| # Key Exchange Protocols | |
| @inproceedings{cremers2011examining, | |
| title={Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK}, | |
| author={Cremers, Cas}, | |
| booktitle={Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security}, | |
| pages={80--91}, | |
| year={2011}, | |
| organization={ACM} | |
| } | |
| @article{needham1978using, | |
| title={Using encryption for authentication in large networks of computers}, | |
| author={Needham, Roger M and Schroeder, Michael D}, | |
| journal={Communications of the ACM}, | |
| volume={21}, | |
| number={12}, | |
| pages={993--999}, | |
| year={1978}, | |
| publisher={ACM} | |
| } | |
| @article{dolev1983security, | |
| title={On the security of public key protocols}, | |
| author={Dolev, Danny and Yao, Andrew}, | |
| journal={IEEE Transactions on information theory}, | |
| volume={29}, | |
| number={2}, | |
| pages={198--208}, | |
| year={1983}, | |
| publisher={IEEE} | |
| } | |
| @inproceedings{gajek2008universally, | |
| title={Universally composable security analysis of TLS}, | |
| author={Gajek, Sebastian and Manulis, Mark and Pereira, Olivier and Sadeghi, Ahmad-Reza and Schwenk, J{\"o}rg}, | |
| booktitle={International Conference on Provable Security}, | |
| pages={313--327}, | |
| year={2008}, | |
| organization={Springer} | |
| } | |
| @inproceedings{krawczyk2016unilateral, | |
| title={A unilateral-to-mutual authentication compiler for key exchange (with applications to client authentication in tls 1.3)}, | |
| author={Krawczyk, Hugo}, | |
| booktitle={Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security}, | |
| pages={1438--1450}, | |
| year={2016}, | |
| organization={ACM} | |
| } | |
| @inproceedings{mitchell1998finite, | |
| title={Finite-State Analysis of SSL 3.0.}, | |
| author={Mitchell, John C and Shmatikov, Vitaly and Stern, Ulrich}, | |
| booktitle={USENIX Security Symposium}, | |
| pages={201--216}, | |
| year={1998} | |
| } | |
| @inproceedings{wagner1996analysis, | |
| title={Analysis of the SSL 3.0 protocol}, | |
| author={Wagner, David and Schneier, Bruce and others}, | |
| booktitle={The Second USENIX Workshop on Electronic Commerce Proceedings}, | |
| volume={1}, | |
| number={1}, | |
| pages={29--40}, | |
| year={1996} | |
| } | |
| @article{dowlingcryptographic, | |
| title={A Cryptographic Analysis of the WireGuard Protocol}, | |
| author={Dowling, Benjamin and Paterson, Kenneth G} | |
| } | |
| @article{kusters2017framework, | |
| title={A Framework for Universally Composable Diffie-Hellman Key Exchange.}, | |
| author={K{\"u}sters, Ralf and Rausch, Daniel}, | |
| journal={IACR Cryptology ePrint Archive}, | |
| volume={2017}, | |
| pages={256}, | |
| year={2017} | |
| } | |
| @inproceedings{boyd2016stateless, | |
| title={From stateless to stateful: Generic authentication and authenticated encryption constructions with application to TLS}, | |
| author={Boyd, Colin and Hale, Britta and Mj{\o}lsnes, Stig Frode and Stebila, Douglas}, | |
| booktitle={Cryptographers’ Track at the RSA Conference}, | |
| pages={55--71}, | |
| year={2016}, | |
| organization={Springer} | |
| } | |
| @inproceedings{krawczyk2001order, | |
| title={The order of encryption and authentication for protecting communications (or: How secure is SSL?)}, | |
| author={Krawczyk, Hugo}, | |
| booktitle={Advances in Cryptology—CRYPTO 2001}, | |
| pages={310--331}, | |
| year={2001}, | |
| organization={Springer} | |
| } | |
| @inproceedings{kudla2005modular, | |
| title={Modular security proofs for key agreement protocols}, | |
| author={Kudla, Caroline and Paterson, Kenneth G}, | |
| booktitle={International Conference on the Theory and Application of Cryptology and Information Security}, | |
| pages={549--565}, | |
| year={2005}, | |
| organization={Springer} | |
| } | |
| @article{brzuska2013less, | |
| title={Less is more: Relaxed yet composable security notions for key exchange}, | |
| author={Brzuska, Christina and Fischlin, Marc and Smart, Nigel P and Warinschi, Bogdan and Williams, Stephen C}, | |
| journal={International Journal of Information Security}, | |
| volume={12}, | |
| number={4}, | |
| pages={267--297}, | |
| year={2013}, | |
| publisher={Springer} | |
| } | |
| @inproceedings{boyd2013asics, | |
| title={ASICS: Authenticated key exchange security incorporating certification systems}, | |
| author={Boyd, Colin and Cremers, Cas and Feltz, Michele and Paterson, Kenneth G and Poettering, Bertram and Stebila, Douglas}, | |
| booktitle={European Symposium on Research in Computer Security}, | |
| pages={381--399}, | |
| year={2013}, | |
| organization={Springer} | |
| } | |
| @phdthesis{brzuska2013foundations, | |
| title={On the foundations of key exchange}, | |
| author={Brzuska, Christina}, | |
| year={2013}, | |
