Design of an Efficient and Provable Secure Key Exchange Protocol for HTTP Cookies

Cookies are considered a fundamental means of web application services for authenticating various Hypertext Transfer Protocol(HTTP)requests andmaintains the states of clients’information over the Internet.HTTP cookies are exploited to carry client patterns observed by a website.These client patterns facilitate the particular client’s future visit to the corresponding website.However,security and privacy are the primary concerns owing to the value of information over public channels and the storage of client information on the browser.Several protocols have been introduced that maintain HTTP cookies,but many of those fail to achieve the required security,or require a lot of resource overheads.In this article,we have introduced a lightweight Elliptic Curve Cryptographic(ECC)based protocol for authenticating client and server transactions to maintain the privacy and security of HTTP cookies.Our proposed protocol uses a secret key embedded within a cookie.The proposed protocol ismore efficient and lightweight than related protocols because of its reduced computation,storage,and communication costs.Moreover,the analysis presented in this paper confirms that proposed protocol resists various known attacks.

Improved Mechanism for Detecting Examinations Impersonations in Public Higher Learning Institutions: Case of the Mwalimu Nyerere Memorial Academy (MNMA)

Currently, most public higher learning institutions in Tanzania rely on traditional in-class examinations, requiring students to register and present identification documents for examinations eligibility verification. This system, however, is prone to impersonations due to security vulnerabilities in current students’ verification system. These vulnerabilities include weak authentication, lack of encryption, and inadequate anti-counterfeiting measures. Additionally, advanced printing technologies and online marketplaces which claim to produce convincing fake identification documents make it easy to create convincing fake identity documents. The Improved Mechanism for Detecting Impersonations (IMDIs) system detects impersonations in in-class exams by integrating QR codes and dynamic question generation based on student profiles. It consists of a mobile verification app, built with Flutter and communicating via RESTful APIs, and a web system, developed with Laravel using HTML, CSS, and JavaScript. The two components communicate through APIs, with MySQL managing the database. The mobile app and web server interact to ensure efficient verification and security during examinations. The implemented IMDIs system was validated by a mobile application which is integrated with a QR codes scanner for capturing codes embedded in student Identity Cards and linking them to a dynamic question generation model. The QG model uses natural language processing (NLP) algorithm and Question Generation (QG) techniques to create dynamic profile questions. Results show that the IMDIs system could generate four challenging profile-based questions within two seconds, allowing the verification of 200 students in 33 minutes by one operator. The IMDIs system also tracks exam-eligible students, aiding in exam attendance and integrates with a Short Message Service (SMS) to report impersonation incidents to a dedicated security officer in real-time. The IMDIs system was tested and found to be 98% secure, 100% convenient, with a 0% false rejection rate and a 2% false acceptance rate, demonstrating its security, reliability, and high performance.

The Impersonal Theory of Poetry in “Tradition and the Individual Talent” by TS Eliot

Eliot,an important poet,playwright,and literary critic of the nineteenth century in the United States,was the founder of Western modernism.He pioneered the modern poetic criticism.His practice of modernist poetry is the transition from traditionalist poetics to modernist poetics in the 20th century.His famous poetics theory declaration“Tradition and the Individual Talent”is an immortal classic in the field of poetics theory,in which he proposed the concept of“Traditional,”the theory of“Impersonal”poetry,“Objective Correlative,”and so on.All had a profound influence on the 20th-century poetry creation.This paper aims to analyze and discuss the important“Impersonal”theory from the three aspects of its connotation,the relationship between“Personality”and its intertextuality with New Criticism,so as to further understand Eliot’s poetic concepts.

Novel Homomorphic Encryption for Mitigating Impersonation Attack in Fog Computing

Fog computing is a rapidly growing technology that aids in pipelining the possibility of mitigating breaches between the cloud and edge servers.It facil-itates the benefits of the network edge with the maximized probability of offering interaction with the cloud.However,the fog computing characteristics are suscep-tible to counteract the challenges of security.The issues present with the Physical Layer Security(PLS)aspect in fog computing which included authentication,integrity,and confidentiality has been considered as a reason for the potential issues leading to the security breaches.In this work,the Octonion Algebra-inspired Non-Commutative Ring-based Fully Homomorphic Encryption Scheme(NCR-FHE)was proposed as a secrecy improvement technique to overcome the impersonation attack in cloud computing.The proposed approach was derived through the benefits of Octonion algebra to facilitate the maximum security for big data-based applications.The major issues in the physical layer security which may potentially lead to the possible security issues were identified.The potential issues causing the impersonation attack in the Fog computing environment were identified.The proposed approach was compared with the existing encryption approaches and claimed as a robust approach to identify the impersonation attack for the fog and edge network.The computation cost of the proposed NCR-FHE is identified to be significantly reduced by 7.18%,8.64%,9.42%,and 10.36%in terms of communication overhead for varying packet sizes,when compared to the benchmarked ECDH-DH,LHPPS,BF-PHE and SHE-PABF schemes.

