In this paper, we present some attacks on GAGE, InGAGE, and CiliPadi, which are candidates of the first round of the NIST-LWC competition. GAGE and InGAGE are lightweight sponge based hash function and Authenticated Encryption with Associated Data (AEAD), respectively, and support different sets of parameters. The length of hash, key, and tag are always 256, 128, and 128 bits, respectively. We show that the security bounds for some variants of its hash and AEAD are less than the designers’ claims. For example, the designers’ security claim of the Preimage attack for a hash function when the rate is 128 bits, and the capacity is 256 bits, is 2256. However, we show that the security of Preimage for this parameter set is 2128. Also, the designer claimed security of confidentiality for an AEAD, when the rate is 8 bits, and the capacity is 224 bits, is 2116. However, we show the security of confidentiality for it is 2112. We also investigate the structure of the permutation used in InGAGE and present an attack to recover the key for reduced rounds of a variant of InGAGE. In an instance of AEAD of InGAGE, when the rate is 8 bits and the capacity is 224 bits, we recover the key when the number of the composition of the main permutation with itself, i. e., r1, is less than 8. We also show that CiliPadi is vulnerable to the length extension attack by presenting concrete examples of forged messages.

Background: Previous literatures have shown a transient ischemic attack (TIA) mimic rate of 9-31%. We aimed to ascertain the proportion of stroke mimics amongst suspected TIA patients.Methods: A prospective observational study was performed in Ghaem Hospital, Mashhad, Iran during 2012-2013. Consecutive TIA patients were identified in a stroke center.The initial diagnosis of TIA was made by the resident of neurology and final diagnosis of true TIA versus TIA mimics was made after 3 months follow-up by stroke subspecialist.Results: A total of 310 patients were assessed during a 3-month period of which 182 (58.7%) subjects were male and 128 (41.3%) were female. Ten percent of the patients was categorized as a TIA mimic. The presence of hypertension, aphasia, duration of symptoms, and increased age was the strongest predictor of a true TIA. Migraine was the most common etiology of stroke mimic in our study.Conclusion: It seems that many signs and symptoms have low diagnostic usefulness for discrimination of true TIA from non-cerebrovascular events and predictive usefulness of any sign or symptom should be interpreted by a stroke neurologist.

Cooperative Spectrum Sensing (CSS) is an effective approach to overcome the impact of multi-path fading and shadowing issues. The reliability of CSS can be severely degraded under Byzantine attack, which may be caused by either malfunctioning sensing terminals or malicious nodes. Almost, the previous studies have not analyzed and considered the attack in their models. The present study introduces a new issue named attack-aware CSS where the objective is to analyze the occurred attack against CR network to ameliorate the performance of data fusion schemes. The novelty includes the modification of Weighted Sequential Probability Ratio Test (WSPRT) algorithm which resulted in attack-Aware WSPRT (A2WSPRT). The findings indicated considerable reduction in cooperation overhead and enhancement in correct sensing ratio, especially in severe attacks.

Statins are commonly used drugs in the treatment of hyperlipidemia (HL), despite some undesirable side effects. These range from mild symptoms such as myopathy, muscle weakness and myalgia to severe muscle weakness associated with chronic myopathy and acute renal failure (ARF) as a result of rhabdomyolysis. The most serious and deadly side effect of statins is rhabdomyolysis. The case presented here is of a patient with rhabdomyolysis due to treatment with the antihyperlipidemic drug, atorvastatin.

In the present time, web applications are growing constantly in the whole society with the development of communication technology. Since the utilization of WWW (World Wide Web) expanded and increased since it provides many services, such as sharing data, staying connected, and other services. As a consequence, these numerous numbers of web application users are susceptible to cybersecurity breaches to steal sensitive information or crash the users' systems, etc. Particularly, the most common vulnerability today in web applications is the Cross-Site Scripting (XSS) attack. Furthermore, online cyber attacks utilizing cross-site scripting were responsible for 40% of the attack instances that struck enterprises in North America and Europe in 2019. Therefore, cross-site scripting is a form of an injection that targets both vulnerable and non-vulnerable websites, for the injection of malicious scripts. Cross-site scripting XSS operates by directing users to a vulnerable website that contains malicious JavaScript. Then, when malicious code runs in a victim's browser, the attacker has complete control over how they interact with the application. To protect the website or prevent the XSS, must know the application complexity and the way it handles data must be known so it could be controlled by the user. However, Detecting XSS e ectively is still a work in progress, and XSS is considered a gateway for various attacks. However, in this paper, we will introduce the XSS attack and the forms of XSS as a review paper. In addition, the methods and techniques that help to detect cross-site scripting (XSS) attacks.

In cloud computing, multiple users can share the same physical machine that can potentially leak secret information, in particular when the memory de-duplication is enabled. Flush+Reload attack is a cache-based attack that makes use of resource sharing. T-table implementation of AES is commonly used in the crypto libraries like OpenSSL. Several Flush+Reload attacks on T-table implementation of AES have been proposed in the literature which requires a notable number of encryptions. In this paper, we present a technique to enhance the Flush+Reload attack on AES in the ciphertext-only scenario by significantly reducing the number of needed encryptions in both native and cross-VM setups. In this paper, we focus on finding the wrong key candidates and keep the right key by considering only the cache miss event. Our attack is faster than previous Flush+Reload attacks. In particular, our method can speed-up the Flush+Reload attack in cross-VM environment significantly. To verify the theoretical model, we implemented the proposed attack.

CPU caches are powerful sources of information leakage. To develop practical cache-based attacks, the need for automation of the process of finding exploitable cachebased side-channels in computer systems is felt more than ever. Cache template attack is a generic technique that utilizes Flush+Reload attack in order to automatically exploit cache vulnerability of Intel platforms. Cache template attack on the T-table-based AES implementation consists of two phases including the pro, ling phase and key exploitation phase. Pro, ling is a preprocessing phase to monitor dependencies between the secret key and behavior of the cache memory. In addition, the addresses of T-tables can be obtained automatically. At the key exploitation phase, Most Significant Bits (MSBs) of the secret key bytes are retrieved by monitoring the exploitable addresses. This study proposed a simple yet effective searching technique, which accelerates the pro, ling phase by a factor of utmost 64. In order to verify the theoretical model of our technique, the mentioned attack on AES was implemented. The experimental results revealed that the pro, ling phase runtime of the cache template attack was approximately 10 minutes, while the proposed method could speed up the running of this phase up to almost 9 seconds.

Development of Internet network allows voice communication by Voice over Internet Protocol (VOIP). Session Initiation Protocol (SIP) is the most important signaling protocols in this network. This paper related to Denial of Service (DOS) attacks; specifically INVITE flooding attacks on SIP protocol. In this kind of attacks, an attacker disrupts Server network service by sending successive invite packets. In this paper, we explored modes of emergence INVITE flooding attack and the effects of this attack on SIP server. Results of this experiment indicate that after increasing attack rate, server CPU usage consumption surges. In addition, high CPU utilization leads to rise in the number of transmitted duplicate packets and reduced successful session. Moreover, we demonstrated that faster attack detection can be obtained by replacing Jeffrey distance instead of Hellinger distance.