"additional","affiliation":[{"name":"University of Alabama at Birmingham, Birmingham, AL, USA"}]},{"given":"Hugo","family":"Krawczyk","sequence":"additional","affiliation":[{"name":"Algorand Foundation, New York, NY, USA"}]},{"given":"Nitesh","family":"Saxena","sequence":"additional","affiliation":[{"name":"University of Alabama at Birmingham, Birmingham, AL, USA"}]},{"given":"Maliheh","family":"Shirvanian","sequence":"additional","affiliation":[{"name":"Visa Research, Palo Alto, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,4,28]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"crossref","unstructured":"RSA breach leaks data for hacking securid tokens. 2011. http:\/\/goo.gl\/tcEoS. RSA breach leaks data for hacking securid tokens. 2011. http:\/\/goo.gl\/tcEoS.","DOI":"10.1016\/S1353-4858(11)70056-3"},{"key":"e_1_2_1_2_1","unstructured":"LinkedIn Confirms Account Passwords Hacked. 2012. http:\/\/goo.gl\/AWB5KC. LinkedIn Confirms Account Passwords Hacked. 2012. http:\/\/goo.gl\/AWB5KC."},{"key":"e_1_2_1_3_1","unstructured":"Google acquires slicklogin the sound-based password alternative.2014. https:\/\/goo.gl\/V9J8rv. Google acquires slicklogin the sound-based password alternative.2014. https:\/\/goo.gl\/V9J8rv."},{"key":"e_1_2_1_4_1","unstructured":"Russian Hackers Amass Over a Billion Internet Passwords. 2014. Available at: http:\/\/goo.gl\/aXzqj8. Russian Hackers Amass Over a Billion Internet Passwords. 2014. Available at: http:\/\/goo.gl\/aXzqj8."},{"key":"e_1_2_1_5_1","volume-title":"Yahoo Breach Hits Half a Billion Users","author":"Brief Hack","year":"2016","unstructured":"Hack Brief : Yahoo Breach Hits Half a Billion Users . 2016 . https:\/\/goo.gl\/nz4uJG. Hack Brief: Yahoo Breach Hits Half a Billion Users. 2016. https:\/\/goo.gl\/nz4uJG."},{"key":"e_1_2_1_6_1","unstructured":"Sim swap fraud. 2016. http:\/\/goo.gl\/y4Eogg. Sim swap fraud. 2016. http:\/\/goo.gl\/y4Eogg."},{"key":"e_1_2_1_7_1","unstructured":"Sms-based two-factor authentication. 2016. https:\/\/bit.ly\/2GiH4aN. Sms-based two-factor authentication. 2016. https:\/\/bit.ly\/2GiH4aN."},{"key":"e_1_2_1_8_1","unstructured":"Yahoo Says 1 Billion User Accounts Were Hacked. 2016. https:\/\/goo.gl\/q4WZi9. Yahoo Says 1 Billion User Accounts Were Hacked. 2016. https:\/\/goo.gl\/q4WZi9."},{"key":"e_1_2_1_9_1","unstructured":"Over 560 Million Passwords Discovered in Anonymous Online Database. 2017. https:\/\/goo.gl\/upDqzt. Over 560 Million Passwords Discovered in Anonymous Online Database. 2017. https:\/\/goo.gl\/upDqzt."},{"key":"e_1_2_1_10_1","unstructured":"Google Cloud Messaging. 2018. https:\/\/goo.gl\/EFvXt9. Google Cloud Messaging. 2018. https:\/\/goo.gl\/EFvXt9."},{"key":"e_1_2_1_11_1","unstructured":"Duo Security Two-Factor Authentication. 2019. https:\/\/goo.gl\/e38UnB. Duo Security Two-Factor Authentication. 2019. https:\/\/goo.gl\/e38UnB."},{"key":"e_1_2_1_12_1","unstructured":"Facebook stored hundreds of millions of passwords in plain text. 2019. https:\/\/www.theverge.com\/2019\/3\/21\/18275837\/facebookplain-text-password-storage-hundreds-millions-users. Facebook stored hundreds of millions of passwords in plain text. 2019. https:\/\/www.theverge.com\/2019\/3\/21\/18275837\/facebookplain-text-password-storage-hundreds-millions-users."},{"key":"e_1_2_1_13_1","unstructured":"FIDO Universal 2nd Factor (U2F) Overview. 2019. https:\/\/bit.ly\/2IpPYH8. FIDO Universal 2nd Factor (U2F) Overview. 2019. https:\/\/bit.ly\/2IpPYH8."},{"key":"e_1_2_1_14_1","unstructured":"Google Authenticator Android app. 2019. https:\/\/goo.gl\/Q4LU7k. Google Authenticator Android app. 2019. https:\/\/goo.gl\/Q4LU7k."},{"key":"e_1_2_1_15_1","unstructured":"Google stored some passwords in plain text for fourteen years. 2019. https:\/\/www.theverge.com\/2019\/5\/21\/18634842\/googlepasswords-plain-text-g-suite-fourteen-years. Google stored some passwords in plain text for fourteen years. 2019. https:\/\/www.theverge.com\/2019\/5\/21\/18634842\/googlepasswords-plain-text-g-suite-fourteen-years."},{"key":"e_1_2_1_16_1","unstructured":"Sign in faster with 2-Step Verification phone prompts. 2019. https:\/\/goo.gl\/3vjngW. Sign in faster with 2-Step Verification phone prompts. 2019. https:\/\/goo.gl\/3vjngW."},{"key":"e_1_2_1_17_1","unstructured":"Signal by Open Whisper Systems. 