<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.4 20241031//EN" "JATS-journalpublishing1-4.dtd">
<article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" article-type="research-article" dtd-version="1.4" xml:lang="en">
  <front>
    <journal-meta>
      <journal-id journal-id-type="publisher-id">jsea</journal-id>
      <journal-title-group>
        <journal-title>Journal of Software Engineering and Applications</journal-title>
      </journal-title-group>
      <issn pub-type="epub">1945-3124</issn>
      <issn pub-type="ppub">1945-3116</issn>
      <publisher>
        <publisher-name>Scientific Research Publishing</publisher-name>
      </publisher>
    </journal-meta>
    <article-meta>
      <article-id pub-id-type="doi">10.4236/jsea.2025.1812032</article-id>
      <article-id pub-id-type="publisher-id">jsea-148310</article-id>
      <article-categories>
        <subj-group>
          <subject>Article</subject>
        </subj-group>
        <subj-group>
          <subject>Computer Science</subject>
          <subject>Communications</subject>
        </subj-group>
      </article-categories>
      <title-group>
        <article-title>Secure Offline: A Hardware-Bound Cryptographic Framework for Software License Validation in Internet Constrained Educational Environments</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <contrib-id contrib-id-type="orcid">0009-0004-0846-128X</contrib-id>
          <name name-style="western">
            <surname>Kalembo</surname>
            <given-names>Cephas</given-names>
          </name>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <name name-style="western">
            <surname>Ntalasha</surname>
            <given-names>Derick</given-names>
          </name>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
      </contrib-group>
      <aff id="aff1"><label>1</label> Department of Computer Science, The Copperbelt University, Kitwe, Zambia </aff>
      <author-notes>
        <fn fn-type="conflict" id="fn-conflict">
          <p>The authors declare no conflicts of interest regarding the publication of this paper.</p>
        </fn>
      </author-notes>
      <pub-date pub-type="epub">
        <day>16</day>
        <month>12</month>
        <year>2025</year>
      </pub-date>
      <pub-date pub-type="collection">
        <month>12</month>
        <year>2025</year>
      </pub-date>
      <volume>18</volume>
      <issue>12</issue>
      <fpage>564</fpage>
      <lpage>587</lpage>
      <history>
        <date date-type="received">
          <day>29</day>
          <month>09</month>
          <year>2025</year>
        </date>
        <date date-type="accepted">
          <day>22</day>
          <month>12</month>
          <year>2025</year>
        </date>
        <date date-type="published">
          <day>25</day>
          <month>12</month>
          <year>2025</year>
        </date>
      </history>
      <permissions>
        <copyright-statement>© 2025 by the authors and Scientific Research Publishing Inc.</copyright-statement>
        <copyright-year>2025</copyright-year>
        <license license-type="open-access">
          <license-p> This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license ( <ext-link ext-link-type="uri" xlink:href="https://creativecommons.org/licenses/by/4.0/">https://creativecommons.org/licenses/by/4.0/</ext-link> ). </license-p>
        </license>
      </permissions>
      <self-uri content-type="doi" xlink:href="https://doi.org/10.4236/jsea.2025.1812032">https://doi.org/10.4236/jsea.2025.1812032</self-uri>
      <abstract>
        <p>Educational software deployment in Sub-Saharan Africa faces significant challenges due to intermittent internet connectivity and limited digital payment infrastructure. This necessitates offline-first applications with robust license validation mechanisms that can operate independently of network connectivity. This paper presents a comprehensive security analysis of a real-world educational platform’s offline licensing system and proposes Secure Offline, a hardware-bound cryptographic framework for secure software activation in resource-constrained environments. Our analysis reveals critical vulnerabilities in current approaches, including trial period manipulation through file deletion (100% success rate), temporal tampering via system clock modification (95% effectiveness), and weak device binding mechanisms. Secure Offline addresses these vulnerabilities through a multi-layered approach combining hardware fingerprinting, cryptographic key derivation using PBKDF2 (Password-Based Key Derivation Function 2), and AES-256-GCM (Advanced Encryption Standard 256-bit in Galois/Counter Mode) encrypted license storage. Experimental validation demonstrates that Secure Offline reduces successful circumvention attempts by 97.3% while maintaining computational efficiency suitable for low-resource devices (average validation time: 23 ms). The framework provides a practical solution for software vendors requiring reliable intellectual property protection in offline-first deployment scenarios.</p>
      </abstract>
      <kwd-group kwd-group-type="author-generated" xml:lang="en">
        <kwd>Offline Authentication</kwd>
        <kwd>Hardware Fingerprinting</kwd>
        <kwd>Cryptographic Protocols</kwd>
        <kwd>Educational Software</kwd>
        <kwd>Resource-Constrained Environments</kwd>
        <kwd>License Validation</kwd>
        <kwd>Sub-Saharan Africa</kwd>
      </kwd-group>
    </article-meta>
  </front>
  <body>
    <sec id="sec1">
      <title>1. Introduction</title>
      <p>The digital divide in Sub-Saharan Africa presents unique challenges for educational technology deployment. Despite significant progress in mobile connectivity, reliable internet access remains limited, with only 28% of the population having consistent broadband access [<xref ref-type="bibr" rid="B1">1</xref>]. Regional digital transformation initiatives [<xref ref-type="bibr" rid="B2">2</xref>]-[<xref ref-type="bibr" rid="B4">4</xref>] emphasize the critical need for secure offline-capable technologies that address specific cybersecurity challenges prevalent in Sub-Saharan African educational contexts. Educational institutions often rely on offline-first applications that can function independently of network connectivity while still providing robust content protection and license validation.</p>
      <p>Traditional online license validation systems are inadequate for these environments, as they require constant internet connectivity for periodic license checks. This has led to the development of offline licensing mechanisms that attempt to balance security with accessibility [<xref ref-type="bibr" rid="B5">5</xref>]. The widespread adoption of mobile payment systems, particularly M-Pesa, demonstrates the viability of secure financial transactions that operate reliably despite connectivity constraints. However, our analysis of real-world implementations reveals significant security vulnerabilities that undermine intellectual property protection.</p>
      <sec id="sec1dot1">
        <title>1.1. Problem Statement</title>
        <p>Current offline licensing solutions suffer from several critical vulnerabilities:</p>
        <p><bold>1)</bold><bold>Trial Reset Attacks</bold>: Simple file deletion can reset trial periods indefinitely.</p>
        <p><bold>2)</bold><bold>Temporal Manipulation</bold>: System clock modification can extend license validity.</p>
        <p><bold>3)</bold><bold>License Portability</bold>: Weak device binding allows unauthorized license transfer.</p>
        <p><bold>4)</bold><bold>Cryptographic Weaknesses</bold>: Inadequate key management and storage mechanisms.</p>
      </sec>
      <sec id="sec1dot2">
        <title>1.2. Contributions</title>
        <p>This work makes the following contributions:</p>
        <p>1) A comprehensive security analysis of real-world offline licensing implementations.</p>
        <p>2) Identification of critical vulnerabilities in current approaches.</p>
        <p>3) Design and specification of SecureOffline, a hardware-bound cryptographic framework.</p>
        <p>4) Experimental validation demonstrating significant security improvements.</p>
        <p>5) A practical solution suitable for resource-constrained educational environments.</p>
      </sec>
      <sec id="sec1dot3">
        <title>1.3. Threat Model</title>
        <p>This work operates under a clearly defined threat model that establishes the scope of security considerations for offline software licensing systems in educational environments.</p>
        <p><bold>Attacker Capabilities:</bold>We assume attackers have local administrative access to the target device, including the ability to:</p>
        <p>Modify system files, registry entries, and application data.Manipulate system clock and temporal settings.Install debugging tools and reverse engineering software.Access file system contents and network traffic (when available).Execute arbitrary code with elevated privileges.</p>
        <p><bold>Attacker Goals:</bold>The primary objectives of potential attackers include:</p>
        <p>Bypassing license validation to gain unauthorized software access.Extending trial periods indefinitely through temporal manipulation.Transferring valid licenses between different devices.Extracting and redistributing license keys or activation data.Disrupting the licensing system to render software unusable.</p>
        <p><bold>Device Control Assumptions:</bold>Our threat model assumes attackers have physical access and administrative control over the target device but cannot:</p>
        <p>Modify hardware-level identifiers (CPU serial numbers, motherboard specifications).Break cryptographic primitives (AES-256, PBKDF2 with sufficient iterations).Compromise the integrity of cryptographic libraries during execution.Access secure hardware enclaves or trusted execution environments when available.</p>
        <p>This threat model reflects the practical reality of educational software deployment where devices are typically shared, unmanaged, and accessible to technically sophisticated users who may attempt various circumvention techniques. While our primary focus addresses common circumvention attempts, we acknowledge that educational institutions may face Advanced Persistent Threats (APTs) that exploit institutional-specific configurations and deployment patterns, requiring additional security considerations beyond individual device protection.</p>
      </sec>
    </sec>
    <sec id="sec2">
      <title>2. Related Work</title>
      <p>Software license validation has evolved significantly over the past decade, driven by the need to balance security with user experience [<xref ref-type="bibr" rid="B6">6</xref>]. NIST Special Publication 800-132 provides authoritative guidance on cryptographic key derivation for secure systems. Early approaches relied heavily on network connectivity for real-time validation, making them unsuitable for offline environments. The challenges are particularly acute in educational software deployment, where licensing systems must accommodate diverse hardware configurations and intermittent connectivity [<xref ref-type="bibr" rid="B7">7</xref>][<xref ref-type="bibr" rid="B8">8</xref>].</p>
      <sec id="sec2dot1">
        <title>2.1. Online License Validation</title>
        <p>Traditional online licensing systems rely on periodic server communication for validation [<xref ref-type="bibr" rid="B9">9</xref>]. These systems typically employ challenge-response protocols, certificate authorities, and centralized databases for license management. Educational technology adoption analysis [<xref ref-type="bibr" rid="B10">10</xref>] demonstrated that while online systems provide strong security guarantees, they fundamentally fail in environments with limited connectivity.</p>
        <p>Martinez and Lopez [<xref ref-type="bibr" rid="B11">11</xref>] conducted comprehensive analysis of educational technology adoption in Sub-Saharan Africa, revealing significant infrastructure constraints that necessitate offline-first software design. Their study revealed important trade-offs between security and performance in resource-limited environments.</p>
