rewrite PKI section
[ach-master.git] / src / security.bib
1 @string {J_AM =
2     {\hyperref{http://stackexchange.com/}{}{}{Proceedings}
3      \hyperref{http://stackexchange.com/}{}{}{of}
4      \hyperref{http://stackexchange.com/}{}{}{Symposia}
5      \hyperref{http://stackexchange.com/}{}{}{in}
6      \hyperref{http://stackexchange.com/}{}{}{Applied}
7      \hyperref{http://stackexchange.com/}{}{}{Mathematics}}
8 }
9 @string {I_PolarSSL =
10     {\hyperref{http://polarssl.org/}{}{}{PolarSSL}}
11 }
12 @string {I_Stackexchange =
13     {\hyperref{http://stackexchange.com/}{}{}{Stackexchange}
14      \hyperref{http://stackexchange.com/}{}{}{Q\&A}
15      \hyperref{http://stackexchange.com/}{}{}{Site}}
16 }
17 @string {I_Wikipedia =
18     {\hyperref{http://wikipedia.org/}{}{}{Wikipedia}}
19 }
20 @string {I_Wolfram =
21     {\hyperref{http://mathworld.wolfram.com/}{}{}{Wolfram} 
22      \hyperref{http://mathworld.wolfram.com/}{}{}{Research} 
23      \hyperref{http://mathworld.wolfram.com/}{}{}{Mathworld}}
24 }
25 @string {J_TOMACS =
26     {\hyperref{http://tomacs.acm.org/}{}{}{ACM}
27      \hyperref{http://tomacs.acm.org/}{}{}{Transactions}
28      \hyperref{http://tomacs.acm.org/}{}{}{on}
29      \hyperref{http://tomacs.acm.org/}{}{}{Modeling}
30      \hyperref{http://tomacs.acm.org/}{}{}{and}
31      \hyperref{http://tomacs.acm.org/}{}{}{Computer}
32      \hyperref{http://tomacs.acm.org/}{}{}{Simulation}}
33 }
34
35 @inproceedings{HDWH12,
36    author    = {Nadia Heninger and Zakir Durumeric and Eric Wustrow
37                 and J. Alex Halderman},
38    title     = {Mining Your {P}s and {Q}s: {D}etection of Widespread Weak Keys
39                 in Network Devices},
40   booktitle  = {Proceedings of the 21st {USENIX} Security Symposium},
41   month      = aug,
42   year       = {2012},
43   url        = {https://factorable.net/weakkeys12.extended.pdf},
44 }
45
46 @techreport{Wikipedia:/dev/random,
47    key       = {Wikipedia:/dev/random},
48    title     = {/dev/random},
49    institution = I_Wikipedia,
50    year      = {2013},
51    month     = Dec,
52    type      = {Wikipedia},
53    url       = {http://en.wikipedia.org/wiki/dev/random},
54    note      = {Accessed 2013-12-06},
55 }
56
57 @article{SS03,
58    author    = {A. Seznec and N. Sendrier},
59    title     = {{HAVEGE}: a user-level software heuristic for generating
60                 empirically strong random numbers},
61    journal   = J_TOMACS,
62    year      = {2003},
63    volume    = {13},
64    number    = {4},
65    month     = Oct,
66    pages     = {334-346},
67    url       = {http://www.irisa.fr/caps/projects/hipsor/scripts/down.php?id=13781296&ext=.pdf},
68 }
69
70 @techreport{Eng11,
71    author    = {Jakob Engblom},
72    title     = {Evaluating {HAVEGE} Randomness},
73    year      = {2011},
74    month     = Feb,
75    type      = {Blog: Observations from Uppsala},
76    url       = {http://jakob.engbloms.se/archives/1374},
77 }
78
79 @techreport{POL11,
80    key       = {POL},
81    title     = {Weak random number generation within virtualized
82                 environments},
83    institution = I_PolarSSL,
84    year      = {2011},
85    month     = Dec,
86    type      = {Security Advisory},
87    number    = {2011-02},
88    url       = {https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02},
89 }
90
91 @techreport{HAV13a,
92    key       = {HAV},
93    title     = {haveged -- A simple entropy daemon},
94    year      = {2013},
95    month     = Dec,
96    type      = {Software Homepage},
97    url       = {http://www.issihosts.com/haveged/},
98    note      = {Accessed 2013-12-06},
99 }
100
101 @techreport{HAV13b,
102    key       = {HAV},
103    title     = {haveged -- A simple entropy daemon: Runtime Testing},
104    year      = {2013},
105    month     = Dec,
106    type      = {Technical Background},
107    url       = {http://www.issihosts.com/haveged/},
108    note      = {Accessed 2013-12-06},
109 }
110
111 @book{katz2008introduction,
112   title={Introduction to modern cryptography},
113   author={Katz, J. and Lindell, Y.},
114   isbn={9781584885511},
115   lccn={2007017861},
116   series={Chapman and Hall/CRC Cryptography and Network Security Series},
117   url={http://books.google.at/books?id=WIc\_AQAAIAAJ},
118   year={2008},
119   publisher={Chapman \& Hall/CRC}
120 }
121
122 @techreport{DJBSC,
123    key       = {DJB},
124    title     = {SafeCurves: choosing safe curves for elliptic-curve cryptography},
125    year      = {2013},
126    month     = Dec,
127    type      = {Technical Background},
128    url       = {http://safecurves.cr.yp.to/rigid.html},
129    note      = {Accessed 2013-12-09},