2019. https:\/\/signal.org\/. Signal by Open Whisper Systems. 2019. https:\/\/signal.org\/."},{"key":"e_1_2_1_18_1","unstructured":"Sound Login Two Factor Authentication. 2019. https:\/\/goo.gl\/LJFkvT. Sound Login Two Factor Authentication. 2019. https:\/\/goo.gl\/LJFkvT."},{"key":"e_1_2_1_19_1","unstructured":"Two-factor authentication - authy. 2019. https:\/\/www.authy.com\/. Two-factor authentication - authy. 2019. https:\/\/www.authy.com\/."},{"key":"e_1_2_1_20_1","volume-title":"Reliable messaging","author":"Simple WhatsApp","year":"2019","unstructured":"WhatsApp Simple , Secure , Reliable messaging . 2019 . https:\/\/www.whatsapp.com\/. WhatsApp Simple, Secure, Reliable messaging. 2019. https:\/\/www.whatsapp.com\/."},{"key":"e_1_2_1_21_1","volume-title":"Your key to two-factor authentication","year":"2019","unstructured":"YubiKeys : Your key to two-factor authentication . 2019 . https:\/\/goo.gl\/LLACvP. YubiKeys: Your key to two-factor authentication. 2019. https:\/\/goo.gl\/LLACvP."},{"key":"e_1_2_1_22_1","unstructured":"Zxing (\u201czebra crossing\u201d) barcode scanning library for java android. 2019. https:\/\/github.com\/zxing\/zxing. Zxing (\u201czebra crossing\u201d) barcode scanning library for java android. 2019. https:\/\/github.com\/zxing\/zxing."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45353-9_12"},{"key":"e_1_2_1_24_1","volume-title":"Single password authentication. Comput. Netw. 57, 13","author":"Acar Tolga","year":"2013","unstructured":"Tolga Acar , Mira Belenkiy , and Alptekin K\u00fcp\u00e7\u00fc . 2013. Single password authentication. Comput. Netw. 57, 13 ( 2013 ). Tolga Acar, Mira Belenkiy, and Alptekin K\u00fcp\u00e7\u00fc. 2013. Single password authentication. Comput. Netw. 57, 13 (2013)."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45539-6_11"},{"key":"e_1_2_1_26_1","volume-title":"Proceedings of the ACM Conference on Computer and Communications Security (CCS\u201993)","author":"Steven","unstructured":"Steven M. Bellovin and Michael Merritt. 1993. Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise . In Proceedings of the ACM Conference on Computer and Communications Security (CCS\u201993) . 244--250. Steven M. Bellovin and Michael Merritt. 1993. Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In Proceedings of the ACM Conference on Computer and Communications Security (CCS\u201993). 244--250."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516734"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533089"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10433-6_19"},{"key":"e_1_2_1_30_1","volume-title":"Proceedings of the 12th USENIX Security Symposium. 201--213","author":"Brainard John","year":"2003","unstructured":"John Brainard , Ari Juels , Burt Kaliski , and Michael Szydlo . 2003 . A new two-server approach for authentication with short secrets . In Proceedings of the 12th USENIX Security Symposium. 201--213 . John Brainard, Ari Juels, Burt Kaliski, and Michael Szydlo. 2003. A new two-server approach for authentication with short secrets. In Proceedings of the 12th USENIX Security Symposium. 201--213."},{"key":"e_1_2_1_31_1","first-page":"4","article-title":"SUS-A quick and dirty usability scale","volume":"189","author":"\u00a0al John Brooke","year":"1996","unstructured":"John Brooke et \u00a0al . 1996 . SUS-A quick and dirty usability scale . Usabil. Eval. Industry 189 , 194 (1996), 4 -- 7 . Retrieved from http:\/\/goo.gl\/XDqBqg. John Brooke et\u00a0al. 1996. SUS-A quick and dirty usability scale. Usabil. Eval. Industry 189, 194 (1996), 4--7. Retrieved from http:\/\/goo.gl\/XDqBqg.","journal-title":"Usabil. Eval. Industry"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44987-6_28"},{"key":"e_1_2_1_33_1","volume-title":"Proceedings of the Usenix Security Conference.","author":"Chiasson Sonia","year":"2006","unstructured":"Sonia Chiasson , Paul C. van Oorschot , and Robert Biddle . 2006 . A usability study and critique of two password managers . In Proceedings of the Usenix Security Conference. Sonia Chiasson, Paul C. van Oorschot, and Robert Biddle. 2006. A usability study and critique of two password managers. In Proceedings of the Usenix Security Conference."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382240"},{"key":"e_1_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Emiliano De Cristofaro Honglu Du Julien Freudiger and Greg Norcie. 