| school={Technische Universit{\"a}t} | |
| } | |
| @inproceedings{bellare1993entity, | |
| title={Entity Authentication and Key Distribution.}, | |
| author={Bellare, Mihir and Rogaway, Phillip}, | |
| booktitle={Crypto}, | |
| volume={93}, | |
| pages={232--249}, | |
| year={1993}, | |
| organization={Springer} | |
| } | |
| @article{cremers2015beyond, | |
| title={Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal}, | |
| author={Cremers, Cas and Feltz, Michele}, | |
| journal={Designs, Codes and Cryptography}, | |
| volume={74}, | |
| number={1}, | |
| pages={183--218}, | |
| year={2015}, | |
| publisher={Springer} | |
| } | |
| @article{law2003efficient, | |
| title={An efficient protocol for authenticated key agreement}, | |
| author={Law, Laurie and Menezes, Alfred and Qu, Minghua and Solinas, Jerry and Vanstone, Scott}, | |
| journal={Designs, Codes and Cryptography}, | |
| volume={28}, | |
| number={2}, | |
| pages={119--134}, | |
| year={2003}, | |
| publisher={Springer} | |
| } | |
| @inproceedings{bellare1995provably, | |
| title={Provably secure session key distribution: the three party case}, | |
| author={Bellare, Mihir and Rogaway, Phillip}, | |
| booktitle={Proceedings of the twenty-seventh annual ACM symposium on Theory of computing}, | |
| pages={57--66}, | |
| year={1995}, | |
| organization={ACM} | |
| } | |
| @inproceedings{krawczyk2016optls, | |
| title={The OPTLS protocol and TLS 1.3}, | |
| author={Krawczyk, Hugo and Wee, Hoeteck}, | |
| booktitle={Security and Privacy (EuroS\&P), 2016 IEEE European Symposium on}, | |
| pages={81--96}, | |
| year={2016}, | |
| organization={IEEE} | |
| } | |
| @inproceedings{cremers2016automated, | |
| title={Automated analysis and verification of TLS 1.3: 0-RTT, resumption and delayed authentication}, | |
| author={Cremers, Cas and Horvat, Marko and Scott, Sam and van der Merwe, Thyla}, | |
| booktitle={Security and Privacy (SP), 2016 IEEE Symposium on}, | |
| pages={470--485}, | |
| year={2016}, | |
| organization={IEEE} | |
| } | |
| @article{dowling2016cryptographic, | |
| title={A Cryptographic Analysis of the TLS 1.3 draft-10 Full and Pre-shared Key Handshake Protocol.}, | |
| author={Dowling, Benjamin and Fischlin, Marc and G{\"u}nther, Felix and Stebila, Douglas}, | |
| journal={IACR Cryptology ePrint Archive}, | |
| volume={2016}, | |
| pages={81}, | |
| year={2016} | |
| } | |
| @inproceedings{zhao2016identity, | |
| title={Identity-Concealed Authenticated Encryption and Key Exchange}, | |
| author={Zhao, Yunlei}, | |
| booktitle={Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security}, | |
| pages={1464--1479}, | |
| year={2016}, | |
| organization={ACM} | |
| } | |
| @inproceedings{krawczyk2003sigma, | |
| title={SIGMA: The ‘SIGn-and-MAc’approach to authenticated Diffie-Hellman and its use in the IKE protocols}, | |
| author={Krawczyk, Hugo}, | |
| booktitle={Annual International Cryptology Conference}, | |
| pages={400--425}, | |
| year={2003}, | |
| organization={Springer} | |
| } | |
| @inproceedings{krawczyk2005hmqv, | |
| title={HMQV: A high-performance secure Diffie-Hellman protocol}, | |
| author={Krawczyk, Hugo}, | |
| booktitle={Annual International Cryptology Conference}, | |
| pages={546--566}, | |
| year={2005}, | |
| organization={Springer} | |
| } | |
| @inproceedings{he2005modular, | |
| title={A modular correctness proof of IEEE 802.11 i and TLS}, | |
| author={He, Changhua and Sundararajan, Mukund and Datta, Anupam and Derek, Ante and Mitchell, John C}, | |
| booktitle={Proceedings of the 12th ACM conference on Computer and communications security}, | |
| pages={2--15}, | |
| year={2005}, | |
| organization={ACM} | |
| } | |
| @article{aiello2004just, | |
| title={Just fast keying: Key agreement in a hostile internet}, | |
| author={Aiello, William and Bellovin, Steven M and Blaze, Matt and Canetti, Ran and Ioannidis, John and Keromytis, Angelos D and Reingold, Omer}, | |
| journal={ACM Transactions on Information and System Security (TISSEC)}, | |
| volume={7}, | |
| number={2}, | |
| pages={242--273}, | |
| year={2004}, | |
| publisher={ACM} | |
| } | |
| @inproceedings{boyd2004key, | |
| title={Key agreement using statically keyed authenticators}, | |
| author={Boyd, Colin and Mao, Wenbo and Paterson, Kenneth G}, | |
| booktitle={International Conference on Applied Cryptography and Network Security}, | |
| pages={248--262}, | |
| year={2004}, | |
| organization={Springer} | |
| } | |
| @article{menezes2007another, | |
| title={Another look at HMQV}, | |
| author={Menezes, Alfred}, | |
| journal={Mathematical Cryptology JMC}, | |
| volume={1}, | |
| number={1}, | |
| pages={47--64}, | |
| year={2007} | |
| } | |
| @inproceedings{lamacchia2007stronger, | |
| title={Stronger security of authenticated key exchange}, | |