        <p>Garcia and van Rossum [<xref ref-type="bibr" rid="B12">12</xref>] examined comprehensive surveys of digital rights management, highlighting the limitations of cloud-dependent licensing in offline-first scenarios. Their work emphasizes the need for hybrid approaches that can operate both online and offline.</p>
      </sec>
      <sec id="sec2dot2">
        <title>2.2. Hardware Fingerprinting</title>
        <p>Hardware fingerprinting techniques have been employed for device identification and anti-piracy measures [<xref ref-type="bibr" rid="B13">13</xref>]. Tamper-resistant software licensing research explored various hardware characteristics including CPU features, MAC addresses, and storage device signatures, demonstrating that multicomponent fingerprints achieve higher stability and uniqueness compared to single-parameter approaches [<xref ref-type="bibr" rid="B14">14</xref>].</p>
        <p>Franklin <italic>et al</italic>. [<xref ref-type="bibr" rid="B15">15</xref>] developed security considerations for cross-platform desktop applications in virtualized environments. Their approach combines CPU characteristics, network interface identifiers, and storage device signatures to create robust device fingerprints with high uniqueness across diverse test configurations.</p>
        <p>Yan and Ahmad [<xref ref-type="bibr" rid="B16">16</xref>] provided an analysis of physical one-way functions in hardware security contexts. Their work includes performance considerations across various hardware platforms, particularly relevant for educational technology deployment in resource-constrained environments.</p>
      </sec>
      <sec id="sec2dot3">
        <title>2.3. Cryptographic Key Derivation</title>
        <p>Password-Based Key Derivation Functions (PBKDFs) have become standard practice for deriving cryptographic keys from low-entropy sources, as established in foundational NIST guidelines. The evolution of password-based key derivation has addressed various attack vectors through improved algorithms. While PBKDF2 remains widely adopted for its standardization and broad implementation support, alternative approaches such as Argon2 [<xref ref-type="bibr" rid="B17">17</xref>] and Franklin<italic>et al</italic>. [<xref ref-type="bibr" rid="B18">18</xref>] have been developed to provide enhanced resistance against specialized hardware attacks. However, for educational software deployment, PBKDF2’s computational efficiency and universal support make it the preferred choice for resource-constrained environments.</p>
        <p>PKCS #5 specifications define the mathematical foundations for password-based cryptography, including PBKDF2 algorithms widely used in license validation systems. Kelsey <italic>et al</italic>. [<xref ref-type="bibr" rid="B19">19</xref>] conducted foundational research on secure applications of low-entropy keys, demonstrating theoretical foundations for password-based key derivation that remain relevant for modern offline authentication systems.</p>
      </sec>
      <sec id="sec2dot4">
        <title>2.4. Offline Authentication Mechanisms</title>
        <p>Limited research exists on robust offline authentication for software licensing [<xref ref-type="bibr" rid="B20">20</xref>]. Chen <italic>et al</italic>. [<xref ref-type="bibr" rid="B21">21</xref>] proposed secure authentication protocols specifically designed for mobile applications in resource-constrained environments, using cryptographic techniques that enable secure validation without requiring persistent network connectivity. While identity-based encryption</p>
        <p>[<xref ref-type="bibr" rid="B22">22</xref>] offers theoretical advantages for distributed authentication by eliminating the need for certificate infrastructure, practical offline licensing systems require different approaches that can operate without any network connectivity.</p>
        <p>Murdoch [<xref ref-type="bibr" rid="B23">23</xref>] conducted comprehensive analysis of time-based attacks against authentication systems, demonstrating that pure offline systems face fundamental challenges in preventing sophisticated temporal manipulation without trusted hardware support. Their work identifies important limitations in timestamp-based validation approaches.</p>
        <p>Collberg <italic>et al</italic>. [<xref ref-type="bibr" rid="B24">24</xref>] examined anti-reverse engineering techniques for software protection, proposing comprehensive taxonomies that combine code obfuscation and runtime integrity checks to protect cryptographic keys embedded in applications.</p>
      </sec>
      <sec id="sec2dot5">
        <title>2.5. Advanced Persistent Threats in Educational Environments</title>
        <p>Traditional vulnerability assessments focus primarily on common attack vectors such as file manipulation and temporal tampering. However, educational institutions face increasingly sophisticated threats that require more comprehensive security analysis. Advanced Persistent Threats (APTs) targeting educational software deployments exploit institutional-specific configurations and operational patterns unique to academic environments.</p>
        <p>Educational institutions present distinct attack surfaces due to their operational characteristics: shared computing resources, diverse user privilege levels, and periodic software deployment cycles. APTs targeting these environments often leverage institutional knowledge of deployment schedules, administrative practices, and network topologies to establish persistent access mechanisms that traditional offline validation systems fail to detect.</p>
        <p>Institution-specific configuration vulnerabilities emerge from standardized deployment practices across educational networks. Attackers with knowledge of institutional IT policies can exploit predictable software installation patterns, shared administrative credentials, and synchronized system configurations to compromise multiple devices simultaneously. These threats extend beyond individual license circumvention to systematic compromise of entire educational technology infrastructures.</p>
        <p>The distributed nature of educational software deployment in resource-constrained environments creates additional attack vectors. Limited IT support staff and standardized system images increase the potential impact of targeted attacks that exploit institutional configuration patterns. Current offline licensing approaches fail to address these sophisticated threat models, necessitating comprehensive security frameworks that consider both technical vulnerabilities and institutional deployment contexts.</p>
      </sec>
      <sec id="sec2dot6">
        <title>2.6. Regional Infrastructure Considerations</title>
        <p>The World Bank’s digital infrastructure assessment [<xref ref-type="bibr" rid="B25">25</xref>] provides economic context for technology deployment, noting that cost-effective solutions must balance security requirements with affordability constraints typical of educational institutions in developing regions.</p>
      </sec>
      <sec id="sec2dot7">
        <title>2.7. Security Framework Design</title>
        <p>The OWASP Electron Security Guidelines [<xref ref-type="bibr" rid="B26">26</xref>] provide specific recommendations for securing desktop applications, including protection against binary analysis and key extraction. These guidelines are particularly relevant for educational software that must operate in environments where users have administrative access to devices.</p>
      </sec>
    </sec>
    <sec id="sec3">
      <title>3. Case Study: Vulnerability Analysis of Current Implementation</title>
      <p>We analyze the security of ZStudy Virtual Lab, a real-world educational platform deployed in African institutions. The platform implements a typical offline licensing scheme that reveals common vulnerabilities in such systems. Our analysis methodology combines static code analysis, dynamic testing, and penetration testing techniques (see <bold>Table 1</bold>).</p>
      <sec id="sec3dot1">
        <title>3.1. Methodology and System Architecture</title>
        <p>Our vulnerability assessment employed a systematic approach:</p>
        <p><bold>1)</bold><bold>Static Analysis</bold>: Code review of the licensing module.</p>
        <p><bold>2)</bold><bold>Dynamic Testing</bold>: Runtime behavior analysis under various attack scenarios.</p>
        <p><bold>3)</bold><bold>Penetration Testing</bold>: Simulation of real-world attack vectors.</p>
        <p><bold>4)</bold><bold>Performance Measurement</bold>: Timing analysis of cryptographic operations.</p>
        <p>The current implementation stores license information in a JSON (JavaScript Object Notation) file located at:</p>
        <p>The license data structure contains:</p>
        <p>Installation timestamp (Unix epoch).License tier (trial, 3-month, year).Expiration date (Unix epoch).HMAC (Hash-based Message Authentication Code) signature for integrity verification.Device binding identifier.</p>
      </sec>
      <sec id="sec3dot2">
        <title>3.2. Current Cryptographic Implementation</title>
        <p>The system employs HMAC-SHA256 (Hash-based Message Authentication Code using SHA-256) for license integrity verification. SHA-256 refers to the Secure Hash Algorithm producing 256-bit hash values (see <bold>Algorithm 1</bold>).</p>
        <fig id="fig1">
          <label>Figure 1</label>
          <graphic xlink:href="https://html.scirp.org/file/9303454-rId17.jpeg?20251225023443" />
        </fig>
        <p>The cryptographic signature is computed as:</p>
        <p><italic>signature</italic>= <italic>HMAC</italic><italic><sub>SHA</sub></italic><sub>256</sub>(<italic>K</italic><italic><sub>secret</sub></italic><italic>, license</italic><italic><sub>data</sub></italic>) (1)</p>
        <p>where <italic>K</italic><italic><sub>secret</sub></italic> is a hardcoded application secret derived using Scrypt key derivation function, and <italic>license</italic><italic><sub>data</sub></italic> represents the serialized license information.</p>
      </sec>
      <sec id="sec3dot3">
        <title>3.3. Detailed Vulnerability Analysis</title>
        <p>Our penetration testing identified five critical vulnerability classes with quantified success rates across 100 test iterations per attack vector (see <bold>Table 1</bold>).</p>
        <p><bold>Table 1</bold><bold>.</bold> Vulnerability analysis results.</p>
        <table-wrap id="tbl1">
          <label>Table 1</label>
          <table>
            <tbody>
              <tr>
                <td>
                  <bold>Vulnerability</bold>
                </td>
                <td>
                  <bold>Attack</bold>
                  <bold>Vector</bold>
                </td>
                <td>
                  <bold>Success</bold>
                  <bold>Rate</bold>
                </td>
                <td>
                  <bold>Difficulty</bold>
                </td>
              </tr>
              <tr>
                <td>Trial Reset</td>
                <td>File deletion</td>
                <td>100%</td>
                <td>Low</td>
              </tr>
              <tr>
                <td>Temporal Manipulation</td>
                <td>Clock modification</td>
                <td>95%</td>
                <td>Low</td>
              </tr>
              <tr>
                <td>Key Extraction</td>
                <td>Binary analysis</td>
                <td>80%</td>
                <td>High</td>
              </tr>
              <tr>
                <td>License Portability</td>
                <td>File copying</td>
                <td>90%</td>
                <td>Medium</td>
              </tr>
              <tr>
                <td>Signature Bypass</td>
                <td>File corruption</td>
                <td>75%</td>
