{"id":"https://openalex.org/W4389776848","doi":"https://doi.org/10.1109/access.2023.3343411","title":"An Empirical Analysis of Incorrect Account Remediation in the Case of Broken Authentication","display_name":"An Empirical Analysis of Incorrect Account Remediation in the Case of Broken Authentication","publication_year":2023,"publication_date":"2023-01-01","ids":{"openalex":"https://openalex.org/W4389776848","doi":"https://doi.org/10.1109/access.2023.3343411"},"language":"en","primary_location":{"id":"doi:10.1109/access.2023.3343411","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2023.3343411","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/10005208/10360844.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/10005208/10360844.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5006737230","display_name":"J. Lee","orcid":"https://orcid.org/0009-0008-2173-5803"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Jeongho Lee","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, South Korea"],"raw_orcid":"https://orcid.org/0009-0008-2173-5803","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, South Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050697645","display_name":"Hyoung-Kee Choi","orcid":null},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Hyoung-Kee Choi","raw_affiliation_strings":["College of Software, Sungkyunkwan University, Suwon, South Korea"],"raw_orcid":"https://orcid.org/0000-0002-5342-5913","affiliations":[{"raw_affiliation_string":"College of Software, Sungkyunkwan University, Suwon, South Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100347335","display_name":"Jin Hee Yoon","orcid":"https://orcid.org/0000-0002-1437-1350"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Jin Hee Yoon","raw_affiliation_strings":["Department of Computer Science and Engineering, Sungkyunkwan University, Suwon, South Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Sungkyunkwan University, Suwon, South Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"last","author":{"id":null,"display_name":"Seongjune Kim","orcid":null},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Seongjune Kim","raw_affiliation_strings":["Department of Computer Science and Engineering, Sungkyunkwan University, Suwon, South Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Sungkyunkwan University, Suwon, South Korea","institution_ids":["https://openalex.org/I848706"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":1.2941,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.85842135,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":96},"biblio":{"volume":"11","issue":null,"first_page":"141610","last_page":"141627"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T14484","display_name":"Technology and Data Analysis","score":0.8001000285148621,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T14484","display_name":"Technology and Data Analysis","score":0.8001000285148621,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6087769269943237},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5674158334732056},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5370849967002869},{"id":"https://openalex.org/keywords/environmental-remediation","display_name":"Environmental remediation","score":0.42329227924346924},{"id":"https://openalex.org/keywords/contamination","display_name":"Contamination","score":0.07514101266860962}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6087769269943237},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5674158334732056},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5370849967002869},{"id":"https://openalex.org/C522964758","wikidata":"https://www.wikidata.org/wiki/Q2019586","display_name":"Environmental remediation","level":3,"score":0.42329227924346924},{"id":"https://openalex.org/C112570922","wikidata":"https://www.wikidata.org/wiki/Q60528603","display_name":"Contamination","level":2,"score":0.07514101266860962},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2023.3343411","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2023.3343411","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/10005208/10360844.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:958cc4afd26e43a2a2d78ebce835533d","is_oa":true,"landing_page_url":"https://doaj.org/article/958cc4afd26e43a2a2d78ebce835533d","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 11, Pp 141610-141627 (2023)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2023.3343411","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2023.3343411","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/10005208/10360844.