| author={LaMacchia, Brian and Lauter, Kristin and Mityagin, Anton}, | |
| booktitle={International Conference on Provable Security}, | |
| pages={1--16}, | |
| year={2007}, | |
| organization={Springer} | |
| } | |
| @inproceedings{bos2015post, | |
| title={Post-quantum key exchange for the TLS protocol from the ring learning with errors problem}, | |
| author={Bos, Joppe W and Costello, Craig and Naehrig, Michael and Stebila, Douglas}, | |
| booktitle={Security and Privacy (SP), 2015 IEEE Symposium on}, | |
| pages={553--570}, | |
| year={2015}, | |
| organization={IEEE} | |
| } | |
| @inproceedings{di2006deniable, | |
| title={Deniable authentication and key exchange}, | |
| author={Di Raimondo, Mario and Gennaro, Rosario and Krawczyk, Hugo}, | |
| booktitle={Proceedings of the 13th ACM conference on Computer and communications security}, | |
| pages={400--409}, | |
| year={2006}, | |
| organization={ACM} | |
| } | |
| @inproceedings{choo2005session, | |
| title={On session key construction in provably-secure key establishment protocols}, | |
| author={Choo, Kim-Kwang Raymond and Boyd, Colin and Hitchcock, Yvonne}, | |
| booktitle={International Conference on Cryptology in Malaysia}, | |
| pages={116--131}, | |
| year={2005}, | |
| organization={Springer} | |
| } | |
| @article{goldberg2012anonymity, | |
| title={Anonymity and one-way authentication in key exchange protocols}, | |
| author={Goldberg, Ian and Stebila, Douglas and Ustaoglu, Berkant}, | |
| journal={Designs, Codes and Cryptography}, | |
| pages={1--25}, | |
| year={2012}, | |
| publisher={Springer} | |
| } | |
| @inproceedings{yao2010deniable, | |
| title={Deniable internet key exchange}, | |
| author={Yao, Andrew C and Zhao, Yunlei}, | |
| booktitle={International Conference on Applied Cryptography and Network Security}, | |
| pages={329--348}, | |
| year={2010}, | |
| organization={Springer} | |
| } | |
| @article{cremers2011one, | |
| title={One-round strongly secure key exchange with perfect forward secrecy and deniability}, | |
| author={Cremers, Cas and Feltz, Michele}, | |
| journal={IACR Cryptology ePrint Archive}, | |
| volume={2011}, | |
| pages={300}, | |
| year={2011} | |
| } | |
| @article{harn2005authenticated, | |
| title={Authenticated Diffie--Hellman key agreement protocol using a single cryptographic assumption}, | |
| author={Harn, Lein and Hsin, W-J and Mehta, Mohit}, | |
| journal={IEE Proceedings-Communications}, | |
| volume={152}, | |
| number={4}, | |
| pages={404--410}, | |
| year={2005}, | |
| publisher={IET} | |
| } | |
| @phdthesis{datta2005security, | |
| title={Security analysis of network protocols: Compositional reasoning and complexity-theoretic foundations}, | |
| author={Datta, Anupam}, | |
| year={2005}, | |
| school={Citeseer} | |
| } | |
| @article{menezes2010reusing, | |
| title={On reusing ephemeral keys in Diffie-Hellman key agreement protocols}, | |
| author={Menezes, Alfred and Ustaoglu, Berkant}, | |
| journal={International Journal of Applied Cryptography}, | |
| volume={2}, | |
| number={2}, | |
| pages={154--158}, | |
| year={2010}, | |
| publisher={Inderscience Publishers} | |
| } | |
| @inproceedings{yao2013oake, | |
| title={OAKE: a new family of implicitly authenticated diffie-hellman protocols}, | |
| author={Yao, Andrew Chi-Chih and Zhao, Yunlei}, | |
| booktitle={Proceedings of the 2013 ACM SIGSAC conference on Computer \& communications security}, | |
| pages={1113--1128}, | |
| year={2013}, | |
| organization={ACM} | |
| } | |
| @inproceedings{zhang2015authenticated, | |
| title={Authenticated key exchange from ideal lattices}, | |
| author={Zhang, Jiang and Zhang, Zhenfeng and Ding, Jintai and Snook, Michael and Dagdelen, {\"O}zg{\"u}r}, | |
| booktitle={Annual International Conference on the Theory and Applications of Cryptographic Techniques}, | |
| pages={719--751}, | |
| year={2015}, | |
| organization={Springer} | |
| } | |
| @inproceedings{jiang2008efficient, | |
| title={An efficient deniable key exchange protocol}, | |
| author={Jiang, Shaoquan and Safavi-Naini, Reihaneh}, | |
| booktitle={International Conference on Financial Cryptography and Data Security}, | |
| pages={47--52}, | |
| year={2008}, | |
| organization={Springer} | |
| } | |
| @inproceedings{yang2011authenticated, | |
| title={Authenticated key exchange under bad randomness}, | |
| author={Yang, Guomin and Duan, Shanshan and Wong, Duncan S and Tan, Chik How and Wang, Huaxiong}, | |
| booktitle={International Conference on Financial Cryptography and Data Security}, | |
| pages={113--126}, | |
| year={2011}, | |
| organization={Springer} | |
| } | |
| @article{singh2015practical, | |
| title={A Practical Key Exchange for the Internet using Lattice Cryptography.}, | |
