{"id":"https://openalex.org/W2990002081","doi":"https://doi.org/10.23919/softcom.2019.8903683","title":"Dangers and Prevalence of Unprotected Web Fonts","display_name":"Dangers and Prevalence of Unprotected Web Fonts","publication_year":2019,"publication_date":"2019-09-01","ids":{"openalex":"https://openalex.org/W2990002081","doi":"https://doi.org/10.23919/softcom.2019.8903683","mag":"2990002081"},"language":"en","primary_location":{"id":"doi:10.23919/softcom.2019.8903683","is_oa":false,"landing_page_url":"https://doi.org/10.23919/softcom.2019.8903683","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5051390595","display_name":"Tobias Mueller","orcid":"https://orcid.org/0000-0003-0269-634X"},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Tobias Mueller","raw_affiliation_strings":["University of Hamburg,Germany","University of Hamburg, Germany"],"affiliations":[{"raw_affiliation_string":"University of Hamburg,Germany","institution_ids":["https://openalex.org/I159176309"]},{"raw_affiliation_string":"University of Hamburg, Germany","institution_ids":["https://openalex.org/I159176309"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020952696","display_name":"Daniel Klotzsche","orcid":null},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Daniel Klotzsche","raw_affiliation_strings":["University of Hamburg,Germany","University of Hamburg, Germany"],"affiliations":[{"raw_affiliation_string":"University of Hamburg,Germany","institution_ids":["https://openalex.org/I159176309"]},{"raw_affiliation_string":"University of Hamburg, Germany","institution_ids":["https://openalex.org/I159176309"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038751937","display_name":"Dominik Herrmann","orcid":"https://orcid.org/0000-0002-7374-3054"},"institutions":[{"id":"https://openalex.org/I94626330","display_name":"University of Bamberg","ror":"https://ror.org/01c1w6d29","country_code":"DE","type":"education","lineage":["https://openalex.org/I94626330"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Dominik Herrmann","raw_affiliation_strings":["University of Bamberg,Germany","University of Bamberg, Germany"],"affiliations":[{"raw_affiliation_string":"University of Bamberg,Germany","institution_ids":["https://openalex.org/I94626330"]},{"raw_affiliation_string":"University of Bamberg, Germany","institution_ids":["https://openalex.org/I94626330"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5004687145","display_name":"Hannes Federrath","orcid":null},"institutions":[{"id":"https://openalex.org/I159176309","display_name":"Universit\u00e4t Hamburg","ror":"https://ror.org/00g30e956","country_code":"DE","type":"education","lineage":["https://openalex.org/I159176309"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Hannes Federrath","raw_affiliation_strings":["University of Hamburg,Germany","University of Hamburg, Germany"],"affiliations":[{"raw_affiliation_string":"University of Hamburg,Germany","institution_ids":["https://openalex.org/I159176309"]},{"raw_affiliation_string":"University of Hamburg, Germany","institution_ids":["https://openalex.org/I159176309"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5051390595"],"corresponding_institution_ids":["https://openalex.org/I159176309"],"apc_list":null,"apc_paid":null,"fwci":0.3317,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.57487419,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"5"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6225723028182983},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.4896731674671173}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6225723028182983},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.4896731674671173}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.23919/softcom.2019.8903683","is_oa":false,"landing_page_url":"https://doi.org/10.23919/softcom.2019.8903683","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.41999998688697815,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W1998180710","https://openalex.org/W2101678831","https://openalex.org/W2159764755","https://openalex.org/W2177614278","https://openalex.org/W2535603283","https://openalex.org/W2605157885","https://openalex.org/W2807648053","https://openalex.org/W2896648147","https://openalex.org/W2904027722","https://openalex.org/W2915352631","https://openalex.org/W2962940036","https://openalex.org/W2963779160","https://openalex.org/W4238577395","https://openalex.org/W6685700501"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2382290278","https://openalex.org/W2478288626","https://openalex.org/W4391913857","https://openalex.org/W2350741829","https://openalex.org/W2530322880"],"abstract_inverted_index":{"Most":[0],"Web":[1,55,97,207,273],"sites":[2,98,129],"rely":[3,104],"on":[4,51,105],"resources":[5,32,106],"hosted":[6,33,107,135],"by":[7,34,108,136,145],"third":[8,35,109,137,210],"parties":[9,14,36,110],"such":[10,170,187],"as":[11,162,164,231],"CDNs.":[12],"Third":[13],"may":[15],"be":[16,38,58,266],"compromised":[17],"or":[18,27],"coerced":[19],"into":[20,242],"misbehaving,":[21],"e.g.":[22],"delivering":[23],"a":[24,115,154,159,165,171,209,214,224,232,247,256],"malicious":[25,80,160,219],"script":[26],"stylesheet.":[28],"Unexpected":[29],"changes":[30],"to":[31,73,180,194,197,202,216,239,268],"can":[37],"detected":[39],"with":[40,60,190],"the":[41,75,94,100,128,151,270],"Subresource":[42],"Integrity":[43],"(SRI)":[44],"mechanism.":[45],"The":[46,66,147,221],"focus":[47],"of":[48,69,93,99,127,140,150,156,158,272],"SRI":[49,204],"is":[50,72,153],"scripts":[52],"and":[53,111,228],"stylesheets.":[54],"fonts":[56,134],"cannot":[57],"secured":[59],"that":[61,88,112,123,244,264],"mechanism":[62],"under":[63],"all":[64],"circumstances.":[65],"first":[67],"contribution":[68,149],"this":[70],"paper":[71,152],"evaluates":[74],"potential":[76],"for":[77,167,206],"attacks":[78],"using":[79],"fonts.":[81,274],"With":[82],"an":[83],"instrumented":[84],"browser":[85,215],"we":[86,121,261],"find":[87,122],"(1)":[89],"more":[90,124],"than":[91,125],"95%":[92],"top":[95,102],"50,000":[96],"Tranco":[101],"list":[103],"(2)":[113],"only":[114],"small":[116],"fraction":[117],"employs":[118],"SRI.":[119],"Moreover,":[120],"60%":[126],"in":[130],"our":[131,218],"sample":[132],"use":[133],"parties,":[138],"most":[139],"which":[141,173],"are":[142,178,253],"being":[143],"served":[144],"Google.":[146],"second":[148],"proof":[155],"concept":[157],"font":[161,222],"well":[163],"tool":[166],"automatically":[168],"generating":[169],"font,":[172],"targets":[174,223],"security-conscious":[175],"users":[176,196,241],"who":[177],"used":[179],"verifying":[181],"cryptographic":[182,226],"fingerprints.":[183],"Software":[184],"vendors":[185],"publish":[186],"fingerprints":[188],"along":[189],"their":[191,199],"software":[192,249],"packages":[193],"allow":[195],"verify":[198],"integrity.":[200],"Due":[201],"incomplete":[203],"support":[205],"fonts,":[208],"party":[211],"could":[212,265],"force":[213],"load":[217],"font.":[220],"particular":[225],"fingerprint":[227],"renders":[229],"it":[230],"desired":[233],"different":[234],"fingerprint.":[235],"This":[236],"allows":[237],"attackers":[238],"fool":[240],"believing":[243],"they":[245,252],"download":[246],"genuine":[248],"package":[250],"although":[251],"actually":[254],"downloading":[255],"maliciously":[257],"modified":[258],"version.":[259],"Finally,":[260],"propose":[262],"countermeasures":[263],"deployed":[267],"protect":[269],"integrity":[271]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}