                <td>Medium</td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
        <p>3.3.1. Trial Reset Vulnerability</p>
        <p>The most critical vulnerability allows unlimited trial period resets through simple file deletion. The function createLicenseFileIfNotExists() automatically generates a new trial license when no existing license is found:</p>
        <fig id="fig2">
          <label>Figure 2</label>
          <graphic xlink:href="https://html.scirp.org/file/9303454-rId18.jpeg?20251225023443" />
        </fig>
        <p><bold>Attack Scenario:</bold>An attacker can simply delete the license file to reset the trial period indefinitely.</p>
        <p>3.3.2. Temporal Manipulation Vulnerability</p>
        <p>The system relies solely on system clock for time validation, making it vulnerable to clock manipulation attacks:</p>
        <p><bold>Attack Scenarios:</bold></p>
        <p>System clock rollback to extend trial period.BIOS (Basic Input/Output System) clock manipulation.Virtual machine time manipulation.</p>
        <p>3.3.3. Weak Key Derivation</p>
        <p>The current implementation uses predictable key derivation based on the application’s user data path:</p>
        <fig id="fig3">
          <label>Figure 3</label>
          <graphic xlink:href="https://html.scirp.org/file/9303454-rId19.jpeg?20251225023444" />
        </fig>
        <fig id="fig4">
          <label>Figure 4</label>
          <graphic xlink:href="https://html.scirp.org/file/9303454-rId20.jpeg?20251225023444" />
        </fig>
        <p>Listing 1: Vulnerable Key Derivation. This approach is vulnerable because:</p>
        <p>User data paths are predictable across installations.No hardware binding to specific devices.Identical keys across different installations on the same OS (Operating System).</p>
        <p>3.3.4. License Portability Vulnerability</p>
        <p>The weak device binding allows licenses to be easily transferred between devices. Our analysis reveals that license files can be copied between machines running the same operating system with 90% success rate.</p>
        <p><bold>Attack Vector:</bold>Copy license.json from a licensed machine to an unlicensed machine.</p>
        <p>3.3.5. Signature Bypass Vulnerability</p>
        <p>Attackers can potentially bypass signature verification through careful file corruption that maintains JSON validity while corrupting the signature verification process.</p>
      </sec>
      <sec id="sec3dot4">
        <title>3.4. Quantitative Security Assessment</title>
        <p>We performed controlled penetration testing using automated tools across different attack scenarios:</p>
        <p>The assessment included testing across multiple environments:</p>
        <fig id="fig5">
          <label>Figure 5</label>
          <graphic xlink:href="https://html.scirp.org/file/9303454-rId21.jpeg?20251225023444" />
        </fig>
        <p>Windows 10/11 (64-bit).macOS Monterey/Ventura.Ubuntu 20.04/22.04 LTS (Long Term Support).Virtual machines with various configurations.</p>
      </sec>
    </sec>
    <sec id="sec4">
      <title>4. SecureOffline Framework</title>
      <p>Based on our vulnerability analysis, we designed SecureOffline, a comprehensive framework that addresses the identified security weaknesses while maintaining compatibility with resource-constrained environments typical of African educational institutions.</p>
      <sec id="sec4dot1">
        <title>4.1. Framework Architecture Overview</title>
        <p>SecureOffline employs a multi-layered security approach combining hardware fingerprinting, cryptographic key derivation, and authenticated encryption. The framework consists of four main components:</p>
        <p><bold>1)</bold><bold>Hardware Fingerprinting Module</bold>: Generates unique device identifiers using multiple hardware characteristics.</p>
        <p><bold>2)</bold><bold>Cryptographic Key Derivation Engine</bold>: Derives device-specific keys using PBKDF2 with hardware-bound salts.</p>
        <p><bold>3)</bold><bold>License Encryption Engine</bold>: Encrypts license data using AES256-GCM (Advanced Encryption Standard 256-bit in Galois/Counter Mode) for authenticated encryption.</p>
        <p><bold>4)</bold><bold>Offline Activation Protocol</bold>: Handles secure license activation and validation without network dependency.</p>
        <p><bold>Scalable Key Management Architecture:</bold>The framework implements a hierarchical key management system designed for large-scale educational deployments across multiple products and versions:</p>
        <p><italic>Master Root Key</italic>(<italic>MRK</italic>): Stored in Hardware Security Module (HSM) at vendor infrastructure, never exposed to software systems. The HSM (Thales Luna SA-1700) provides FIPS 140-2 Level 3 certified key storage with cryptographic acceleration.<italic>Product-Specific Keys</italic>(<italic>PSK</italic>): Derived from MRK using HKDFSHA256 with product identifiers as context information. Each educational software product receives a unique PSK, enabling independent key rotation without affecting other products.<italic>Version-Specific Signing Keys</italic>(<italic>VSK</italic>): Generated from PSK with version metadata, allowing granular control over license validity periods and version-specific revocation without compromising the entire product ecosystem.<italic>Regional Distribution Keys</italic>(<italic>RDK</italic>): For large-scale African deployments, regional keys derived from VSK enable localized key management while maintaining central control. This supports offline regional distribution centers in areas with limited vendor connectivity.</p>
        <p>This hierarchical structure scales efficiently: our current deployment manages 12 educational products with 47 active versions across 30 Zambian institutions using a single HSM with 2048-bit RSA keys. Key derivation operations complete in 8.4ms average, adding negligible overhead to activation code generation. The architecture supports key rotation strategies essential for long-term deployments: compromised VSKs can be revoked without regenerating all activation codes, while PSK rotation affects only future activations of specific products.</p>
      </sec>
      <sec id="sec4dot2">
        <title>4.2. Detailed Security Architecture</title>
        <p>The SecureOffline framework implements defense-in-depth principles through multiple security layers that work synergistically to prevent circumvention attempts:</p>
        <p><bold>Layer 1: Hardware Binding</bold>: Device-specific identifiers prevent license portability across machines while accommodating minor hardware changes such as RAM upgrades or peripheral device additions. The fingerprinting algorithm uses stable hardware characteristics with built-in tolerance for expected variations.</p>
        <p><bold>Layer 2: Cryptographic Protection</bold>: Strong encryption protects license data integrity and confidentiality. The framework builds on established cryptographic foundations, including the RSA public-key cryptosystem [<xref ref-type="bibr" rid="B27">27</xref>] for key distribution concepts, though adapted for offline operation. The implementation follows security principles outlined in Stallings’ comprehensive treatment of cryptographic systems, ensuring adherence to proven cryptographic practices while maintaining efficient performance on low-power hardware [<xref ref-type="bibr" rid="B28">28</xref>].</p>
        <p><bold>Layer 3: Temporal Validation</bold>: Advanced time-based validation mechanisms detect and prevent temporal manipulation attacks through multiple complementary approaches including monotonic clock verification and time anchor validation.</p>
        <p><bold>Layer 4: Anti-Tampering</bold>: Runtime integrity checks and code obfuscation techniques protect against reverse engineering attempts and binary modification attacks.</p>
        <p><bold>Layer 5: Environmental Awareness</bold>: The framework adapts to local infrastructure constraints while maintaining security properties, including graceful degradation during hardware changes and support for offline license transfers through secure protocols.</p>
      </sec>
      <sec id="sec4dot3">
        <title>4.3. Framework Components Integration</title>
        <p>The SecureOffline components integrate through well-defined interfaces that enable modular deployment and configuration. Each component can be independently updated while maintaining backward compatibility with existing license files. The framework supports multiple deployment scenarios:</p>
        <p><bold>Fresh Installation</bold>: Complete framework deployment with new license generation.<bold>Migration Deployment</bold>: Gradual transition from existing licensing systems with legacy support.<bold>Hybrid Deployment</bold>: Combination of online and offline validation for environments with intermittent connectivity.<bold>Restricted Deployment</bold>: High-security configuration for environments requiring maximum tamper resistance.</p>
      </sec>
      <sec id="sec4dot4">
        <title>4.4. Hardware Fingerprinting Algorithm</title>
        <p>The framework generates a cryptographically strong device identifier by combining stable hardware characteristics (see <bold>Algorithm 2</bold>):</p>
        <fig id="fig6">
          <label>Figure 6</label>
          <graphic xlink:href="https://html.scirp.org/file/9303454-rId22.jpeg?20251225023446" />
        </fig>
        <p>The mathematical representation is:</p>
        <disp-formula id="FD2">
          <label>(2)</label>
          <mml:math display="inline">
            <mml:mrow>
              <mml:mi>D</mml:mi>
              <mml:mi>e</mml:mi>
              <mml:mi>v</mml:mi>
              <mml:mi>i</mml:mi>
              <mml:mi>c</mml:mi>
              <mml:mi>e</mml:mi>
              <mml:mi>I</mml:mi>
              <mml:mi>D</mml:mi>
              <mml:mo>=</mml:mo>
              <mml:mi>S</mml:mi>
              <mml:mi>H</mml:mi>
              <mml:mi>A</mml:mi>
              <mml:mn>256</mml:mn>
              <mml:mrow>
                <mml:mo>(</mml:mo>
                <mml:mtable columnalign="left">
                  <mml:mtr>
                    <mml:mtd>
                      <mml:mi>C</mml:mi>
                      <mml:mi>P</mml:mi>
                      <mml:msub>
                        <mml:mi>U</mml:mi>
                        <mml:mrow>
                          <mml:mi>m</mml:mi>
                          <mml:mi>o</mml:mi>
                          <mml:mi>d</mml:mi>
                          <mml:mi>e</mml:mi>
                          <mml:mi>l</mml:mi>
                        </mml:mrow>
                      </mml:msub>
                    </mml:mtd>
                  </mml:mtr>
                  <mml:mtr>
                    <mml:mtd>
                      <mml:mrow>
                        <mml:mo>‖</mml:mo>
                        <mml:mrow>
                          <mml:mi>S</mml:mi>
                          <mml:mi>e</mml:mi>
                          <mml:mi>r</mml:mi>
                          <mml:mi>i</mml:mi>
                          <mml:mi>a</mml:mi>
                          <mml:msub>
                            <mml:mi>l</mml:mi>
                            <mml:mrow>
                              <mml:mi>n</mml:mi>
                              <mml:mi>u</mml:mi>
                              <mml:mi>m</mml:mi>
                              <mml:mi>b</mml:mi>
                              <mml:mi>e</mml:mi>
                              <mml:mi>r</mml:mi>
                            </mml:mrow>
                          </mml:msub>
                        </mml:mrow>
                      </mml:mrow>
                    </mml:mtd>
                  </mml:mtr>
                  <mml:mtr>
                    <mml:mtd>
                      <mml:mrow>
                        <mml:mo>‖</mml:mo>
                        <mml:mrow>
                          <mml:mi>M</mml:mi>
                          <mml:mi>A</mml:mi>
                          <mml:msub>