| author={Singh, Vikram}, | |
| journal={IACR Cryptology ePrint Archive}, | |
| volume={2015}, | |
| pages={138}, | |
| year={2015} | |
| } | |
| @inproceedings{yi2011three, | |
| title={Three-party password-authenticated key exchange without random oracles}, | |
| author={Yi, Xun and Tso, Raylin and Okamoto, Eiji}, | |
| booktitle={Security and Cryptography (SECRYPT), 2011 Proceedings of the International Conference on}, | |
| pages={15--24}, | |
| year={2011}, | |
| organization={IEEE} | |
| } | |
| @phdthesis{jost2014constructive, | |
| title={A constructive analysis of IPsec}, | |
| author={Jost, Daniel}, | |
| year={2014}, | |
| school={Citeseer} | |
| } | |
| @inproceedings{chen2016strongly, | |
| title={Strongly leakage-resilient authenticated key exchange}, | |
| author={Chen, Rongmao and Mu, Yi and Yang, Guomin and Susilo, Willy and Guo, Fuchun}, | |
| booktitle={Cryptographers’ Track at the RSA Conference}, | |
| pages={19--36}, | |
| year={2016}, | |
| organization={Springer} | |
| } | |
| @article{feltz2014limits, | |
| title={On the Limits of Authenticated Key Exchange Security with an Application to Bad Randomness.}, | |
| author={Feltz, Michele and Cremers, Cas}, | |
| journal={IACR Cryptology ePrint Archive}, | |
| volume={2014}, | |
| pages={369}, | |
| year={2014} | |
| } | |
| @article{katz2010one, | |
| title={One-Round Password-Based Authenticated Key Exchange.}, | |
| author={Katz, Jonathan and Vaikuntanathan, Vinod}, | |
| journal={IACR Cryptology ePrint Archive}, | |
| volume={2010}, | |
| pages={368}, | |
| year={2010}, | |
| publisher={Citeseer} | |
| } | |
| @inproceedings{liu2013security, | |
| title={Security model and analysis of FHMQV, revisited}, | |
| author={Liu, Shengli and Sakurai, Kouichi and Weng, Jian and Zhang, Fangguo and Zhao, Yunlei}, | |
| booktitle={International Conference on Information Security and Cryptology}, | |
| pages={255--269}, | |
| year={2013}, | |
| organization={Springer} | |
| } | |
| @inproceedings{jager2015security, | |
| title={On the security of TLS 1.3 and QUIC against weaknesses in PKCS\# 1 v1. 5 encryption}, | |
| author={Jager, Tibor and Schwenk, J{\"o}rg and Somorovsky, Juraj}, | |
| booktitle={Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security}, | |
| pages={1185--1196}, | |
| year={2015}, | |
| organization={ACM} | |
| } | |
| @article{lan2017investigating, | |
| title={Investigating the Multi-Ciphersuite and Backwards-Compatibility Security of the Upcoming TLS 1.3}, | |
| author={Lan, Xiao and Xu, Jing and Zhang, Zhenfeng and Zhu, Wen Tao}, | |
| journal={IEEE Transactions on Dependable and Secure Computing}, | |
| year={2017}, | |
| publisher={IEEE} | |
| } | |
| @inproceedings{dowling2015modelling, | |
| title={Modelling ciphersuite and version negotiation in the TLS protocol}, | |
| author={Dowling, Benjamin and Stebila, Douglas}, | |
| booktitle={Australasian Conference on Information Security and Privacy}, | |
| pages={270--288}, | |
| year={2015}, | |
| organization={Springer} | |
| } | |
| @inproceedings{li2016multiple, | |
| title={Multiple handshakes security of TLS 1.3 candidates}, | |
| author={Li, Xinyu and Xu, Jing and Zhang, Zhenfeng and Feng, Dengguo and Hu, Honggang}, | |
| booktitle={Security and Privacy (SP), 2016 IEEE Symposium on}, | |
| pages={486--505}, | |
| year={2016}, | |
| organization={IEEE} | |
| } | |
| @inproceedings{fischlin2016key, | |
| title={Key confirmation in key exchange: a formal treatment and implications for TLS 1.3}, | |
| author={Fischlin, Marc and G{\"u}nther, Felix and Schmidt, Benedikt and Warinschi, Bogdan}, | |
| booktitle={Security and Privacy (SP), 2016 IEEE Symposium on}, | |
| pages={452--469}, | |
| year={2016}, | |
| organization={IEEE} | |
| } | |
| @inproceedings{bellare2000authenticated, | |
| title={Authenticated key exchange secure against dictionary attacks}, | |
| author={Bellare, Mihir and Pointcheval, David and Rogaway, Phillip}, | |
| booktitle={Advances in Cryptology—EUROCRYPT 2000}, | |
| pages={139--155}, | |
| year={2000}, | |
| organization={Springer} | |
| } | |
| @inproceedings{canetti2001analysis, | |
| title={Analysis of key-exchange protocols and their use for building secure channels}, | |
| author={Canetti, Ran and Krawczyk, Hugo}, | |
| booktitle={International Conference on the Theory and Applications of Cryptographic Techniques}, | |
| pages={453--474}, | |
| year={2001}, | |
| organization={Springer} | |
| } | |
| @article{blake1997key, | |
| title={Key agreement protocols and their security analysis}, | |
| author={Blake-Wilson, Simon and Johnson, Don and Menezes, Alfred}, | |
| journal={Crytography and Coding}, | |
| pages={30--45}, | |
| year={1997}, | |
| publisher={Springer} | |
| } | |
| @inproceedings{blake1998authenticated, | |