2013. A comparative usability study of two-factor authentication. arXiv preprint arXiv:1309.5344. Emiliano De Cristofaro Honglu Du Julien Freudiger and Greg Norcie. 2013. A comparative usability study of two-factor authentication. arXiv preprint arXiv:1309.5344.","DOI":"10.14722\/usec.2014.23025"},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the USENIX Security Symposium. 193--208","author":"Dechand Sergej","year":"2016","unstructured":"Sergej Dechand , Dominik Sch\u00fcrmann , Karoline Busse , Yasemin Acar , Sascha Fahl , and Matthew Smith . 2016 . An empirical study of textual key-fingerprint representations . In Proceedings of the USENIX Security Symposium. 193--208 . Sergej Dechand, Dominik Sch\u00fcrmann, Karoline Busse, Yasemin Acar, Sascha Fahl, and Matthew Smith. 2016. An empirical study of textual key-fingerprint representations. In Proceedings of the USENIX Security Symposium. 193--208."},{"key":"e_1_2_1_37_1","volume-title":"Lam","author":"Dodson Ben","year":"2010","unstructured":"Ben Dodson , Debangsu Sengupta , Dan Boneh , and Monica S . Lam . 2010 . Secure, consumer-friendly web authentication and payments with a phone. In Proceedings of the International Conference on Mobile Computing, Applications, and Services. Springer . Ben Dodson, Debangsu Sengupta, Dan Boneh, and Monica S. Lam. 2010. Secure, consumer-friendly web authentication and payments with a phone. In Proceedings of the International Conference on Mobile Computing, Applications, and Services. Springer."},{"key":"e_1_2_1_38_1","volume-title":"Proceedings of the IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE\u201900)","author":"Ford Warwick","unstructured":"Warwick Ford and Burton S . Kaliski Jr. 2000. Server-assisted generation of a strong secret from a password . In Proceedings of the IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE\u201900) . 176--180. Warwick Ford and Burton S. Kaliski Jr. 2000. Server-assisted generation of a strong secret from a password. In Proceedings of the IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE\u201900). 176--180."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/11818175_9"},{"key":"e_1_2_1_40_1","volume-title":"User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Comput. Secur. 30, 4","author":"Gunson Nancie","year":"2011","unstructured":"Nancie Gunson , Diarmid Marshall , Hazel Morton , and Mervyn Jack . 2011. User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Comput. Secur. 30, 4 ( 2011 ). Nancie Gunson, Diarmid Marshall, Hazel Morton, and Mervyn Jack. 2011. User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Comput. Secur. 30, 4 (2011)."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/322510.322514"},{"key":"e_1_2_1_42_1","unstructured":"Devri\u015f \u0130\u015fler Alptekin K\u00fcp\u00e7\u00fc and Aykut Coskun. [n.d.]. User study on single password authentication. ([n.d.]). Devri\u015f \u0130\u015fler Alptekin K\u00fcp\u00e7\u00fc and Aykut Coskun. [n.d.]. User study on single password authentication. ([n.d.])."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32009-5_17"},{"key":"e_1_2_1_44_1","volume-title":"Proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P\u201915)","author":"Jarecki Stanislaw","year":"2015","unstructured":"Stanislaw Jarecki , Aggelos Kiayias , Hugo Krawczyk , and Jiayu Xu . 2015 . Highly efficient and composable password-protected secret sharing . In Proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P\u201915) . Stanislaw Jarecki, Aggelos Kiayias, Hugo Krawczyk, and Jiayu Xu. 2015. Highly efficient and composable password-protected secret sharing. In Proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P\u201915)."},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897880"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-76581-5_15"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-78372-7_15"},{"key":"e_1_2_1_48_1","doi-asserted-by":"crossref","unstructured":"Stanislaw Jarecki Jubur Mohammed Hugo Krawczyk Maliheh Shirvanian and Nitesh Saxena. [n.d.]. Two-factor password-authenticated key exchange with end-to-end password security. Cryptology ePrint Archive report 2018\/033. Stanislaw Jarecki Jubur Mohammed Hugo Krawczyk Maliheh Shirvanian and Nitesh Saxena. [n.d.]