Revised quantum direct communication scheme with mutual authentication

Based on mutual authentication and dense coding,a novel revised efficient quantum direct communication scheme is proposed.It is composed of two phases：the quantum state distribution process and the direct communication process.The purpose of the former is to authenticate Trent and users to each other,and let the two legitimate users（Alice and Bob）safely share the Bell states.While the latter aims to make direct communication to transmit a secret message between Alice and Bob.In order to prevent from Eve＇s eavesdropping as well as to authenticate each other simultaneously,a decoy photon checking technique is applied.Compared with other analogous protocols,the quantum state distribution process is more simple and feasible and the proposed scheme is more efficient;i.e.,the total efficiency is almost 100%.Security analysis shows that the proposed scheme is secure against the eavesdropping attacks,the impersonation attacks,and some special Trent＇s attacks,including the attacks by using different initial states.

Cryptanalysis of Threshold-proxy Threshold-signature Schemes

Recently,Hwang et al.proposed a （t,n） threshold-proxy （c,m） thresholdsignature schemes,in which only any t or more original signers of n original signers can authorize a proxy group of m proxy signers and then only c or more proxy signers can cooperatively generate threshold-proxy threshold-signature.In this scheme,they claimed that original signers cannot forge the proxy signature and the proxy signers cannot forge signature on behalf of the original signers.However,in this paper,we will give a attack to show that their scheme can not resist impersonation attacks.

An efficient hash-based authenticated key agreement scheme for multi-server architecture resilient to key compromise impersonation

During the past decade,rapid advances in wireless communication technologies have made it possible for users to access desired services using hand-held devices.Service providers have hosted multiple servers to ensure seamless online services to end-users.To ensure the security of this online communication,researchers have proposed several multi-server authentication schemes incorporating various cryptographic primitives.Due to the low power and computational capacities of mobile devices,the hash-based multi-server authenticated key agreement schemes with offline Registration Server(RS)are the most efficient choice.Recently,Kumar-Om presented such a scheme and proved its security against all renowned attacks.However,we find that their scheme bears an incorrect login phase,and is unsafe to the trace attack,the Session-Specific Temporary Information Attack(SSTIA),and the Key Compromise Impersonation Attack(KCIA).In fact,all of the existing multi-server authentication schemes(hash-based with offline RS)do not withstand KCLA.To deal with this situation,we propose an improved hash-based multi-server authentication scheme(with offline RS).We analyze the security of the proposed scheme under the random oracle model and use the t4Automated Validation of Internet Security Protocols and Applications''(AVISPA)tool.The comparative analysis of communication overhead and computational complexity metrics shows the efficiency of the proposed scheme.

An enhanced scheme for mutual authentication for healthcare services

With the advent of state-of-art technologies,the Telecare Medicine Information System(TMIS)now offers fast and convenient healthcare services to patients at their doorsteps.However,this architecture engenders new risks and challenges to patients'and the server's confidentiality,integrity and security.In order to avoid any resource abuse and malicious attack,employing an authentication scheme is widely considered as the most effective approach for the TMIS to verify the legitimacy of patients and the server.Therefore,several authentication protocols have been proposed to this end.Very recently,Chaudhry et al.identified that there are vulnerabilities of impersonation attacks in Islam et al.'s scheme.Therefore,they introduced an improved protocol to mitigate those security flaws.Later,Qiu et al.proved that these schemes are vulnerable to the man-in-the-middle,impersonation and offline password guessing attacks.Thus,they introduced an improved scheme based on the fuzzy verifier techniques,which overcome all the security flaws of Chaudhry et al.'s scheme.However,there are still some security flaws in Qiu et al.'s protocol.In this article,we prove that Qiu et al.'s protocol has an incorrect notion of perfect user anonymity and is vulnerable to user impersonation attacks.Therefore,we introduce an improved protocol for authentication,which reduces all the security flaws of Qiu et al.'s protocol.We also make a comparison of our protocol with related protocols,which shows that our introduced protocol is more secure and efficient than previous protocols.