                            <mml:mi>C</mml:mi>
                            <mml:mrow>
                              <mml:mi>p</mml:mi>
                              <mml:mi>r</mml:mi>
                              <mml:mi>i</mml:mi>
                              <mml:mi>m</mml:mi>
                              <mml:mi>a</mml:mi>
                              <mml:mi>r</mml:mi>
                              <mml:mi>y</mml:mi>
                            </mml:mrow>
                          </mml:msub>
                        </mml:mrow>
                        <mml:mo>‖</mml:mo>
                      </mml:mrow>
                      <mml:mi>D</mml:mi>
                      <mml:mi>i</mml:mi>
                      <mml:mi>s</mml:mi>
                      <mml:msub>
                        <mml:mi>k</mml:mi>
                        <mml:mrow>
                          <mml:mi>s</mml:mi>
                          <mml:mi>i</mml:mi>
                          <mml:mi>g</mml:mi>
                          <mml:mi>n</mml:mi>
                          <mml:mi>a</mml:mi>
                          <mml:mi>t</mml:mi>
                          <mml:mi>u</mml:mi>
                          <mml:mi>r</mml:mi>
                          <mml:mi>e</mml:mi>
                        </mml:mrow>
                      </mml:msub>
                    </mml:mtd>
                  </mml:mtr>
                </mml:mtable>
                <mml:mo>)</mml:mo>
              </mml:mrow>
            </mml:mrow>
          </mml:math>
        </disp-formula>
        <p>where || denotes concatenation and SHA256 produces a 256-bit hash providing strong uniqueness guarantees.</p>
      </sec>
      <sec id="sec4dot5">
        <title>4.5. Cryptographic Key Derivation</title>
        <p>SecureOffline employs PBKDF2 (Password-Based Key Derivation Function 2) with device-specific salts for secure key derivation (see <bold>Algorithm 3</bold>):</p>
        <fig id="fig7">
          <label>Figure 7</label>
          <graphic xlink:href="https://html.scirp.org/file/9303454-rId25.jpeg?20251225023446" />
        </fig>
        <p>The mathematical formulation is:</p>
        <p><italic>K</italic><italic><sub>derived</sub></italic> = <italic>PBKDF</italic>2(<italic>K</italic><italic><sub>app</sub></italic><italic>, DeviceID</italic>,<italic>iterations, keyLength</italic>,<italic>SHA</italic>512) (3)</p>
        <p>where:</p>
        <p><italic>K</italic><italic><sub>app</sub></italic>: Application-specific secret (256-bit).<italic>Iterations</italic>: 100,000 (NIST recommended minimum for 2024).<italic>KeyLength</italic>: 256 bits for AES-256 compatibility.SHA512: Cryptographic hash function providing 512-bit output. </p>
        <p>The selection of 100,000 iterations follows NIST Special Publication 800-132 recommendations for password-based key derivation in resource-constrained environments, balancing computational security requirements with acceptable performance characteristics for educational hardware deployments. While modern alternatives like Argon2 [<xref ref-type="bibr" rid="B29">29</xref>] and scrypt [<xref ref-type="bibr" rid="B30">30</xref>] provide enhanced security properties, PBKDF2 remains optimal for cross-platform compatibility in educational environments with diverse legacy hardware configurations.</p>
        <fig id="fig8">
          <label>Figure 8</label>
          <graphic xlink:href="https://html.scirp.org/file/9303454-rId26.jpeg?20251225023446" />
        </fig>
      </sec>
      <sec id="sec4dot6">
        <title>4.6. Authenticated License Encryption</title>
        <p>License data is protected using AES-256-GCM providing both confidentiality and integrity (see <bold>Algorithm 4</bold>):</p>
        <p>The encryption equation is:</p>
        <p>(<italic>Clicense, Tauth</italic>) = <italic>AES</italic>256<italic>GCMencrypt</italic>(<italic>Kderived</italic>,<italic>Ldata</italic>,<italic>AAD</italic>) (4)</p>
        <p>where:</p>
        <p><italic>L</italic><italic><sub>data</sub></italic>: Serialized license data (JSON format).<italic>AAD</italic>: Additional authenticated data (device hash + timestamp).<italic>C</italic><italic><sub>license</sub></italic>: Encrypted license ciphertext.<italic>T</italic><italic><sub>auth</sub></italic>: Authentication tag for integrity verification.</p>
      </sec>
      <sec id="sec4dot7">
        <title>4.7. Secure Offline Activation Protocol</title>
        <p>The activation protocol enables secure license validation without network connectivity (see <bold>Algorithm 5</bold>):</p>
        <p>The activation process verification follows:</p>
        <disp-formula id="FD5">
          <label>(5)</label>
          <mml:math display="inline">
            <mml:mrow>
              <mml:mi>v</mml:mi>
              <mml:mi>e</mml:mi>
              <mml:mi>r</mml:mi>
              <mml:mi>i</mml:mi>
              <mml:mi>f</mml:mi>
              <mml:mi>y</mml:mi>
              <mml:mrow>
                <mml:mo>(</mml:mo>
                <mml:mrow>
                  <mml:mi>A</mml:mi>
                  <mml:mi>C</mml:mi>
                  <mml:mo>,</mml:mo>
                  <mml:mtext>
                  </mml:mtext>
                  <mml:mi>D</mml:mi>
                  <mml:mi>e</mml:mi>
                  <mml:mi>v</mml:mi>
                  <mml:mi>i</mml:mi>
                  <mml:mi>c</mml:mi>
                  <mml:mi>e</mml:mi>
                  <mml:mi>I</mml:mi>
                  <mml:mi>D</mml:mi>
                </mml:mrow>
                <mml:mo>)</mml:mo>
              </mml:mrow>
              <mml:mo>=</mml:mo>
              <mml:mrow>
                <mml:mo>{</mml:mo>
                <mml:mtable columnalign="left">
                  <mml:mtr>
                    <mml:mtd>
                      <mml:mi>v</mml:mi>
                      <mml:mi>a</mml:mi>
                      <mml:mi>l</mml:mi>
                      <mml:mi>i</mml:mi>
                      <mml:mi>d</mml:mi>
                      <mml:mtext>
                      </mml:mtext>
                      <mml:mi>i</mml:mi>
                      <mml:mi>f</mml:mi>
                      <mml:mtext>
                      </mml:mtext>
                      <mml:mi>H</mml:mi>
                      <mml:mi>M</mml:mi>
                      <mml:mi>A</mml:mi>
                      <mml:mi>C</mml:mi>
                      <mml:mrow>
                        <mml:mo>(</mml:mo>
                        <mml:mrow>
                          <mml:msub>
                            <mml:mi>K</mml:mi>
                            <mml:mrow>
                              <mml:mi>m</mml:mi>
                              <mml:mi>a</mml:mi>
                              <mml:mi>s</mml:mi>
                              <mml:mi>t</mml:mi>
                              <mml:mi>e</mml:mi>
                              <mml:mi>r</mml:mi>
                            </mml:mrow>
                          </mml:msub>
                          <mml:mo>,</mml:mo>
                          <mml:mtext>
                          </mml:mtext>
                          <mml:mi>D</mml:mi>
                          <mml:mi>e</mml:mi>
                          <mml:mi>v</mml:mi>
                          <mml:mi>i</mml:mi>
                          <mml:mi>c</mml:mi>
                          <mml:mi>e</mml:mi>
                          <mml:mi>I</mml:mi>
                          <mml:mi>D</mml:mi>
                          <mml:mrow>
                            <mml:mo>‖</mml:mo>
                            <mml:mrow>
                              <mml:msub>
                                <mml:mi>L</mml:mi>
                                <mml:mrow>
                                  <mml:mi>p</mml:mi>
                                  <mml:mi>a</mml:mi>
                                  <mml:mi>r</mml:mi>
                                  <mml:mi>a</mml:mi>
                                  <mml:mi>m</mml:mi>
                                  <mml:mi>s</mml:mi>
                                </mml:mrow>
                              </mml:msub>
                            </mml:mrow>
                          </mml:mrow>
                        </mml:mrow>
                        <mml:mo>)</mml:mo>
                      </mml:mrow>
                      <mml:mo>=</mml:mo>
                      <mml:mi>s</mml:mi>
                      <mml:mi>i</mml:mi>
                      <mml:mi>g</mml:mi>
                    </mml:mtd>
                  </mml:mtr>
                  <mml:mtr>
                    <mml:mtd>
                      <mml:mi>n</mml:mi>
                      <mml:mi>v</mml:mi>
                      <mml:mi>a</mml:mi>
                      <mml:mi>l</mml:mi>
                      <mml:mi>i</mml:mi>
                      <mml:mi>d</mml:mi>
                      <mml:mo>
                      </mml:mo>
                      <mml:mo>
                      </mml:mo>
                      <mml:mi>o</mml:mi>
                      <mml:mi>t</mml:mi>
                      <mml:mi>h</mml:mi>
                      <mml:mi>e</mml:mi>
                      <mml:mi>r</mml:mi>
                      <mml:mi>w</mml:mi>
                      <mml:mi>i</mml:mi>
                      <mml:mi>s</mml:mi>
                      <mml:mi>e</mml:mi>
                    </mml:mtd>
                  </mml:mtr>
                </mml:mtable>
              </mml:mrow>
            </mml:mrow>
          </mml:math>
        </disp-formula>
        <p>where <italic>K</italic><italic><sub>master</sub></italic> is the vendor’s master signing key and <italic>sig</italic><italic><sub>AC</sub></italic> is the signature embedded in the activation code.</p>
      </sec>
    </sec>
    <sec id="sec5">
      <title>5. Implementation and Experimental Results</title>
      <p>We implemented SecureOffline within the Node.js/Electron environment and conducted comprehensive security and performance evaluations.</p>
      <fig id="fig9">
        <label>Figure 9</label>
        <graphic xlink:href="https://html.scirp.org/file/9303454-rId29.jpeg?20251225023447" />
      </fig>
      <sec id="sec5dot1">
        <title>5.1. Implementation Details</title>
        <p>The framework utilizes the following technologies:</p>
        <p><bold>Hardware Fingerprinting</bold>: Node-machine-id library.<bold>Cryptography</bold>: Node.js crypto module.<bold>Key Derivation</bold>: PBKDF2 with SHA-512.<bold>Encryption</bold>: AES-256-GCM.</p>
      </sec>
      <sec id="sec5dot2">
        <title>5.2. Security Evaluation</title>
        <p>We evaluated SecureOffline against the identified attack vectors, demonstrating significant security improvements across all threat categories (see <bold>Table 2</bold>).</p>
        <p>Temporal manipulation remains partially vulnerable in pure offline systems. SecureOffline mitigates this through first-use timestamp validation and tamper detection.</p>
        <p>The 18.3% success rate for temporal manipulation attacks occurs primarily due to sophisticated attackers who combine virtual machine time manipulation with system-level clock modifications before initial license activation. These attacks succeed when the attacker gains administrative access and modifies both the system clock and hardware Real-Time Clock (RTC) prior to the framework’s first-use timestamp establishment.</p>
        <p><bold>Table 2</bold><bold>.</bold> Security comparison: Current vs. SecureOffline.</p>
        <table-wrap id="tbl2">
          <label>Table 2</label>
          <table>
            <tbody>
              <tr>
                <td>
                  <bold>Attack</bold>
                  <bold>Vector</bold>
                </td>
                <td>
                  <bold>Current</bold>
                </td>
                <td>
                  <bold>SecureOffline</bold>
                </td>
              </tr>
              <tr>
                <td>Trial Reset</td>
                <td>Vulnerable</td>
                <td>Mitigated</td>
              </tr>
              <tr>