. Two-factor password-authenticated key exchange with end-to-end password security. Cryptology ePrint Archive report 2018\/033.","DOI":"10.1007\/978-3-319-76581-5_15"},{"key":"e_1_2_1_49_1","volume-title":"London Calling: Two-Factor Authentication Phishing From Iran.","author":"John Scott-Railton Katie Kleemola","year":"2015","unstructured":"Katie Kleemola John Scott-Railton . 2015 . London Calling: Two-Factor Authentication Phishing From Iran. Retrieved from https:\/\/goo.gl\/yt12xH. Katie Kleemola John Scott-Railton. 2015. London Calling: Two-Factor Authentication Phishing From Iran. Retrieved from https:\/\/goo.gl\/yt12xH."},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572532.1572547"},{"key":"e_1_2_1_51_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Karapanos Nikolaos","year":"2015","unstructured":"Nikolaos Karapanos , Claudio Marforio , Claudio Soriente , and Srdjan Capkun . 2015 . Sound-proof: Usable two-factor authentication based on ambient sound . In Proceedings of the USENIX Security Symposium. Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, and Srdjan Capkun. 2015. Sound-proof: Usable two-factor authentication based on ambient sound. In Proceedings of the USENIX Security Symposium."},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-24209-0_16"},{"key":"e_1_2_1_53_1","volume-title":"Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS\u201905)","author":"Katz Jonathan","unstructured":"Jonathan Katz , Philip D. MacKenzie , Gelareh Taban , and Virgil D. Gligor . 2005. Two-server password-only authenticated key exchange . In Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS\u201905) . 1--16. Jonathan Katz, Philip D. MacKenzie, Gelareh Taban, and Virgil D. Gligor. 2005. Two-server password-only authenticated key exchange. In Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS\u201905). 1--16."},{"key":"e_1_2_1_54_1","unstructured":"Swati Khandelwal. 2017. Real-world SS7 Attack. Retrieved from https:\/\/thehackernews.com\/2017\/05\/ss7-vulnerability-bank-hacking.html. Swati Khandelwal. 2017. Real-world SS7 Attack. Retrieved from https:\/\/thehackernews.com\/2017\/05\/ss7-vulnerability-bank-hacking.html."},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1007\/11535218_33"},{"key":"e_1_2_1_56_1","volume-title":"Proceedings of the International Conference on Pervasive Computing and Communications (PerCom).","author":"Kumar Arun","year":"2009","unstructured":"Arun Kumar , Nitesh Saxena , Gene Tsudik , and Ersin Uzun . 2009 . Caveat emptor: A comparative study of secure device pairing methods . In Proceedings of the International Conference on Pervasive Computing and Communications (PerCom). Arun Kumar, Nitesh Saxena, Gene Tsudik, and Ersin Uzun. 2009. Caveat emptor: A comparative study of secure device pairing methods. In Proceedings of the International Conference on Pervasive Computing and Communications (PerCom)."},{"key":"e_1_2_1_57_1","volume-title":"International Conference on Financial Cryptography and Data Security. Springer, 422--440","author":"Lang Juan","year":"2016","unstructured":"Juan Lang , Alexei Czeskis , Dirk Balfanz , Marius Schilder , and Sampath Srinivas . 2016 . Security keys: Practical cryptographic second factors for the modern web . In International Conference on Financial Cryptography and Data Security. Springer, 422--440 . Juan Lang, Alexei Czeskis, Dirk Balfanz, Marius Schilder, and Sampath Srinivas. 2016. Security keys: Practical cryptographic second factors for the modern web. In International Conference on Financial Cryptography and Data Security. Springer, 422--440."},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23049"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45708-9_25"},{"key":"e_1_2_1_60_1","volume-title":"Proceedings of the Annual Computer Security Applications Conference.","author":"McCarney Daniel","unstructured":"Daniel McCarney , David Barrera , Jeremy Clark , Sonia Chiasson , and Paul C . van Oorschot. 2012. Tapas: Design, implementation, and usability evaluation of a password manager . In Proceedings of the Annual Computer Security Applications Conference. Daniel McCarney, David Barrera, Jeremy Clark, Sonia Chiasson, and Paul C. van Oorschot. 