| title={Authenticated Diffe-Hellman key agreement protocols}, | |
| author={Blake-Wilson, Simon and Menezes, Alfred}, | |
| booktitle={International Workshop on Selected Areas in Cryptography}, | |
| pages={339--361}, | |
| year={1998}, | |
| organization={Springer} | |
| } | |
| @inproceedings{bellare1998modular, | |
| title={A modular approach to the design and analysis of authentication and key exchange protocols}, | |
| author={Bellare, Mihir and Canetti, Ran and Krawczyk, Hugo}, | |
| booktitle={Proceedings of the thirtieth annual ACM symposium on Theory of computing}, | |
| pages={419--428}, | |
| year={1998}, | |
| organization={ACM} | |
| } | |
| @article{shoup1999formal, | |
| title={On formal models for secure key exchange}, | |
| author={Shoup, Victor}, | |
| year={1999}, | |
| publisher={Citeseer} | |
| } | |
| @inproceedings{canetti2002universally, | |
| title={Universally composable notions of key exchange and secure channels}, | |
| author={Canetti, Ran and Krawczyk, Hugo}, | |
| booktitle={International Conference on the Theory and Applications of Cryptographic Techniques}, | |
| pages={337--351}, | |
| year={2002}, | |
| organization={Springer} | |
| } | |
| @inproceedings{lincoln1998probabilistic, | |
| title={A probabilistic poly-time framework for protocol analysis}, | |
| author={Lincoln, Patrick and Mitchell, John and Mitchell, Mark and Scedrov, Andre}, | |
| booktitle={Proceedings of the 5th ACM conference on Computer and communications security}, | |
| pages={112--121}, | |
| year={1998}, | |
| organization={ACM} | |
| } | |
| @inproceedings{choo2005examining, | |
| title={Examining indistinguishability-based proof models for key establishment protocols}, | |
| author={Choo, Kim-Kwang Raymond and Boyd, Colin and Hitchcock, Yvonne}, | |
| booktitle={International Conference on the Theory and Application of Cryptology and Information Security}, | |
| pages={585--604}, | |
| year={2005}, | |
| organization={Springer} | |
| } | |
| @article{katz2007scalable, | |
| title={Scalable protocols for authenticated group key exchange}, | |
| author={Katz, Jonathan and Yung, Moti}, | |
| journal={Journal of Cryptology}, | |
| volume={20}, | |
| number={1}, | |
| pages={85--113}, | |
| year={2007}, | |
| publisher={Springer} | |
| } | |
| @inproceedings{katz2002forward, | |
| title={Forward secrecy in password-only key exchange protocols}, | |
| author={Katz, Jonathan and Ostrovsky, Rafail and Yung, Moti}, | |
| booktitle={International Conference on Security in Communication Networks}, | |
| pages={29--44}, | |
| year={2002}, | |
| organization={Springer} | |
| } | |
| @article{cheng2005indistinguishability, | |
| title={On The Indistinguishability-Based Security Model of Key Agreement Protocols-Simple Cases.}, | |
| author={Cheng, Zhaohui and Nistazakis, Manos and Comley, Richard and Vasiu, Luminita}, | |
| journal={IACR Cryptology ePrint Archive}, | |
| volume={2005}, | |
| pages={129}, | |
| year={2005}, | |
| publisher={Citeseer} | |
| } | |
| @inproceedings{morrissey2008modular, | |
| title={A modular security analysis of the TLS handshake protocol}, | |
| author={Morrissey, Paul and Smart, Nigel P and Warinschi, Bogdan}, | |
| booktitle={International Conference on the Theory and Application of Cryptology and Information Security}, | |
| pages={55--73}, | |
| year={2008}, | |
| organization={Springer} | |
| } | |
| @inproceedings{boyd2003deniable, | |
| title={Deniable authenticated key establishment for internet protocols}, | |
| author={Boyd, Colin and Mao, Wenbo and Paterson, Kenneth G}, | |
| booktitle={International Workshop on Security Protocols}, | |
| pages={255--271}, | |
| year={2003}, | |
| organization={Springer} | |
| } | |
| @inproceedings{groce2010new, | |
| title={A new framework for efficient password-based authenticated key exchange}, | |
| author={Groce, Adam and Katz, Jonathan}, | |
| booktitle={Proceedings of the 17th ACM conference on Computer and communications security}, | |
| pages={516--525}, | |
| year={2010}, | |
| organization={ACM} | |
| } | |
| @article{mackenzie2001security, | |
| title={On the Security of the SPEKE Password-Authenticated Key Exchange Protocol.}, | |
| author={MacKenzie, Philip}, | |
| journal={IACR Cryptology ePrint Archive}, | |
| volume={2001}, | |
| pages={57}, | |
| year={2001} | |
| } | |
| @inproceedings{sarr2010new, | |
| title={A new security model for authenticated key agreement}, | |
| author={Sarr, Augustin P and Elbaz-Vincent, Philippe and Bajard, Jean-Claude}, | |
| booktitle={International Conference on Security and Cryptography for Networks}, | |
| pages={219--234}, | |
| year={2010}, | |
| organization={Springer} | |
| } | |
| @phdthesis{katz2002efficient, | |
| title={Efficient Cryptographic Protocols Preventing “Man-in-the-Middle” Attacks}, | |