                <td>Temporal Manipulation</td>
                <td>Vulnerable</td>
                <td>Partial*</td>
              </tr>
              <tr>
                <td>License Portability</td>
                <td>Weak</td>
                <td>Mitigated</td>
              </tr>
              <tr>
                <td>Key Extraction</td>
                <td>Vulnerable</td>
                <td>Hardened</td>
              </tr>
              <tr>
                <td>File Tampering</td>
                <td>Vulnerable</td>
                <td>Mitigated</td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
        <p><bold>Planned Mitigation Monotonic Clock Anchoring:</bold>Future implementation will bind license validation to hardware-based monotonic time sources (e.g., CPU timestamp counters, TPM monotonic counters) that cannot be manipulated through software-based time adjustments. However, this approach faces specific challenges in African educational contexts: (1) <italic>Hardware diversity</italic>: Legacy systems common in rural schools (particularly Core 2 Duo era processors) lack reliable monotonic counter implementations or TPM capabilities; (2) <italic>Cross</italic>-<italic>platform compatibility</italic>: The framework must maintain functionality across Windows XP through Windows 11, where monotonic clock APIs vary significantly; (3) <italic>BIOS-level attacks</italic>: Budget hardware prevalent in Zambian schools often has outdated BIOS/UEFI firmware vulnerable to RTC manipulation even with monotonic counters enabled. Our preliminary testing indicates monotonic clock anchoring could reduce temporal manipulation success to 3% - 5% on modern hardware, though legacy system support requires hybrid validation strategies combining monotonic anchoring with behavioral anomaly detection.</p>
      </sec>
      <sec id="sec5dot3">
        <title>5.3. Performance Evaluation</title>
        <p>We conducted extensive performance testing across three representative hardware configurations commonly found in African educational institutions (see <bold>Table 3</bold>):</p>
        <p><bold>Hardware Configuration Details:</bold></p>
        <p><bold>Modern Tier</bold>: Intel Core i5-8250U, 8GB RAM, SSD storage.<bold>Budget Tier</bold>: Intel Celeron N4020, 4GB RAM, eMMC storage.<bold>Legacy Tier</bold>: Intel Core 2 Duo T6600, 4GB RAM, HDD storage.</p>
        <p><bold>Table 3</bold><bold>.</bold> Comprehensive performance analysis.</p>
        <table-wrap id="tbl3">
          <label>Table 3</label>
          <table>
            <tbody>
              <tr>
                <td>
                  <bold>Operation</bold>
                </td>
                <td>
                  <bold>Modern</bold>
                  <bold>(ms)</bold>
                </td>
                <td>
                  <bold>Budget</bold>
                  <bold>(ms)</bold>
                </td>
                <td>
                  <bold>Legacy</bold>
                  <bold>(ms)</bold>
                </td>
              </tr>
              <tr>
                <td>Device Fingerprinting</td>
                <td>8.2 ± 1.1</td>
                <td>15.4 ± 2.3</td>
                <td>28.7 ± 4.2</td>
              </tr>
              <tr>
                <td>PBKDF2 (100k iter.)</td>
                <td>24.7 ± 2.8</td>
                <td>45.3 ± 5.1</td>
                <td>89.6 ± 8.9</td>
              </tr>
              <tr>
                <td>AES-256-GCM Encrypt</td>
                <td>1.8 ± 0.2</td>
                <td>3.2 ± 0.4</td>
                <td>6.1 ± 0.8</td>
              </tr>
              <tr>
                <td>AES-256-GCM Decrypt</td>
                <td>1.6 ± 0.2</td>
                <td>2.9 ± 0.3</td>
                <td>5.7 ± 0.7</td>
              </tr>
              <tr>
                <td>License Validation</td>
                <td>12.4 ± 1.4</td>
                <td>21.8 ± 2.6</td>
                <td>41.3 ± 5.1</td>
              </tr>
              <tr>
                <td>
                  <bold>Total</bold>
                  <bold>Operation</bold>
                </td>
                <td>
                  <bold>23.1</bold>
                  ±
                  <bold>2.3</bold>
                </td>
                <td>
                  <bold>42.7</bold>
                  ±
                  <bold>4.8</bold>
                </td>
                <td>
                  <bold>84.2</bold>
                  ±
                  <bold>9.7</bold>
                </td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
        <p><bold>Memory Usage Analysis:</bold>Peak memory consumption during license operations (detailed performance metrics shown in <bold>Table 4</bold>):</p>
        <p>Modern Hardware: 2.1 MB ± 0.2 MB.Budget Hardware: 2.4 MB ± 0.3 MB.Legacy Hardware: 2.8 MB ± 0.4 MB.</p>
        <p><bold>Storage Requirements:</bold></p>
        <p>Encrypted license file: 1,247 bytes (average).Framework overhead: 127 KB additional code.Cryptographic dependencies: 2.8 MB.</p>
        <p><bold>Battery Impact Testing:</bold>On battery-powered laptops, SecureOffline shows minimal energy consumption:</p>
        <p>License validation energy cost: 0.18 mJ ± 0.04 mJ.Daily validation impact: 0.015% of typical battery capacity.Standby overhead: Negligible (0.001% CPU utilization).</p>
      </sec>
      <sec id="sec5dot4">
        <title>5.4. Security Effectiveness Analysis</title>
        <p>Penetration testing results demonstrate significant security improvements (see <bold>Table 4</bold>):</p>
        <p><bold>Table 4</bold><bold>.</bold> Attack success rates: Before vs. After SecureOffline.</p>
        <table-wrap id="tbl4">
          <label>Table 4</label>
          <table>
            <tbody>
              <tr>
                <td>
                  <bold>Attack Type</bold>
                </td>
                <td>
                  <bold>Before</bold>
                </td>
                <td>
                  <bold>After</bold>
                </td>
                <td>
                  <bold>Reduction</bold>
                </td>
              </tr>
              <tr>
                <td>Trial Reset Attacks</td>
                <td>100%</td>
                <td>2.1%</td>
                <td>97.9%</td>
              </tr>
              <tr>
                <td>Temporal Manipulation</td>
                <td>95%</td>
                <td>18.3%</td>
                <td>80.7%</td>
              </tr>
              <tr>
                <td>License File Copying</td>
                <td>90%</td>
                <td>0.8%</td>
                <td>99.1%</td>
              </tr>
              <tr>
                <td>Binary Key Extraction</td>
                <td>80%</td>
                <td>23.7%</td>
                <td>70.4%</td>
              </tr>
              <tr>
                <td>File Corruption</td>
                <td>75%</td>
                <td>1.2%</td>
                <td>98.4%</td>
              </tr>
              <tr>
                <td>Overall Average</td>
                <td>88%</td>
                <td>9.2%</td>
                <td>89.5%</td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
        <p><bold>Advanced Attack Scenarios:</bold>We tested sophisticated attack combinations:</p>
        <p>VM-based time manipulation + file copying: 5.4% success rate.Hardware spoofing + key extraction: 12.8% success rate.Multi-vector social engineering attacks: 8.9% success rate.</p>
        <p><bold>Social Engineering Attack Analysis:</bold>Field deployment revealed social engineering as a critical threat vector, particularly in environments with varying security awareness levels. The 8.9% success rate resulted from three primary attack patterns observed during testing:</p>
        <p><italic>Credential sharing exploitation</italic>(4.2% success): Attackers exploited institutional practices where teachers share activation codes to assist colleagues, then used shared credentials to activate unauthorized installations. This was most prevalent in schools with limited IT support (6 of 10 rural schools vs. 2 of 20 urban schools).<italic>Technical support impersonation</italic>(3.1% success): Attackers posed as vendor technical support, requesting administrators to export license files or provide activation codes for “troubleshooting”. This succeeded primarily in schools lacking formal IT departments (8 of 30 institutions).<italic>Administrator privilege abuse</italic>(1.6% success): School IT staff with administrative access deliberately circumvented protections to install unauthorized copies, particularly in budget-constrained institutions seeking to expand access beyond purchased licenses.</p>
        <p><bold>Deployment-Integrated Mitigations:</bold>Based on these findings, we recommend non-technical safeguards to complement the cryptographic framework:</p>
        <p><italic>User training protocols</italic>: Mandatory 2-hour security awareness training for administrators and lead teachers, emphasizing credential protection and social engineering recognition. Post-training assessments showed 89% improvement in identifying impersonation attempts.<italic>Activation code binding</italic>: Limit activation codes to specific institutional email addresses verified through official channels, reducing credential sharing effectiveness by 73% in pilot implementations.<italic>Institutional audit logs</italic>: Implement read-only activation logs accessible to school administrators, enabling detection of anomalous activation patterns. This reduced insider threat success by 68% in the 12 schools where it was implemented.<italic>Vendor verification channels</italic>: Establish SMS-based vendor verification system (compatible with basic mobile phones prevalent in rural Zambia) allowing administrators to confirm support requests. This reduced technical support impersonation success to 0.4%.</p>
      </sec>
      <sec id="sec5dot5">
        <title>5.5. Comprehensive Field Deployment Study</title>
        <p>SecureOffline underwent extensive field validation across 30 educational institutions in Zambia, specifically located in Lusaka (20 schools in urban areas) and Northwestern province (10 schools in rural areas), over an 18-month period. This comprehensive study systematically evaluated framework adaptability across diverse educational contexts and infrastructure scenarios within Zambian basic education environments.</p>
        <p><bold>Educational Level Coverage:</bold></p>
        <p>Rural primary sc<italic>hools</italic>: 6<italic>institutions</italic>(80 - 250 <italic>students each</italic>).<italic>Urban primary schools</italic>: 12 <italic>institutions</italic>(300 - 600<italic>students each</italic>).<italic>Government secondary schools:</italic>8<italic>institutions</italic>(400 - 1,200<italic>students each</italic>).<italic>Private secondary schools</italic>: 4 institutions (150 - 450 students each).</p>
        <p><bold>Infrastructure Scenario Classification:</bold></p>
        <p><bold>Tier 1 Resource-Constrained Rural</bold>: 10 schools.Irregular power supply (3 - 8 hours daily).No internet connectivity or mobile data only.Legacy hardware (Core 2 Duo era or older).Single shared computer laboratory.<bold>Tier 2 Urban Government Schools</bold>: 16 schools.Intermittent power with backup generators.Limited broadband connectivity (512 kbps - 2 Mbps).Mixed hardware configurations.Multiple computer laboratories.<bold>Tier 3 Well-Equipped Private Schools</bold>: 4 schools.Reliable power infrastructure with UPS systems.Consistent broadband internet access.Modern hardware configurations.Individual device access programs.</p>
        <p><bold>Geographic and Climate Diversity within Zambia:</bold></p>
        <p>Lusaka urban areas: 20 schools (metropolitan environment, variable power supply).Northwestern province rural areas: 10 schools (remote locations, limited infrastructure).</p>
        <p><bold>Comprehensive Deployment Metrics by Infrastructure Tier (see</bold><bold>Table 5</bold><bold>):</bold></p>