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4700831490","display_name":null,"funder_award_id":"2022-","funder_id":"https://openalex.org/F4320335489","funder_display_name":"Institute for Information and Communications Technology Promotion"}],"funders":[{"id":"https://openalex.org/F4320324891","display_name":"Iran Telecommunication Research Center","ror":"https://ror.org/01a3g2z22"},{"id":"https://openalex.org/F4320328359","display_name":"Ministry of Science and ICT, South Korea","ror":"https://ror.org/01wpjm123"},{"id":"https://openalex.org/F4320335489","display_name":"Institute for Information and Communications Technology Promotion","ror":"https://ror.org/01g0hqq23"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4389776848.pdf","grobid_xml":"https://content.openalex.org/works/W4389776848.grobid-xml"},"referenced_works_count":54,"referenced_works":["https://openalex.org/W1578972423","https://openalex.org/W1976371754","https://openalex.org/W1996474511","https://openalex.org/W2030112111","https://openalex.org/W2039986066","https://openalex.org/W2100307718","https://openalex.org/W2226744499","https://openalex.org/W2254160488","https://openalex.org/W2256695479","https://openalex.org/W2400965960","https://openalex.org/W2509745758","https://openalex.org/W2538793708","https://openalex.org/W2550183133","https://openalex.org/W2580877740","https://openalex.org/W2659233977","https://openalex.org/W2743269056","https://openalex.org/W2765227388","https://openalex.org/W2765667105","https://openalex.org/W2769372282","https://openalex.org/W2793804413","https://openalex.org/W2895782201","https://openalex.org/W2897005587","https://openalex.org/W2911547762","https://openalex.org/W2914845368","https://openalex.org/W2921360060","https://openalex.org/W2931153881","https://openalex.org/W2933127114","https://openalex.org/W2962178652","https://openalex.org/W2962932298","https://openalex.org/W2963549118","https://openalex.org/W2987263720","https://openalex.org/W3039618903","https://openalex.org/W3107473573","https://openalex.org/W3181051455","https://openalex.org/W3186249566","https://openalex.org/W3211708465","https://openalex.org/W3212969377","https://openalex.org/W4226466313","https://openalex.org/W4281388923","https://openalex.org/W4288057702","https://openalex.org/W4320339608","https://openalex.org/W6636115415","https://openalex.org/W6679151981","https://openalex.org/W6686386243","https://openalex.org/W6732283171","https://openalex.org/W6766417006","https://openalex.org/W6772615694","https://openalex.org/W6782645906","https://openalex.org/W6799296382","https://openalex.org/W6838321876","https://openalex.org/W6840176761","https://openalex.org/W6840634658","https://openalex.org/W6849685576","https://openalex.org/W7007973201"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2387912620","https://openalex.org/W2363883631","https://openalex.org/W2385304721","https://openalex.org/W2372530480","https://openalex.org/W2366040799","https://openalex.org/W2941001315","https://openalex.org/W4386024536","https://openalex.org/W2390279801","https://openalex.org/W2912135041"],"abstract_inverted_index":{"One":[0],"of":[1,22,29,52,70,115,133,150,160,164,167,172,181,187,223],"the":[2,20,26,49,57,68,71,103,113,116,123,130,145,157,165,179,220],"most":[3],"critical":[4],"vulnerabilities":[5,58],"in":[6,67],"authentication,":[7],"commonly":[8],"referred":[9],"to":[10,19,45,111,143,156,193,207,214,218],"as":[11],"\u201cbroken":[12],"authentication,\u201d":[13],"poses":[14],"a":[15],"harmful":[16],"threat,":[17],"leading":[18],"compromise":[21,155],"user":[23],"credentials":[24],"and":[25,47,100,125,136,140,170,201,212],"unauthorized":[27],"hijacking":[28],"sessions.":[30],"Addressing":[31],"these":[32],"security":[33,50,93,221],"breaches":[34],"is":[35,44],"imperative,":[36],"necessitating":[37],"effective":[38],"remediation":[39,53,74,83,117,209],"mechanisms.":[40],"Our":[41,63],"primary":[42],"objective":[43],"assess":[46],"enhance":[48],"posture":[51],"mechanisms":[54,75,118,210],"by":[55,90],"addressing":[56],"associated":[59],"with":[60],"broken":[61,168],"authentication.":[62],"investigation":[64],"reveals":[65],"deficiencies":[66],"implementation":[69],"three":[72,109],"prevailing":[73],"across":[76,95,119],"popular":[77,98,189],"Service":[78],"Providers":[79],"(SPs),":[80],"rendering":[81],"manual":[82],"attempts":[84],"futile.":[85],"We":[86],"demonstrate":[87],"our":[88],"claim":[89],"measuring":[91],"post-compromise":[92],"preparedness":[94],"over":[96],"350":[97],"websites":[99],"applications.":[101],"During":[102],"measurement,":[104],"SPs":[105,190],"were":[106],"divided":[107],"into":[108],"groups":[110],"compare":[112],"correctness":[114],"groups.":[120],"Based":[121],"on":[122],"measurement":[124],"evaluation":[126],"results,":[127],"we":[128],"analyzed":[129],"root":[131],"cause":[132],"such":[134],"incorrectness":[135],"discussed":[137],"possible":[138],"mitigations":[139],"practical":[141],"recommendations":[142],"solve":[144],"remedial":[146],"problems.":[147],"The":[148],"scope":[149,180],"this":[151,182],"study":[152],"ranges":[153],"from":[154],"immediate":[158],"consequences":[159],"countermeasures.":[161],"Hence,":[162],"discussions":[163],"causes":[166],"authentication":[169,176],"descriptions":[171],"attacks":[173],"for":[174],"breaking":[175],"are":[177,191],"beyond":[178],"study.":[183],"Detailed":[184],"case":[185],"studies":[186],"four":[188],"included":[192],"discuss":[194],"their":[195,202],"unique":[196],"reactive":[197],"prevention":[198],"behaviors.":[199],"Observations":[200],"meaningful":[203],"results":[204],"challenge":[205],"us":[206],"render":[208],"opaque":[211],"difficult":[213],"audit,":[215],"which":[216],"contributes":[217],"underestimating":[219],"threats":[222],"ineffective":[224],"revocations.":[225]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}