{"id":"https://openalex.org/W4410393350","doi":"https://doi.org/10.1109/access.2025.3570377","title":"HiPass: Hijacking CTAP in Passkey Authentication","display_name":"HiPass: Hijacking CTAP in Passkey Authentication","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4410393350","doi":"https://doi.org/10.1109/access.2025.3570377"},"language":"en","primary_location":{"id":"doi:10.1109/access.2025.3570377","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3570377","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3570377","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015981102","display_name":"Donghyun Kim","orcid":"https://orcid.org/0009-0006-2033-4341"},"institutions":[{"id":"https://openalex.org/I141371507","display_name":"Soongsil University","ror":"https://ror.org/017xnm587","country_code":"KR","type":"education","lineage":["https://openalex.org/I141371507"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"Donghyun Kim","raw_affiliation_strings":["Department of Software, Soongsil University, Seoul, South Korea"],"affiliations":[{"raw_affiliation_string":"Department of Software, Soongsil University, Seoul, South Korea","institution_ids":["https://openalex.org/I141371507"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090264572","display_name":"Jiyoung Shin","orcid":null},"institutions":[{"id":"https://openalex.org/I141371507","display_name":"Soongsil University","ror":"https://ror.org/017xnm587","country_code":"KR","type":"education","lineage":["https://openalex.org/I141371507"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Junseok Shin","raw_affiliation_strings":["Department of Software, Soongsil University, Seoul, South Korea"],"affiliations":[{"raw_affiliation_string":"Department of Software, Soongsil University, Seoul, South Korea","institution_ids":["https://openalex.org/I141371507"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069381273","display_name":"Gwonsang Ryu","orcid":"https://orcid.org/0000-0002-4713-9486"},"institutions":[{"id":"https://openalex.org/I206597221","display_name":"Kongju National University","ror":"https://ror.org/0373nm262","country_code":"KR","type":"education","lineage":["https://openalex.org/I206597221"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Gwonsang Ryu","raw_affiliation_strings":["Department of Artificial Intelligence, Kongju National University, Cheonan, South Korea"],"affiliations":[{"raw_affiliation_string":"Department of Artificial Intelligence, Kongju National University, Cheonan, South Korea","institution_ids":["https://openalex.org/I206597221"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5053797473","display_name":"Daeseon Choi","orcid":"https://orcid.org/0000-0002-1438-0265"},"institutions":[{"id":"https://openalex.org/I141371507","display_name":"Soongsil University","ror":"https://ror.org/017xnm587","country_code":"KR","type":"education","lineage":["https://openalex.org/I141371507"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Daeseon Choi","raw_affiliation_strings":["Department of Software, Soongsil University, Seoul, South Korea"],"affiliations":[{"raw_affiliation_string":"Department of Software, Soongsil University, Seoul, South Korea","institution_ids":["https://openalex.org/I141371507"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5015981102"],"corresponding_institution_ids":["https://openalex.org/I141371507"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.05322114,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"13","issue":null,"first_page":"92086","last_page":"92101"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9210000038146973,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9210000038146973,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.6626437902450562},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.641132116317749},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5305381417274475},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4370816648006439}],"concepts":[{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.6626437902450562},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.641132116317749},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5305381417274475},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4370816648006439}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2025.3570377","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3570377","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:935d68a5eb84454d96b6c0c9728bb5d1","is_oa":true,"landing_page_url":"https://doaj.org/article/935d68a5eb84454d96b6c0c9728bb5d1","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 13, Pp 92086-92101 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3570377","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3570377","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/5","display_name":"Gender equality","score":0.550000011920929}],"awards":[{"id":"https://openalex.org/G1832113594","display_name":null,"funder_award_id":"2021-0-00565","funder_id":"https://openalex.org/F4320328359","funder_display_name":"Ministry of Science and ICT, South Korea"}],"funders":[{"id":"https://openalex.org/F4320328359","display_name":"Ministry of Science and ICT, South Korea","ror":"https://ror.org/01wpjm123"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W106863888","https://openalex.org/W2024257543","https://openalex.org/W2048884875","https://openalex.org/W2084421492","https://openalex.org/W2109952796","https://openalex.org/W2150326939","https://openalex.org/W2155032609","https://openalex.org/W2159510087","https://openalex.org/W2768493644","https://openalex.org/W2784017372","https://openalex.org/W2785892563","https://openalex.org/W2935854679","https://openalex.org/W3013875477","https://openalex.org/W3082594886","https://openalex.org/W3096471656","https://openalex.org/W3171985106","https://openalex.org/W4224950170","https://openalex.org/W4229001986","https://openalex.org/W4384948711","https://openalex.org/W4385692020","https://openalex.org/W4391096200","https://openalex.org/W4400980312","https://openalex.org/W6601151004","https://openalex.org/W6740744476","https://openalex.org/W6766417006","https://openalex.org/W6796823204","https://openalex.org/W6892533438","https://openalex.org/W6902571122"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2912135041"],"abstract_inverted_index":{"Passkeys":[0],"are":[1],"designed":[2],"to":[3,30,61,86,116,125],"enhance":[4],"the":[5,33,39,46,51,62,68,83,89,104,108,113,117,126,131,139,155],"security":[6,144],"and":[7,17,22,66,92,151],"convenience":[8],"of":[9,133,149,158],"authentication":[10,34,48,64],"by":[11,111],"leveraging":[12],"Fast":[13],"Identity":[14],"Online":[15],"(FIDO)":[16],"Web":[18],"Authentication":[19],"(WebAuthn)":[20],"protocols":[21],"utilizing":[23],"credential":[24],"information":[25],"stored":[26],"on":[27],"user":[28],"devices":[29],"securely":[31],"complete":[32],"process.":[35],"This":[36],"study":[37,137],"explores":[38],"potential":[40],"for":[41,141],"Man-in-the-Middle":[42],"(MitM)":[43],"attacks":[44],"during":[45,107],"Passkey":[47,63,85],"process":[49,65,110],"using":[50],"Client-to-Authenticator":[52],"Protocol":[53],"(CTAP).":[54],"We":[55],"applied":[56],"existing":[57],"MitM":[58],"attack":[59,97],"techniques":[60],"analyzed":[67],"outcomes.":[69],"Through":[70],"this":[71,134],"analysis,":[72],"we":[73],"developed":[74],"a":[75],"scenario":[76],"in":[77,146],"which":[78,153],"an":[79,96],"attacker":[80],"can":[81],"use":[82],"victim\u2019s":[84,105,114,127],"log":[87],"into":[88],"attacker\u2019s":[90,118],"PC":[91,119],"explained":[93],"why":[94],"such":[95],"is":[98],"feasible.":[99],"Our":[100],"implementation":[101],"successfully":[102],"hijacked":[103],"session":[106],"CTAP":[109],"connecting":[112],"authenticator":[115],"via":[120],"Bluetooth,":[121],"thereby":[122],"gaining":[123],"access":[124],"account.":[128],"By":[129],"demonstrating":[130],"feasibility":[132],"attack,":[135],"our":[136],"highlights":[138],"need":[140],"more":[142],"robust":[143],"measures":[145],"future":[147],"implementations":[148],"FIDO":[150],"WebAuthn,":[152],"constitute":[154],"foundational":[156],"technologies":[157],"Passkeys.":[159]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}