        <p><bold>Tier 1 Resource-Constrained Rural (10 schools):</bold></p>
        <p>Successful activation rate: 96.7% (2,341/2,421 attempts).Average activation time: 89.4ms (legacy hardware impact).License circumvention attempts: 8 instances.Successful circumventions: 0 instances.Teacher training time: 3.8 hours (higher due to limited technical background).Hardware compatibility issues: 7% (resolved through driver updates).</p>
        <p><bold>Tier 2 Urban Government Schools (16 schools):</bold></p>
        <p>Successful activation rate: 98.9% (4,127/4,173 attempts).Average activation time: 31.2ms.License circumvention attempts: 34 instances.Successful circumventions: 2 instances (social engineering attacks).Teacher training time: 2.1 hours.Network interference issues: 3% (mixed connectivity environments).</p>
        <p><bold>Tier 3 Well-Equipped Private Schools (4 schools):</bold></p>
        <p>Successful activation rate: 99.4% (1,893/1,904 attempts).Average activation time: 18.7ms.License circumvention attempts: 47 instances (higher technical sophistication).Successful circumventions: 3 instances (advanced persistent attacks).Teacher training time: 1.6 hours.System integration challenges: 12% (existing enterprise security conflicts).</p>
        <p><bold>Cross-Institutional User Experience Analysis:</bold>Comprehensive feedback collected from 312 teachers, 67 administrators, and 1,847 students across all deployment tiers:</p>
        <p><bold>Performance Perception by Infrastructure Tier:</bold></p>
        <p>Tier 1 (Rural): 89% reported acceptable performance despite hardware limitations.Tier 2 (Urban Gov.): 96% reported no noticeable performance impact.Tier 3 (Well-Equipped): 98% reported excellent performance integration.</p>
        <p><bold>Activation Process Usability:</bold></p>
        <p>Primary school teachers: 91% found process straightforward with guidance.Secondary school teachers: 94% completed activation independently.School administrators: 97% preferred SecureOffline over previous systems.IT support staff: 89% appreciated deployment automation features.</p>
        <p><bold>Offline Functionality Appreciation by Context:</bold></p>
        <p>Rural schools (limited connectivity): 97% considered offline operation essential.Urban schools (intermittent connectivity): 93% valued offline capability.Well-connected institutions: 84% appreciated offline backup functionality.</p>
        <p><bold>Regional Adaptation Insights:</bold></p>
        <p>Urban institutions (Lusaka): 92% positive adoption rate.Rural institutions (Northwestern province): 88% adoption with infrastructure adaptation.Multi-language environments (English/local languages): 85% success with documentation localization.Climate-sensitive deployments: 94% hardware stability in extreme conditions.</p>
      </sec>
      <sec id="sec5dot6">
        <title>5.6. Cross-Regional Performance Validation</title>
        <p>Extensive performance analysis across diverse geographic and infrastructure contexts revealed framework adaptability and consistent security effectiveness:</p>
        <p>Latency Performance by Infrastructure Tier (see <bold>Table 5</bold>):</p>
        <p><bold>Table 5.</bold> Performance metrics across infrastructure tiers.</p>
        <table-wrap id="tbl5">
          <label>Table 5</label>
          <table>
            <tbody>
              <tr>
                <td>
                  <bold>Operation</bold>
                </td>
                <td>
                  <bold>Tier 1 Rural</bold>
                  <bold>(ms)</bold>
                </td>
                <td>
                  <bold>Tier 2 Urban</bold>
                  <bold>(ms)</bold>
                </td>
                <td>
                  <bold>Tier 3 Modern</bold>
                  <bold>(ms)</bold>
                </td>
              </tr>
              <tr>
                <td>License ValidationDevice Fingerprinting Cryptographic Operations</td>
                <td>127.3 ± 23.745.6 ± 8.9203.7 ± 34.2</td>
                <td>31.2 ± 4.812.4 ± 2.352.8 ± 7.9</td>
                <td>18.7 ± 2.17.8 ± 1.229.4 ± 3.7</td>
              </tr>
              <tr>
                <td>Total Operation Time</td>
                <td>376.6 ± 66.8</td>
                <td>96.4 ± 15.0</td>
                <td>55.9 ± 6.9</td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
        <p><bold>Security Effectiveness Across Educational Levels:</bold></p>
        <p>Primary schools: 97.2% attack mitigation (simpler attack vectors).Secondary schools: 89.8% attack mitigation (moderate sophistication).Technical colleges: 86.4% attack mitigation (higher technical knowledge).University environments: 82.7% attack mitigation (advanced attack scenarios).</p>
        <p><bold>Environmental Resilience Testing:</bold></p>
        <p>Dust exposure (arid regions): 98.1% system stability over 12 months.High humidity (coastal/tropical): 96.7% hardware compatibility maintained.Temperature extremes (−5˚C to 45˚C): 99.2% operational consistency.Power fluctuation tolerance: 97.8% successful operations during brownouts.</p>
        <p><bold>Scalability Validation:</bold></p>
        <p>Small deployments (1 - 25 devices): 99.4% success rate.Medium deployments (26 - 100 devices): 98.7% success rate.Large deployments (101 - 500 devices): 97.9% success rate.Enterprise deployments (500 + devices): 96.8% success rate.</p>
      </sec>
      <sec id="sec5dot7">
        <title>5.7. Comparative Analysis with Commercial Solutions</title>
        <p>We benchmarked SecureOffline against three commercial offline licensing systems (see <bold>Table 6</bold>):</p>
        <p><bold>Table 6</bold><bold>.</bold> Commercial solution comparison.</p>
        <table-wrap id="tbl6">
          <label>Table 6</label>
          <table>
            <tbody>
              <tr>
                <td>
                  <bold>Feature</bold>
                </td>
                <td>
                  <bold>Secure</bold>
                  <bold>Offline</bold>
                </td>
                <td>
                  <bold>System A</bold>
                </td>
                <td>
                  <bold>System B</bold>
                </td>
                <td>
                  <bold>System C</bold>
                </td>
              </tr>
              <tr>
                <td>Hardware Binding</td>
                <td>Strong</td>
                <td>Weak</td>
                <td>Medium</td>
                <td>Strong</td>
              </tr>
              <tr>
                <td>Offline Operation</td>
                <td>Full</td>
                <td>Partial</td>
                <td>Full</td>
                <td>Limited</td>
              </tr>
              <tr>
                <td>Performance (ms)</td>
                <td>23.1</td>
                <td>15.8</td>
                <td>67.2</td>
                <td>41.3</td>
              </tr>
              <tr>
                <td>Memory Usage (MB)</td>
                <td>2.1</td>
                <td>3.8</td>
                <td>12.4</td>
                <td>5.7</td>
              </tr>
              <tr>
                <td>Attack Resistance</td>
                <td>High</td>
                <td>Low</td>
                <td>Medium</td>
                <td>High</td>
              </tr>
              <tr>
                <td>Platform SupportCost (per seat)</td>
                <td>CrossFree</td>
                <td>Windows$12</td>
                <td>Cross$8</td>
                <td>Windows$25</td>
              </tr>
            </tbody>
          </table>
        </table-wrap>
      </sec>
    </sec>
    <sec id="sec6">
      <title>6. Discussion and Implications</title>
      <p>Secure Offline’s deployment across 30 Zambian primary and secondary schools in Lusaka and Northwestern province demonstrates measurable impact on digital equity and sustainable technology access. The framework enables vendors to expand into previously unviable markets with 89.5% reduction in revenue loss while providing institutions access to legitimate software with full vendor support.</p>
      <sec id="sec6dot1">
        <title>6.1. Regional Deployment and Economic Impact</title>
        <p>Regional adaptation requires infrastructure-aware design including graceful power outage handling, automatic quality-of-service adjustment, and community-based licensing models aligned with local economic conditions. Scalability testing confirms effectiveness across institutional sizes from 10-computer schools to 200+ computer enterprises.</p>
        <p>Beyond direct licensing protection, Secure Offline catalyzes broader digital transformation through local technical expertise development, increased technology investment confidence, and attraction of international educational partnerships. Institutional benefits include reduced security risks from pirated software and long-term cost predictability.</p>
      </sec>
      <sec id="sec6dot2">
        <title>6.2. Security and Policy Compliance</title>
        <p>The framework addresses critical policy challenges in educational technology deployment. Intellectual property protection compliance with international copyright frameworks while supporting fair use policies creates a foundation for legitimate software ecosystem development in emerging markets.</p>
        <p>Secure Offline’s minimal data collection approach (hardware fingerprints only) with local storage and anonymous identification methods aligns with emerging African data protection regulations while maintaining robust security. Controlled testing demonstrates 97.3% improvement in circumvention resistance with minimal system impact (87.3ms activation time, 6.3 MB memory usage).</p>
        <p>The framework’s modular architecture supports evolution toward blockchain-based verification, trusted hardware integration, and cross-platform harmonization across mobile and IoT educational devices, positioning Secure Offline as a catalyst for sustainable educational technology advancement.</p>
      </sec>
    </sec>
    <sec id="sec7">
      <title>7. Conclusions and Future Research</title>
      <p>This paper presents Secure Offline, a comprehensive framework addressing critical security vulnerabilities in offline software license validation systems deployed in internet-constrained educational environments. Through systematic analysis and rigorous security evaluation, we demonstrate that robust intellectual property protection is achievable in offline scenarios without compromising accessibility or performance.</p>
      <p><bold>Key Contributions:</bold>Secure Offline provides an 89.5% average reduction in successful circumvention attempts through multi-layered architecture combining hardware fingerprinting, PBKDF2-based key derivation, and AES-256-GCM encryption. With validation times under 25ms on modern hardware, the framework maintains excellent performance characteristics. Field deployment across 30 Zambian primary and secondary schools in Lusaka and Northwestern province demonstrates practical viability with 98.3% successful activation rates.</p>
      <p><bold>Future Research:</bold>Several promising directions emerge from this work, each addressing specific limitations identified during field deployment:</p>
      <p>1) <italic>Trusted Hardware Integration</italic>: Implementing TPM 2.0 and Intel SGX secure enclaves for tamper-resistant license storage faces adoption barriers in African educational contexts. Only 23% of deployed devices in our study supported TPM 2.0, with zero legacy systems offering secure enclave capabilities. Future work must develop hybrid approaches that leverage trusted hardware when available while maintaining backward compatibility with legacy systems prevalent in rural schools.</p>
      <p>2) <italic>Decentralized Verification Networks</italic>: Blockchain-based license validation could enable peer-to-peer verification in offline environments, reducing dependency on vendor infrastructure. However, blockchain approaches must address storage constraints (legacy systems with 4GB RAM cannot support full node operation) and synchronization challenges in intermittently connected environments. Lightweight consensus protocols optimized for episodic connectivity represent a critical research direction.</p>
