She had an encrypted session, a copy of her tickets already waiting for her, and she never typed her password.
She had an encrypted session, a copy of her tickets were waiting for her, and she never typed her password.
But if somebody with malice coopts SSL certificates or hides malicious content in an encrypted session, users could be subject to various advanced threat techniques, such as compromised web sites and phishing emails or ransomware to name a few.
S1 prepared one-time random string w for encrypting session credential details.
C prepared one-time random strings u and x for encrypting session details.
) Since w is generated by S1 in our authentication approach, so that S1 has w and persuaded that w is fresh, and also assumes that w is used by C and S2 for encrypting session credential details ( {mathrm{S}}_1ni w, {mathrm{S}}_1equiv #(w). ) C prepared one-time random strings u and x for encrypting session details.
) Since the one-time random strings u and x are prepared by C, so that C has u and x, and persuaded that u and x are fresh, and also assumes that u and x are used by S1 for encrypting session credential details ( mathrm{C}mathbf{ni}left(mathrm{u}, mathrm{x}right),mathrm{C}equiv #left u, xright).
To analyze our authentication protocol using belief logic we made the following list of assumptions: S1 has public key + K, private key –K and a one-time random string w ( {mathrm{S}}_1ni +mathrm{K},;{mathrm{S}}_1ni hbox mathrm{K},;{mathrm{S}}_1ni w ) S1 prepared one-time random string w for encrypting session credential details.
) Since the one-time random strings v and y are prepared by S2, so that S2 has v and y, and persuaded that v and y are fresh, and also assumes that v and y are used by S1 for encrypting session credential details ( {mathrm{S}}_2mathbf{ni}left v, yright),{mathrm{S}}_2equiv #left v,yright).
This stops malicious plug-ins that monitor encrypted Web sessions — the ones where the URL changes from "http" to "https" — in case credit card numbers are transmitted.