| author={Katz, Jonathan}, | |
| year={2002}, | |
| school={COLUMBIA UNIVERSITY} | |
| } | |
| @article{goldreich2006session, | |
| title={Session-key generation using human passwords only}, | |
| author={Goldreich, Oded and Lindell, Yehuda}, | |
| journal={Journal of Cryptology}, | |
| volume={19}, | |
| number={3}, | |
| pages={241--340}, | |
| year={2006}, | |
| publisher={Springer} | |
| } | |
| @inproceedings{choo2005security, | |
| title={Security requirements for key establishment proof models: revisiting Bellare--Rogaway and Jeong--Katz--Lee protocols}, | |
| author={Choo, Kim-Kwang Raymond and Hitchcock, Yvonne}, | |
| booktitle={Australasian Conference on Information Security and Privacy}, | |
| pages={429--442}, | |
| year={2005}, | |
| organization={Springer} | |
| } | |
| @inproceedings{kusters2011composition, | |
| title={Composition theorems without pre-established session identifiers}, | |
| author={K{\"u}sters, Ralf and Tuengerthal, Max}, | |
| booktitle={Proceedings of the 18th ACM conference on Computer and communications security}, | |
| pages={41--50}, | |
| year={2011}, | |
| organization={ACM} | |
| } | |
| @inproceedings{bresson2007security, | |
| title={On security models and compilers for group key exchange protocols}, | |
| author={Bresson, Emmanuel and Manulis, Mark and Schwenk, J{\"o}rg}, | |
| booktitle={International Workshop on Security}, | |
| pages={292--307}, | |
| year={2007}, | |
| organization={Springer} | |
| } | |
| @article{morrissey2010tls, | |
| title={The TLS handshake protocol: A modular analysis}, | |
| author={Morrissey, Paul and Smart, Nigel P and Warinschi, Bogdan}, | |
| journal={Journal of Cryptology}, | |
| volume={23}, | |
| number={2}, | |
| pages={187--223}, | |
| year={2010}, | |
| publisher={Springer} | |
| } | |
| @inproceedings{brzuska2011composability, | |
| title={Composability of Bellare-Rogaway key exchange protocols}, | |
| author={Brzuska, Christina and Fischlin, Marc and Warinschi, Bogdan and Williams, Stephen C}, | |
| booktitle={Proceedings of the 18th ACM conference on Computer and communications security}, | |
| pages={51--62}, | |
| year={2011}, | |
| organization={ACM} | |
| } | |
| @inproceedings{tin2003provably, | |
| title={Provably secure mobile key exchange: Applying the Canetti-Krawczyk approach}, | |
| author={Tin, Yiu Shing Terry and Boyd, Colin and Nieto, Juan Manuel Gonz{\'a}lez}, | |
| booktitle={Australasian Conference on Information Security and Privacy}, | |
| pages={166--179}, | |
| year={2003}, | |
| organization={Springer} | |
| } | |
| @phdthesis{choo2006key, | |
| title={Key Establishment: Proofs and Refutations}, | |
| author={Choo, Kim-Kwang Raymond}, | |
| year={2006}, | |
| school={Queensland University of Technology} | |
| } | |
| @inproceedings{zhang2010deniable, | |
| title={A deniable group key establishment protocol in the standard model}, | |
| author={Zhang, Yazhe and Wang, Kunpeng and Li, Bao}, | |
| booktitle={International Conference on Information Security Practice and Experience}, | |
| pages={308--323}, | |
| year={2010}, | |
| organization={Springer} | |
| } | |
| @article{hitchcock2006modular, | |
| title={Modular proofs for key exchange: rigorous optimizations in the Canetti--Krawczyk model}, | |
| author={Hitchcock, Yvonne and Boyd, Colin and Gonz{\'a}lez Nieto, Juan Manuel}, | |
| journal={Applicable Algebra in Engineering, Communication and Computing}, | |
| volume={16}, | |
| number={6}, | |
| pages={405--438}, | |
| year={2006}, | |
| publisher={Springer} | |
| } | |
| @article{jager2011standard, | |
| title={A Standard-Model Security Analysis of TLS-DHE.}, | |
| author={Jager, Tibor and Kohlar, Florian and Sch{\"a}ge, Sven and Schwenk, J{\"o}rg}, | |
| journal={IACR Cryptology ePrint Archive}, | |
| volume={2011}, | |
| number={219}, | |
| year={2011} | |
| } | |
| @incollection{jager2012security, | |
| title={On the security of TLS-DHE in the standard model}, | |
| author={Jager, Tibor and Kohlar, Florian and Sch{\"a}ge, Sven and Schwenk, J{\"o}rg}, | |
| booktitle={Advances in Cryptology--CRYPTO 2012}, | |
| pages={273--293}, | |
| year={2012}, | |
| publisher={Springer} | |
| } | |
| ### INCOMPLETE, financial crypto 2017 | |
| @article{dodisunilaterally, | |
| title={Unilaterally-Authenticated Key Exchange}, | |
| author={Dodis, Yevgeniy and Fiore, Dario} | |
| } | |
| @inproceedings{bhargavan2017content, | |
| title={Content Delivery over TLS: A Cryptographic Analysis of Keyless SSL}, | |
| author={Bhargavan, Karthikeyan and Boureanu, IC and Fouque, Pierre-Alain and Onete, Cristina and Richard, Benjamin}, | |
| booktitle={Proceedings of the 2nd IEEE European Symposium on Security and Privacy}, | |
| year={2017} | |
| } | |
| @inproceedings{gunther20170, | |
