{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T16:39:22Z","timestamp":1772555962812,"version":"3.50.1"},"reference-count":42,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100010418","name":"Institute for Information and communications Technology Promotion","doi-asserted-by":"publisher","award":["2019-0-00533"],"award-info":[{"award-number":["2019-0-00533"]}],"id":[{"id":"10.13039\/501100010418","id-type":"DOI","asserted-by":"publisher"}]},{"name":"(Research on CPU Vulnerability Detection and Validation)"},{"name":"Research Fund of Signal Intelligence Research Center supervised by the Defense Acquisition Program Administration and the Agency for Defense Development, South Korea"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2020]]},"DOI":"10.1109\/tifs.2019.2938416","type":"journal-article","created":{"date-parts":[[2019,8,29]],"date-time":"2019-08-29T23:56:25Z","timestamp":1567122985000},"page":"1204-1215","source":"Crossref","is-referenced-by-count":14,"title":["(In-)Security of Cookies in HTTPS: Cookie Theft by Removing Cookie Flags"],"prefix":"10.1109","volume":"15","author":[{"given":"Hyunsoo","family":"Kwon","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hyunjae","family":"Nam","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sangtae","family":"Lee","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Changhee","family":"Hahn","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Junbeom","family":"Hur","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897889"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046777"},{"key":"ref33","article-title":"Authentication weaknesses in GCM","author":"ferguson","year":"2005"},{"key":"ref32","first-page":"1193","article-title":"Multi-stage key exchange and the case of Google&#x2019;s QUIC protocol","author":"fischlin","year":"2014","journal-title":"Proc ACM SIGSAC Conf Comput Commun Secur"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.21"},{"key":"ref30","author":"hamilton","year":"2016","journal-title":"QUIC A UDPbasedsecure and Reliable Transport for HTTP\/2"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-150529"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813613"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53018-4_10"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/ITNG.2014.31"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.39"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/2754933"},{"key":"ref11","article-title":"Here come the $\\bigoplus$\n ninjas","volume":"320","author":"duong","year":"2011"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.42"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813707"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813657"},{"key":"ref15","first-page":"112","article-title":"A practical analysis of TLS vulnerabilities in korea Web environment","author":"jeong","year":"2016","journal-title":"Proc Int Workshop Inf Secur Appl"},{"key":"ref16","first-page":"1","article-title":"Nonce-disrespecting adversaries: Practical forgery attacks on GCM in TLS","author":"b\u00f6ck","year":"2016","journal-title":"Proc USENIX Workshop Offensive Technol"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.17487\/rfc5288"},{"key":"ref18","first-page":"1","article-title":"Authentication failures in NIST version of GCM","volume":"3","author":"joux","year":"2006","journal-title":"Nat Inst Standards Technol"},{"key":"ref19","article-title":"The transport layer security (TLS) protocol version 1.3&#x2013;draft-ietf-tls-tls13-05","author":"rescorla","year":"2015"},{"key":"ref28","author":"rescorla","year":"2015","journal-title":"TLS 1 3"},{"key":"ref4","first-page":"1","article-title":"Cross-site scripting","volume":"1","author":"spett","year":"2005","journal-title":"SPI Labs"},{"key":"ref27","author":"b\u00f6ck","year":"2019","journal-title":"Nonce-Disrespect Git-Hub"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.17487\/rfc6797"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"ref29","author":"langley","year":"2015","journal-title":"QUIC and TLS"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.14"},{"key":"ref8","first-page":"689","article-title":"DROWN: Breaking TLS using SSLv2","author":"aviram","year":"2016","journal-title":"Proc 25th Usenix Security Symp"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23418"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.17487\/rfc5246"},{"key":"ref9","article-title":"This POODLE bites: Exploiting the SSL 3.0 fallback","author":"m\u00f6ller","year":"2014"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.49"},{"key":"ref20","author":"benvenuto","year":"2012","journal-title":"Galois Field in Cryptography"},{"key":"ref22","year":"2017","journal-title":"Top Ranking International Websites"},{"key":"ref21","author":"b\u00f6ck","year":"2019","journal-title":"GCM Nonce Checker"},{"key":"ref42","first-page":"1","article-title":"OFFENSIVE: Exploiting changes on DNS server configuration","author":"egea","year":"0"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/s11277-010-0187-1"},{"key":"ref41","first-page":"1","article-title":"Why aren&#x2019;t HTTP-only cookies more widely deployed","volume":"2","author":"zhou","year":"2010","journal-title":"Proceedings of the 4th WebDB"},{"key":"ref23","first-page":"1","article-title":"Predictable prng in the vulnerable debian openssl package: The what and the how","author":"bello","year":"2008","journal-title":"Proc 2nd DEF CON Hacking Conf"},{"key":"ref26","author":"young","year":"2011","journal-title":"OpenSSL The Open Source Toolkit for SSL\/TLS"},{"key":"ref25","author":"biondi","year":"2011","journal-title":"Scapy"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/8833568\/08820079.pdf?arnumber=8820079","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,27]],"date-time":"2022-04-27T17:00:38Z","timestamp":1651078838000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8820079\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"references-count":42,"URL":"https:\/\/doi.org\/10.1109\/tifs.2019.2938416","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]}}}