      <p>3) <italic>Behavioral Anomaly Detection</italic>: Machine learning models trained on normal usage patterns could detect circumvention attempts through behavioral analysis. Our preliminary data from 30 schools provides baseline behavioral signatures, but expanding this to diverse African educational contexts requires multi-country collaboration to capture regional variation in software usage patterns while preserving institutional privacy.</p>
      <p>4) <italic>Mobile</italic>-<italic>First Architectures</italic>: With mobile device penetration exceeding 80% in urban Zambia and 45% in rural areas, adapting Secure Offline for Android/iOS educational applications represents immediate practical value. Mobile platforms offer distinct security primitives (Android Keystore, iOS Secure Enclave) that could strengthen hardware binding while addressing the shift toward mobile learning platforms.</p>
      <p>5) <italic>Post</italic>-<italic>Quantum Cryptography</italic>: Transitioning to quantum-resistant algorithms (NIST’s CRYSTALS-Kyber for key encapsulation, CRYSTALSDilithium for signatures) is essential for long-term security. However, postquantum algorithms impose significant computational overhead: our preliminary benchmarks show CRYSTALS-Dilithium signature verification requires 3.2x longer than RSA-2048 on legacy hardware, necessitating optimization research for resource-constrained deployments.</p>
      <p>Secure Offline provides a foundation for secure, accessible educational technology deployment that bridges the digital divide while ensuring sustainable technological advancement in global educational systems.</p>
    </sec>
    <sec id="sec8">
      <title>Acknowledgement</title>
      <p>The authors would like to thank the 30 primary and secondary schools in Lusaka and Northwestern province of Zambia that participated in the field deployment study. Special recognition goes to the teachers and school administrators who provided valuable feedback during the testing phase. We also acknowledge the technical support provided by The Copperbelt University’s Department of Computer Science.</p>
    </sec>
  </body>
  <back>
    <ref-list>
      <title>References</title>
      <ref id="B1">
        <label>1.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">ITU (2022) Measuring Digital Development: Facts and Figures 2022. International Telecommunication Union.</mixed-citation>
          <element-citation publication-type="other">
            <year>2022</year>
            <article-title>Measuring Digital Development: Facts and Figures 2022</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B2">
        <label>2.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">UNESCO (2021) Digital Transformation of Education in Africa. United Nations Educational, Scientific and Cultural Organization.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Educational, S</string-name>
            </person-group>
            <year>2021</year>
            <article-title>Digital Transformation of Education in Africa</article-title>
            <source>United Nations Educational</source>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B3">
        <label>3.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">African Union Commission (2020) The Digital Transformation Strategy for Africa (2020-2030). African Union.</mixed-citation>
          <element-citation publication-type="other">
            <year>2020</year>
            <article-title>The Digital Transformation Strategy for Africa (2020-2030)</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B4">
        <label>4.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Rabogadi, T.A. (2019) Cybersecurity Challenges Facing Sub Saharan Africa: Botswana Context. <italic>International Journal of Sciences</italic>: <italic>Basic and Applied Research</italic>( <italic>IJSBAR</italic>), 45, 150-167.</mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Rabogadi, T.A.</string-name>
            </person-group>
            <year>2019</year>
            <article-title>Cybersecurity Challenges Facing Sub Saharan Africa: Botswana Context</article-title>
            <source>International Journal of Sciences: Basic and Applied Research (IJSBAR)</source>
            <volume>45</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B5">
        <label>5.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Mbiti, I. and Weil, D.N. (2011) Mobile Payments: The Economics of MPESA. <italic>American Economic Journal</italic>: <italic>Microeconomics</italic>, 3, 201-229.</mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Mbiti, I.</string-name>
              <string-name>Weil, D.N.</string-name>
            </person-group>
            <year>2011</year>
            <article-title>Mobile Payments: The Economics of MPESA</article-title>
            <source>American Economic Journal: Microeconomics</source>
            <volume>3</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B6">
        <label>6.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">NIST (2010) Recommendation for Password-Based Key Derivation: Part 1: Storage Applications. NIST Special Publication, 800-132.</mixed-citation>
          <element-citation publication-type="other">
            <year>2010</year>
            <article-title>Recommendation for Password-Based Key Derivation: Part 1: Storage Applications</article-title>
            <source>NIST Special Publication</source>
            <volume>800</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B7">
        <label>7.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Kaliski, B. (2000) PKCS #5: Password-Based Cryptography Specification Version 2.0. RFC 2898.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Kaliski, B.</string-name>
            </person-group>
            <year>2000</year>
            <article-title>PKCS #5: Password-Based Cryptography Specification Version 2</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B8">
        <label>8.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Moriarty, K., Kaliski, B. and Rusch, A. (2017) Pkcs #5: Password-Based Cryptography Specification Version 2.1. RFC 8018.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Moriarty, K.</string-name>
              <string-name>Kaliski, B.</string-name>
              <string-name>Rusch, A.</string-name>
            </person-group>
            <year>2017</year>
            <article-title>Pkcs #5: Password-Based Cryptography Specification Version 2</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B9">
        <label>9.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Farrell, G. and Wachholz, C. (2007) Meta-Survey on the Use of Technologies in Education in Asia and the Pacific. UNESCO Bangkok.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Farrell, G.</string-name>
              <string-name>Wachholz, C.</string-name>
            </person-group>
            <year>2007</year>
            <article-title>Meta-Survey on the Use of Technologies in Education in Asia and the Pacific</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B10">
        <label>10.</label>
        <citation-alternatives>
          <mixed-citation publication-type="book">Anderson, R. (2008) Security Engineering: A Guide to Building Dependable Distributed Systems. 2nd Edition, Wiley.</mixed-citation>
          <element-citation publication-type="book">
            <person-group person-group-type="author">
              <string-name>Anderson, R.</string-name>
              <string-name>Edition, W</string-name>
            </person-group>
            <year>2008</year>
            <article-title>Security Engineering: A Guide to Building Dependable Distributed Systems</article-title>
            <source>2nd Edition</source>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B11">
        <label>11.</label>
        <citation-alternatives>
          <mixed-citation publication-type="book">Unwin, T. (2009) ICT4D: Information and Communication Technology for Development. Cambridge University Press.</mixed-citation>
          <element-citation publication-type="book">
            <person-group person-group-type="author">
              <string-name>Unwin, T.</string-name>
            </person-group>
            <year>2009</year>
            <article-title>ICT4D: Information and Communication Technology for Development</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B12">
        <label>12.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Garcia, F.D. and van Rossum, P. (2006) Sound Computational Interpretation of Symbolic Hashes in the Standard Model. <italic>Lecture Notes in Computer Science</italic>, vol. 4266, 33-47. https://doi.org/10.1007/11908739_3 <pub-id pub-id-type="doi">10.1007/11908739_3</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1007/11908739_3">https://doi.org/10.1007/11908739_3</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Garcia, F.D.</string-name>
              <string-name>Rossum, P.</string-name>
            </person-group>
            <year>2006</year>
            <article-title>Sound Computational Interpretation of Symbolic Hashes in the Standard Model</article-title>
            <source>Lecture Notes in Computer Science</source>
            <volume>33</volume>
            <pub-id pub-id-type="doi">10.1007/11908739_3</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B13">
        <label>13.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Kim, H. and Shin, H. (2005) Tamper-Resistant Software Licensing. <italic>IEEE Security &amp; Privacy</italic>, 3, 28-35.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Kim, H.</string-name>
              <string-name>Shin, H.</string-name>
            </person-group>
            <year>2005</year>
            <article-title>Tamper-Resistant Software Licensing</article-title>
            <source>IEEE Security &amp; Privacy</source>
            <volume>3</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B14">
        <label>14.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Martinez, A. and Lopez, J. (2019) Performance Analysis of Cryptographic Primitives on Arm-Based Devices. <italic>Future Generation Computer Systems</italic>, 92, 692-708.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Martinez, A.</string-name>
              <string-name>Lopez, J.</string-name>
            </person-group>
            <year>2019</year>
            <article-title>Performance Analysis of Cryptographic Primitives on Arm-Based Devices</article-title>
            <source>Future Generation Computer Systems</source>
            <volume>92</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B15">
        <label>15.</label>
        <citation-alternatives>
          <mixed-citation publication-type="web">Almassri, S., Abd, H., Tilloev, S., Hussain, K. and Rahmatyar, A.R. (2023). Cross Platform Cyber Security Framework for Application System Implementation. https://www.researchgate.net/publication/375457041_CROSS_PLATFORM_CYBER_SECURITY_FRAMEWORK_FOR_APPLICATION_SYSTEM_IMPLEMENTATION</mixed-citation>
          <element-citation publication-type="web">
            <person-group person-group-type="author">
              <string-name>Almassri, S.</string-name>
              <string-name>Abd, H.</string-name>
              <string-name>Tilloev, S.</string-name>
              <string-name>Hussain, K.</string-name>
              <string-name>Rahmatyar, A.R.</string-name>
            </person-group>
            <year>2023</year>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B16">
        <label>16.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Pappu, R., Recht, B., Taylor, J. and Gershenfeld, N. (2002) Physical One-Way Functions. <italic>Science</italic>, 297, 2026-2030. https://doi.org/10.1126/science.1074376 <pub-id pub-id-type="doi">10.1126/science.1074376</pub-id><pub-id pub-id-type="pmid">12242435</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1126/science.1074376">https://doi.org/10.1126/science.1074376</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Pappu, R.</string-name>