Security Analysis of an Attractive Online Authentication Standard：FIDO UAF Protocol

FIDO(Fast IDentity Online) Alliance proposed a set of standard in 2014 for change the nature of online authentication. By now, it has drawn attention from many companies, including Google, VISA, Intel etc. In this paper, we analyze the FIDO UAF(Universal Authentication Framework) Protocol, one of the two sets of specifications in the standard. We first present protocols' cryptographic abstractions for the registration and authentication protocols of the FIDO UAF. According to the abstractions, we discuss on selected security goals presented in the standard to study UAF security properties. We also propose three attacks, which the first two are based on an assumption that an attacker can corrupt the software installed on the user device, and the third is based on two users sharing a FIDO roaming authenticator. The results of the attacks are to impersonate the legitimate user to pass the online authentication.

The Writing Techniques of T.S Eliot——Analysis of The Love Song of J.Alfred Prufrock

During T.S. Eliot's(1888-1965)whole life he left us a lot of fortune, and The Love Song of J. Alfred Prufrock is considered as one of Eliot's finest and most important works. A lot of scholars and critics have done different researches on this poem.The author of this paper tries to analyze one of these poems from the perspective of T.S. Eliot's poetics.

Two-Dimensional Projection-Based Wireless Intrusion Classification Using Lightweight EfficientNet

Internet of Things(IoT)networks leverage wireless communication protocols,which adversaries can exploit.Impersonation attacks,injection attacks,and flooding are several examples of different attacks existing in Wi-Fi networks.Intrusion Detection System(IDS)became one solution to distinguish those attacks from benign traffic.Deep learning techniques have been intensively utilized to classify the attacks.However,the main issue of utilizing deep learning models is projecting the data,notably tabular data,into an image.This study proposes a novel projection from wireless network attacks data into a grid-based image for feeding one of the Convolutional Neural Network(CNN)models,EfficientNet.We define the particular sequence of placing the attribute values in a grid that would be captured as an image.Combining the most important subset of attributes and EfficientNet,we aim for an accurate and lightweight IDS module deployed in IoT networks.We examine the proposed model using the Wi-Fi attacks dataset,called the AWID2 dataset.We achieve the best performance by a 99.91%F1 score and 0.11%false-positive rate.In addition,our proposed model achieved comparable results with other statistical machine learning models,which shows that our proposed model successfully exploited the spatial information of tabular data to maintain detection accuracy.

The Mediator. Richard III and Macbeth in Einar MurGudmundsson＇ s Novel Angels of the Universe

Gudmundsson＇s Angels of the Universe （Englaralheimsins, 1993） stages a poetic psychodrama weaving Shakespeare＇s characters Richard IlI and Macbeth into the lives of the first-person narrator Paul and his friend Viktor who are undergoing intensive drug treatment at the Klepp hospital in Reykjavik. Viktor starts impersonating Richard III prior to the treatment at Klepp. While enrolled at an English university he assumes the physical and mental guise of Richard, memorizing whole scenes from the play and speaking lines out loud. At some point his perfect English shifts to perfect German as he merges Richard III with Adolf Hitler in his mind. Viktor thus turns the two despots into what Rene Girard in his work Deceit, Desire and the Novel calls the mediator. Girard explores ＂triangular＂ desire in Cervantes＇ knight-errant Don Quixote whose mediator Amadis chooses the objects of the knight＇s desire. With Dostoyevsky external mediation becomes internal mediation whose main features are impotence and alienation. Viktor exhibits these symptoms as a negative, inverted form of the mediator has usurped his personality while relegating the objects of his desire to the background. There are no objects any more. He is alone. The article aims to disclose the complex cultural and sociopsychological reasons for exclusi6n and to explore the poetic dimensi6n of the novel, indicating thst poetry is capable of transcending the limits imposed by society.