| title={0-RTT Key Exchange with Full Forward Secrecy}, | |
| author={G{\"u}nther, Felix and Hale, Britta and Jager, Tibor and Lauer, Sebastian}, | |
| booktitle={Annual International Conference on the Theory and Applications of Cryptographic Techniques}, | |
| pages={519--548}, | |
| year={2017}, | |
| organization={Springer} | |
| } | |
| # Attacks and Real-World Protocols | |
| @inproceedings{lauter2006security, | |
| title={Security analysis of KEA authenticated key exchange protocol}, | |
| author={Lauter, Kristin and Mityagin, Anton}, | |
| booktitle={Public Key Cryptography}, | |
| volume={3958}, | |
| pages={378--394}, | |
| year={2006}, | |
| organization={Springer} | |
| } | |
| @inproceedings{jager2015practical, | |
| title={Practical invalid curve attacks on TLS-ECDH}, | |
| author={Jager, Tibor and Schwenk, J{\"o}rg and Somorovsky, Juraj}, | |
| booktitle={European Symposium on Research in Computer Security}, | |
| pages={407--425}, | |
| year={2015}, | |
| organization={Springer} | |
| } | |
| @inproceedings{bhargavan2016transcript, | |
| title={Transcript collision attacks: Breaking authentication in TLS, IKE, and SSH}, | |
| author={Bhargavan, Karthikeyan and Leurent, Ga{\"e}tan}, | |
| booktitle={Network and Distributed System Security Symposium--NDSS 2016}, | |
| year={2016} | |
| } | |
| @inproceedings{bhargavan2016downgrade, | |
| title={Downgrade resilience in key-exchange protocols}, | |
| author={Bhargavan, Karthikeyan and Brzuska, Christina and Fournet, C{\'e}dric and Green, Matthew and Kohlweiss, Markulf and Zanella-B{\'e}guelin, Santiago}, | |
| booktitle={Security and Privacy (SP), 2016 IEEE Symposium on}, | |
| pages={506--525}, | |
| year={2016}, | |
| organization={IEEE} | |
| } | |
| @inproceedings{aviram2016drown, | |
| title={DROWN: breaking TLS using SSLv2}, | |
| author={Aviram, Nimrod and Schinzel, Sebastian and Somorovsky, Juraj and Heninger, Nadia and Dankel, Maik and Steube, Jens and Valenta, Luke and Adrian, David and Halderman, J Alex and Dukhovni, Viktor and others}, | |
| booktitle={25th USENIX Security Symposium (USENIX Security 16)(Aug. 2016)}, | |
| year={2016} | |
| } | |
| @inproceedings{meyer2014revisiting, | |
| title={Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks.}, | |
| author={Meyer, Christopher and Somorovsky, Juraj and Weiss, Eugen and Schwenk, J{\"o}rg and Schinzel, Sebastian and Tews, Erik}, | |
| booktitle={USENIX Security}, | |
| volume={14}, | |
| pages={733--748}, | |
| year={2014} | |
| } | |
| @inproceedings{albrecht2016lucky, | |
| title={Lucky Microseconds: A timing attack on amazon’s s2n implementation of TLS}, | |
| author={Albrecht, Martin R and Paterson, Kenneth G}, | |
| booktitle={Annual International Conference on the Theory and Applications of Cryptographic Techniques}, | |
| pages={622--643}, | |
| year={2016}, | |
| organization={Springer} | |
| } | |
| @inproceedings{garman2015attacks, | |
| title={Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS.}, | |
| author={Garman, Christina and Paterson, Kenneth G and Van der Merwe, Thyla}, | |
| booktitle={USENIX Security}, | |
| pages={113--128}, | |
| year={2015} | |
| } | |
| @article{kaliski2001unknown, | |
| title={An unknown key-share attack on the MQV key agreement protocol}, | |
| author={Kaliski Jr, Burton S}, | |
| journal={ACM Transactions on Information and System Security (TISSEC)}, | |
| volume={4}, | |
| number={3}, | |
| pages={275--288}, | |
| year={2001}, | |
| publisher={ACM} | |
| } | |
| @inproceedings{giesen2013security, | |
| title={On the security of TLS renegotiation}, | |
| author={Giesen, Florian and Kohlar, Florian and Stebila, Douglas}, | |
| booktitle={Proceedings of the 2013 ACM SIGSAC conference on Computer \& communications security}, | |
| pages={387--398}, | |
| year={2013}, | |
| organization={ACM} | |
| } | |
| @incollection{krawczyk2013security, | |
| title={On the security of the TLS protocol: A systematic analysis}, | |
| author={Krawczyk, Hugo and Paterson, Kenneth G and Wee, Hoeteck}, | |
| booktitle={Advances in Cryptology--CRYPTO 2013}, | |
| pages={429--448}, | |
| year={2013}, | |
| publisher={Springer} | |
| } | |
| # Verified Implementations | |
| @article{bhargavan2016mitls, | |
| title={miTLS: Verifying Protocol Implementations against Real-World Attacks}, | |
| author={Bhargavan, Karthikeyan and Fournet, Cedric and Kohlweiss, Markulf}, | |
| journal={IEEE Security \& Privacy}, | |
| volume={14}, | |
| number={6}, | |
| pages={18--25}, | |
| year={2016}, | |
| publisher={IEEE} | |
| } | |
| @inproceedings{kusters2009using, | |
| title={Using ProVerif to analyze protocols with Diffie-Hellman exponentiation}, | |
| author={K{\"u}sters, Ralf and Truderung, Tomasz}, | |
| booktitle={Computer Security Foundations Symposium, 2009. CSF'09. 22nd IEEE}, | |