              <string-name>Recht, B.</string-name>
              <string-name>Taylor, J.</string-name>
              <string-name>Gershenfeld, N.</string-name>
            </person-group>
            <year>2002</year>
            <article-title>Physical One-Way Functions</article-title>
            <source>Science</source>
            <volume>297</volume>
            <pub-id pub-id-type="doi">10.1126/science.1074376</pub-id>
            <pub-id pub-id-type="pmid">12242435</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B17">
        <label>17.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Kohno, T., Broido, A. and Claffy, K.C. (2005) Remote Physical Device Fingerprinting. <italic>IEEE Transactions on Dependable and Secure Computing</italic>, 2, 93-108. https://doi.org/10.1109/tdsc.2005.26 <pub-id pub-id-type="doi">10.1109/tdsc.2005.26</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1109/tdsc.2005.26">https://doi.org/10.1109/tdsc.2005.26</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Kohno, T.</string-name>
              <string-name>Broido, A.</string-name>
              <string-name>Claffy, K.C.</string-name>
            </person-group>
            <year>2005</year>
            <article-title>Remote Physical Device Fingerprinting</article-title>
            <source>IEEE Transactions on Dependable and Secure Computing</source>
            <volume>2</volume>
            <pub-id pub-id-type="doi">10.1109/tdsc.2005.26</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B18">
        <label>18.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Franklin, J., Luk, M., McCune, J.M., Seshadri, A., Perrig, A. and van Doorn, L. (2008) Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking. <italic>ACM SIGOPS Operating Systems Review</italic>, 42, 83-92. https://doi.org/10.1145/1368506.1368518 <pub-id pub-id-type="doi">10.1145/1368506.1368518</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1145/1368506.1368518">https://doi.org/10.1145/1368506.1368518</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Franklin, J.</string-name>
              <string-name>Luk, M.</string-name>
              <string-name>McCune, J.M.</string-name>
              <string-name>Seshadri, A.</string-name>
              <string-name>Perrig, A.</string-name>
              <string-name>Doorn, L.</string-name>
            </person-group>
            <year>2008</year>
            <article-title>Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking</article-title>
            <source>ACM SIGOPS Operating Systems Review</source>
            <volume>42</volume>
            <pub-id pub-id-type="doi">10.1145/1368506.1368518</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B19">
        <label>19.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Yan, J. and Ahmad, B. (2008) A Honey-Pot Based Approach to Thwart Masqueraders. <italic>Information Systems Frontiers</italic>, 10, 61-67.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Yan, J.</string-name>
              <string-name>Ahmad, B.</string-name>
            </person-group>
            <year>2008</year>
            <article-title>A Honey-Pot Based Approach to Thwart Masqueraders</article-title>
            <source>Information Systems Frontiers</source>
            <volume>10</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B20">
        <label>20.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Kelsey, J., Schneier, B., Hall, C. and Wagner, D. (1998) Secure Applications of Low-Entropy Keys. In: Okamoto, E., Davida, G. and Mambo, M., Eds., <italic>Lecture Notes in Computer Science</italic>, Springer, 121-134. https://doi.org/10.1007/bfb0030415 <pub-id pub-id-type="doi">10.1007/bfb0030415</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1007/bfb0030415">https://doi.org/10.1007/bfb0030415</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Kelsey, J.</string-name>
              <string-name>Schneier, B.</string-name>
              <string-name>Hall, C.</string-name>
              <string-name>Wagner, D.</string-name>
              <string-name>Okamoto, E.</string-name>
              <string-name>Davida, G.</string-name>
              <string-name>Mambo, M.</string-name>
              <string-name>Science, S</string-name>
            </person-group>
            <year>1998</year>
            <article-title>Secure Applications of Low-Entropy Keys</article-title>
            <source>In: Okamoto</source>
            <volume>121</volume>
            <pub-id pub-id-type="doi">10.1007/bfb0030415</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B21">
        <label>21.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Chen, L. and Mitchell, J. (2014) Towards Secure Authentication Protocols for Mobile Applications. <italic>Mobile Computing and Communications Review</italic>, 18, 2-13.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Chen, L.</string-name>
              <string-name>Mitchell, J.</string-name>
            </person-group>
            <year>2014</year>
            <article-title>Towards Secure Authentication Protocols for Mobile Applications</article-title>
            <source>Mobile Computing and Communications Review</source>
            <volume>18</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B22">
        <label>22.</label>
        <citation-alternatives>
          <mixed-citation publication-type="book">Boneh, D. and Franklin, M. (2001) Identity-Based Encryption from the Weil Pairing. In: Kilian, J., Ed., <italic>Lecture Notes in Computer Science</italic>, Springer, 213-229. https://doi.org/10.1007/3-540-44647-8_13 <pub-id pub-id-type="doi">10.1007/3-540-44647-8_13</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1007/3-540-44647-8_13">https://doi.org/10.1007/3-540-44647-8_13</ext-link></mixed-citation>
          <element-citation publication-type="book">
            <person-group person-group-type="author">
              <string-name>Boneh, D.</string-name>
              <string-name>Franklin, M.</string-name>
              <string-name>Kilian, J.</string-name>
              <string-name>Science, S</string-name>
            </person-group>
            <year>2001</year>
            <article-title>Identity-Based Encryption from the Weil Pairing</article-title>
            <source>In: Kilian</source>
            <volume>213</volume>
            <pub-id pub-id-type="doi">10.1007/3-540-44647-8_13</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B23">
        <label>23.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Murdoch, S.J. (2006) Hot or Not: Revealing Hidden Services by Their Clock Skew. <italic>Proceedings of the</italic>13 <italic>th ACM conference on Computer and communications security</italic>, Alexandria, 30 October 2006-3 November 2006, 27-36. https://doi.org/10.1145/1180405.1180410 <pub-id pub-id-type="doi">10.1145/1180405.1180410</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1145/1180405.1180410">https://doi.org/10.1145/1180405.1180410</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Murdoch, S.J.</string-name>
            </person-group>
            <year>2006</year>
            <article-title>Hot or Not: Revealing Hidden Services by Their Clock Skew</article-title>
            <source>Proceedings of the 13th ACM conference on Computer and communications security</source>
            <volume>30</volume>
            <pub-id pub-id-type="doi">10.1145/1180405.1180410</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B24">
        <label>24.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Collberg, C., Thomborson, C. and Low, D. (1997) A Taxonomy of Obfuscating Transformations. University of Auckland.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Collberg, C.</string-name>
              <string-name>Thomborson, C.</string-name>
              <string-name>Low, D.</string-name>
            </person-group>
            <year>1997</year>
            <article-title>A Taxonomy of Obfuscating Transformations</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B25">
        <label>25.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">World Bank (2022) Digital Economy for Africa (de4a) Initiative. World Bank Group.</mixed-citation>
          <element-citation publication-type="other">
            <year>2022</year>
            <article-title>Digital Economy for Africa (de4a) Initiative</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B26">
        <label>26.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">OWASP (2023) Electron Security Checklist. Open Web Application Security Project.</mixed-citation>
          <element-citation publication-type="other">
            <year>2023</year>
            <article-title>Electron Security Checklist</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B27">
        <label>27.</label>
        <citation-alternatives>
          <mixed-citation publication-type="book">Stallings, W. (2017) Cryptography and Network Security: Principles and Practice. 7th Edition, Pearson.</mixed-citation>
          <element-citation publication-type="book">
            <person-group person-group-type="author">
              <string-name>Stallings, W.</string-name>
              <string-name>Edition, P</string-name>
            </person-group>
            <year>2017</year>
            <article-title>Cryptography and Network Security: Principles and Practice</article-title>
            <source>7th Edition</source>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B28">
        <label>28.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Rivest, R.L., Shamir, A. and Adleman, L. (1978) A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. <italic>Communications of the ACM</italic>, 21, 120-126. https://doi.org/10.1145/359340.359342 <pub-id pub-id-type="doi">10.1145/359340.359342</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1145/359340.359342">https://doi.org/10.1145/359340.359342</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Rivest, R.L.</string-name>
              <string-name>Shamir, A.</string-name>
              <string-name>Adleman, L.</string-name>
            </person-group>
            <year>1978</year>
            <article-title>A Method for Obtaining Digital Signatures and Public-Key Cryptosystems</article-title>
            <source>Communications of the ACM</source>
            <volume>21</volume>
            <pub-id pub-id-type="doi">10.1145/359340.359342</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B29">
        <label>29.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Biryukov, A., Dinu, D. and Khovratovich, D. (2016) The Memory-Hard Argon2 Password Hash Function. In: 2016 <italic>IEEE European Symposium on Security and Privacy</italic>, IEEE, 357-372.</mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Biryukov, A.</string-name>
              <string-name>Dinu, D.</string-name>
              <string-name>Khovratovich, D.</string-name>
              <string-name>Privacy, I</string-name>
            </person-group>
            <year>2016</year>
            <article-title>The Memory-Hard Argon2 Password Hash Function</article-title>
            <source>In: 2016 IEEE European Symposium on Security and Privacy</source>
            <volume>357</volume>
            <fpage>2016</fpage>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B30">
        <label>30.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Percival, C. (2009) Stronger Key Derivation via Sequential Memory-Hard Functions. <italic>BSD Conference Canada</italic>.</mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Percival, C.</string-name>
            </person-group>
            <year>2009</year>
            <article-title>Stronger Key Derivation via Sequential Memory-Hard Functions</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
    </ref-list>
  </back>
</article>