The Fish Dissolved in Water： A Deleuze-Guattarian Experiment with Calvino

For Deleuze, the time of thinking in terms of＂I＂ or ＂sell＂ has already ended. Novelists, according to Deleuze, have already recognized this. What these new novelists have realized is simply the way to elude control, a new intuition to develop unidentifiable means of resistance. Who are these novelists？ What struggles have been made in their work for liberation？ In what sense these fictions are revolutionary？ And what does it mean to think as impersonal individuations？ I argue, in this piece of work, that Italo Calvino is one of those novelists, in fictions of whom one might find truthful answers to most of the questions above and trace revolutionary insights of the kind Deleuze implicitly fosters. The ordinary characters or non-characters of Calvino function in a sense as a minor language operating through pages of the fiction. The fact that they are not in focus or not habitually actualized gives them power to resist representation. The elusive force running through the fiction might clearly be read as Deleuze-Guattarian body-without-organs. Accomplishing a reading of this kind requires a machinic thinking. What I attempt in this work is to try to perform such an experimental reading.

Authenticated Key Agreement Protocols: A Comparative Study

One of the most important and challenging cryptographic primitives in Public Key Cryptography is Key Agreement Protocol where two or more parties share secret values and establish the session key. Many authors have proposed key agreement protocols. In this article, we have viewed some authenticated Key Agreement Protocols and presented a comparative study. We have also described the design principle, security requirement and various attacks on Key Agreement Protocol.

Public Key Infrastructure: A Survey

As security is essential in communications through electronic networks, development of structures providing high levels of security is needed. Public Key Infrastructure (PKI) is a way of providing security measures by implementing the means of key pairs among users. In this paper, an overview of the public key infrastructure is discussed that includes various components and operation, some well known PKIs and their comparisons. Also we discuss current implementations, risk and challenges of PKIs.

Impersonality in Elizabeth Bishop's The Fish

Elizabeth Bishop(1911-1979), one of the most important and distinguished poets in the twentieth-century American literary world, is recognized as unique mainly for her objective and the imaginative images and the detachment in her poetry. Her poetry emphasizes the emotional self-control and avoids the description of individual life. This style is just coincided with T. S.Eliot's theory of impersonality. The article attempts to analyze the specific use of impersonality in Bishop's poem The Fish from two aspects: the objective description of the fish and the revelation of the universal truth.

On the Relationship between T. S. Eliot and the New Criticism from Their Opinions on Literary Work and Reader

T. S. Eliot is always considered as the pioneering father and founder of the New Criticism. This paper compares the similarities and differences of T. S. Eliot's relevant theories with those of the New Criticism from two aspects: their viewpoints of the literary works and those of the reader. It concludes that though they share the same belief in the importance of the literary works, the New Criticism is good at the subtle analysis of one text and another. However, Eliot recognizes the reader's function in the appreciation of the works which New Criticism totally objects to, and their responses should be properly considered in the criticism of the works.

Improvement of McCullagh-Barreto key agreement with KCI-security

McCullagh-Barreto key agreement protocol and its variant achieve perfect forward security and key generation center （KGC） forward security, but provide no resistance to key compromise impersonation attack （KCI attack）. In this paper, we give a formal treatment of key compromise impersonation （KCI） attack and define the security notion against it. Then an variant of McCullagh-Barreto protocol is presented with only one more Hash operation. The improved protocol preserves perfect forward security and KGC forward security, and furthermore is proved to be secure against KCI attack under k-Gap-BCAA1 assumption.

A Deniable Authenticated Key Agreement Protocol

This paper presents a deniable authenticated key agreement protocol. This protocol can provide an authenticated session key while the sender and the receiver can deny their involvement in such a protocol if the protocol is executed successfully. Then both can deny their transmitted messages protected by the authenticated session key. If this protocol fails, no authenticated session key can be established and no protected messages can be transmitted. The protocol can be proved secure against key compromise impersonation attack. The protocol employs a new method to isolate a session key from confirmation keys.

Cryptanalysis and improvement of two new RFID protocols based on R-RAPSE

RFID(Radio Frequency IDentification)is a pioneer technology which has depicted a new lifestyle for humanity.Nowadays we observe an increase in the number of RFID applications and no one can ignore their numerous usage.An important issue with RFID systems is providing privacy requirements of these systems during authentication.Recently in 2014,Cai et al.proposed two improved RFID authentication protocols based on R-RAPS(RFID Authentication Protocol Security Enhanced Rules).We investigate the privacy of their protocols based on Ouafi and Phan privacy model and show that these protocols cannot provide private authentication for RFID users.Moreover,we show that these protocols are vulnerable to impersonation,DoS and traceability attacks.Moreover,we present two improved efficient and secure authentication protocols to ameliorate the performance of Cai et al.’s schemes.Our analysis illustrates that the existing weaknesses of the discussed protocols are eliminated in our proposed protocols.