2012. Tapas: Design, implementation, and usability evaluation of a password manager. In Proceedings of the Annual Computer Security Applications Conference."},{"key":"e_1_2_1_61_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 110--124","author":"McCune Jonathan M.","unstructured":"Jonathan M. McCune , Adrian Perrig , and Michael K. Reiter . 2005. Seeing-is-believing: Using camera phones for human-verifiable authentication . In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 110--124 . Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. 2005. Seeing-is-believing: Using camera phones for human-verifiable authentication. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 110--124."},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc4226"},{"key":"e_1_2_1_63_1","volume-title":"Totp: Time-based One-time Password Algorithm. Technical Report.","author":"M\u2019Raihi David","year":"2011","unstructured":"David M\u2019Raihi , Salah Machani , Mingliang Pei , and Johan Rydell . 2011 . Totp: Time-based One-time Password Algorithm. Technical Report. Retrieved from https:\/\/goo.gl\/9Ba5hv. David M\u2019Raihi, Salah Machani, Mingliang Pei, and Johan Rydell. 2011. Totp: Time-based One-time Password Algorithm. Technical Report. Retrieved from https:\/\/goo.gl\/9Ba5hv."},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-68914-0_17"},{"key":"e_1_2_1_65_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy.","author":"Saxena Nitesh","unstructured":"Nitesh Saxena , Jan-Erik Ekberg , Kari Kostiainen , and N. Asokan . 2006. Secure device pairing based on a visual channel . In Proceedings of the IEEE Symposium on Security and Privacy. Nitesh Saxena, Jan-Erik Ekberg, Kari Kostiainen, and N. Asokan. 2006. Secure device pairing based on a visual channel. In Proceedings of the IEEE Symposium on Security and Privacy."},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.14722\/eurousec.2016.23012"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23167"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134610"},{"key":"e_1_2_1_69_1","unstructured":"Victor Shoup. 2004. ISO 18033-2: An Emerging Standard for Public-Key Encryption. Final Committee Draft. Victor Shoup. 2004. ISO 18033-2: An Emerging Standard for Public-Key Encryption. Final Committee Draft."},{"key":"e_1_2_1_70_1","first-page":"267","article-title":"Pairing a device based on a visual code","volume":"13","author":"Suggs Bradley Neal","year":"2013","unstructured":"Bradley Neal Suggs . 2013 . Pairing a device based on a visual code . U.S. Patent App. 13\/194 , 267 . Bradley Neal Suggs. 2013. Pairing a device based on a visual code. U.S. Patent App. 13\/194,267.","journal-title":"U.S. Patent App."},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-77366-5_29"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1007\/11535218_19"},{"key":"e_1_2_1_73_1","volume-title":"Proceedings of the International Conference on Security and Privacy in Communication Systems. Springer, 141--150","author":"Wang Ding","year":"2014","unstructured":"Ding Wang and Ping Wang . 2014 . On the usability of two-factor authentication . In Proceedings of the International Conference on Security and Privacy in Communication Systems. Springer, 141--150 . Ding Wang and Ping Wang. 2014. On the usability of two-factor authentication. In Proceedings of the International Conference on Security and Privacy in Communication Systems. Springer, 141--150."},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2008.09.008"},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.intcom.2009.10.001"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3446807","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3446807","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,2]],"date-time":"2023-11-02T22:44:32Z","timestamp":1698965072000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3446807"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,28]]},"references-count":75,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2021,8,31]]}},"alternative-id":["10.1145\/3446807"],"URL":"https:\/\/doi.org\/10.1145\/3446807","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,4,28]]},"assertion":[{"value":"2019-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-01-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-04-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}