| pages={157--171}, | |
| year={2009}, | |
| organization={IEEE} | |
| } | |
| @inproceedings{barthe2015mind, | |
| title={Mind the gap: Modular machine-checked proofs of one-round key exchange protocols}, | |
| author={Barthe, Gilles and Crespo, Juan Manuel and Lakhnech, Yassine and Schmidt, Benedikt}, | |
| booktitle={Annual International Conference on the Theory and Applications of Cryptographic Techniques}, | |
| pages={689--718}, | |
| year={2015}, | |
| organization={Springer} | |
| } | |
| @article{delignattowards, | |
| title={Towards a Provably Secure Implementation of TLS 1.3}, | |
| author={Delignat, Benjamin Beurdouche Karthikeyan Bhargavan Antoine and Ishtiaq, Lavaud C{\'e}dric Fournet Samin and Swamy, Markulf Kohlweiss Jonathan Protzenko Nikhil and Zinzindohou{\'e}, Santiago Zanella-B{\'e}guelin Jean Karim} | |
| } | |
| @article{bhargavan2016implementing, | |
| title={Implementing and Proving the TLS 1.3 Record Layer}, | |
| author={Bhargavan, Karthikeyan and Delignat-Lavaud, Antoine and Fournet, Cédric and Kohlweiss, Markulf and Pan, Jianyang and Protzenko, Jonathan and Rastogi, Aseem and Swamy, Nikhil and Zanella-Béguelin, Santiago and Zinzindohoué, Jean Karim}, | |
| year={2016} | |
| } | |
| @inproceedings{bhargavan2016proscript, | |
| title={ProScript TLS: Building a TLS 1.3 Implementation with a Verifiable Protocol Model}, | |
| author={Bhargavan, Karthikeyan and Kobeissi, Nadim and Blanchet, Bruno}, | |
| booktitle={TRON Workshop-TLS 1.3, Ready Or Not}, | |
| year={2016} | |
| } | |
| @inproceedings{beurdouche2015messy, | |
| title={A messy state of the union: Taming the composite state machines of TLS}, | |
| author={Beurdouche, Benjamin and Bhargavan, Karthikeyan and Delignat-Lavaud, Antoine and Fournet, C{\'e}dric and Kohlweiss, Markulf and Pironti, Alfredo and Strub, Pierre-Yves and Zinzindohoue, Jean Karim}, | |
| booktitle={Security and Privacy (SP), 2015 IEEE Symposium on}, | |
| pages={535--552}, | |
| year={2015}, | |
| organization={IEEE} | |
| } | |
| @inproceedings{somorovsky2016systematic, | |
| title={Systematic fuzzing and testing of TLS libraries}, | |
| author={Somorovsky, Juraj}, | |
| booktitle={Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security}, | |
| pages={1492--1504}, | |
| year={2016}, | |
| organization={ACM} | |
| } | |
| @book{cremers2006scyther, | |
| title={Scyther: Semantics and verification of security protocols}, | |
| author={Cremers, Casimier Joseph Franciscus}, | |
| year={2006}, | |
| publisher={Eindhoven University of Technology Eindhoven, Netherlands} | |
| } | |
| @article{goubault2000method, | |
| title={A method for automatic cryptographic protocol verification}, | |
| author={Goubault-Larrecq, Jean}, | |
| journal={Parallel and Distributed Processing}, | |
| pages={977--984}, | |
| year={2000}, | |
| publisher={Springer} | |
| } | |
| @techreport{bella2000inductive, | |
| title={Inductive verification of cryptographic protocols}, | |
| author={Bella, Giampaolo}, | |
| year={2000}, | |
| institution={University of Cambridge, Computer Laboratory} | |
| } | |
| # Standards | |
| @techreport{kaufman2014internet, | |
| title={Internet key exchange protocol version 2 (IKEv2)}, | |
| author={Kaufman, Charlie and Hoffman, Paul and Nir, Yoav and Eronen, Parsi and Kivinen, T}, | |
| year={2014} | |
| } | |
| @incollection{paterson2016reactive, | |
| title={Reactive and Proactive Standardisation of TLS}, | |
| author={Paterson, Kenneth G and van der Merwe, Thyla}, | |
| booktitle={Security Standardisation Research}, | |
| pages={160--186}, | |
| year={2016}, | |
| publisher={Springer} | |
| } | |
| # General, Measurement, etc. | |
| ### INCOMPLETE, financial crypto 2017 | |
| @article{samarasinghe2017short, | |
| title={Short Paper: TLS Ecosystems in Networked Devices vs. Web Servers}, | |
| author={Samarasinghe, Nayanamana and Mannan, Mohammad}, | |
| year={2017} | |
| } | |
| ### INCOMPLETE, financial crypto 2017 | |
| @article{chothiabanker, | |
| title={Why Banker Bob (still) Can’t Get TLS Right: A Security Analysis of TLS in Leading UK Banking Apps}, | |
| author={Chothia, Tom and Garcia, Flavio D and Heppel, Chris and Stone, Chris McMahon} | |
| } | |
| @phdthesis{levillain2016study, | |
| title={A study of the TLS ecosystem}, | |
| author={Levillain, Olivier}, | |
| year={2016}, | |
| school={Institut National des T{\'e}l{\'e}communications} | |
| } | |
| @inproceedings{springall2016measuring, | |
| title={Measuring the Security Harm of TLS Crypto Shortcuts}, | |
| author={Springall, Drew and Durumeric, Zakir and Halderman, J Alex}, | |
| booktitle={Proceedings of the 2016 ACM on Internet Measurement Conference}, | |
| pages={33--47}, | |
| year={2016}, | |
| organization={ACM} | |
| } |