130 }
131
132 @techreport{Wikipedia:ExportCipher,
133    key       = {Wikipedia:ExportCipher},
134    title     = {Export of cryptography in the {U}nited {S}tates},
135    institution = I_Wikipedia,
136    year      = {2013},
137    month     = Dec,
138    type      = {Wikipedia},
139    url       = {http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States},
140    note      = {Accessed 2013-12-09},
141 }
142
143 @article{ii2011ecrypt,
144    title     = {ECRYPT II},
145    author    = {II, ECRYPT and SYM, D},
146    year      = {2012},
147    url       = {http://www.ecrypt.eu.org/documents/D.SPA.20.pdf},
148    pages     = {79-86},
149 }
150
151 @techreport{Wikipedia:Tempest,
152    key       = {Wikipedia:Tempest},
153    title     = {Tempest (codename)},
154    institution = I_Wikipedia,
155    year      = {2013},
156    month     = Dec,
157    type      = {Wikipedia},
158    url       = {https://en.wikipedia.org/wiki/Tempest_(codename)},
159    note      = {Accessed 2013-12-12},
160 }
161
162 @techreport{Wikipedia:Discrete,
163    key       = {Wikipedia:Discrete},
164    title     = {Discrete logarithm},
165    institution = I_Wikipedia,
166    year      = {2013},
167    month     = Dec,
168    type      = {Wikipedia},
169    url       = {https://en.wikipedia.org/wiki/Discrete_logarithm},
170    note      = {Accessed 2013-12-12},
171 }
172
173 @techreport{Wikipedia:Certificate,
174    key       = {Wikipedia:Certificate},
175    title     = {Certificate Policy},
176    institution = I_Wikipedia,
177    year      = {2013},
178    month     = Dec,
179    type      = {Wikipedia},
180    url       = {https://en.wikipedia.org/wiki/Certificate_Policy},
181    note      = {Accessed 2013-12-12},
182 }
183
184 @techreport{Sch13,
185    author    = {Bruce Schneier},
186    title     = {The {NSA} Is Breaking Most Encryption on the Internet},
187    year      = {2013},
188    month     = Sep,
189    type      = {Blog: Schneier on Security},
190    url       = {https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html},
191 }
192
193 @techreport{Sch13b,
194    author    = {Bruce Schneier},
195    title     = {The {NSA} Is Breaking Most Encryption on the Internet},
196    year      = {2013},
197    month     = Sep,
198    type      = {Answer to Blog Comment},
199    url       = {https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html\#c1675929},
200 }
201
202 @techreport{BL13,
203    author    = {D. J. Bernstein and Tanja Lange},
204    title     = {Security dangers of the {NIST} curves},
205    year      = {2013},
206    month     = Sep,
207    type      = {Presentation slides},
208    url       = {http://cr.yp.to/talks/2013.09.16/slides-djb-20130916-a4.pdf},
209 }
210
211 @techreport{W13,
212    author    = {D. W.},
213    title     = {Should we trust the {NIST}-recommended {ECC} parameters?},
214    year      = {2013},
215    month     = Sep,
216    type      = {Stackexchange Question},
217    institution = I_Stackexchange,
218    url       = {http://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters},
219 }
220
221 @inproceedings{McC90,
222    author    = {Kevin S. McCurley},
223    title     = {The Discrete Logarithm Problem},
224    booktitle = {Cryptology and Computational Number Theory, } # J_AM,
225    year      = {1990},
226    volume    = {42},
227    pages     = {49-74},
228    url       = {http://www.mccurley.org/papers/dlog.pdf},
229 }
230
231 @techreport{WR13,
232    key       = {Wolfram Research, Mathworld},
233    title     = {Elliptic Curve},
234    year      = {2013},
235    month     = Dec,
236    type      = {Math Dictionary Entry},
237    institution = I_Wolfram,
238    url       = {http://mathworld.wolfram.com/EllipticCurve.html},
239    note      = {Accessed 2013-12-12},
240 }
241
242 @misc{yarom2013flush+,
243   title      = {Flush+ Reload: a high resolution, low noise, L3 cache side-channel attack},
244   author     = {Yarom, Yuval and Falkner, Katrina},
245   year       = {2013},
246   publisher  = {Cryptology ePrint Archive, Report 2013/448, 2013. http://eprint. iacr. org/2013/448/. 3},
247   url        = {http://eprint.iacr.org/2013/448.pdf}
248 }
249
250 @techreport{TR02102,
251   title      = {BSI TR-02102 Kryptographische Verfahren},
252   author     = {Bundesamt f\"ur Sicherheit in der Informationstechnik (BSI)},
253   year       = {2013},
254   month      = {Jan},
255   url        = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102_pdf}
256 }
257
258 @techreport{ENISA2013,
259   title      = {ENISA - Algorithms, Key Sizes and Parameters Report},
260   author     = {{ENISA and Vincent Rijmen, Nigel P. Smart, Bogdan warinschi, Gaven Watson}},
261   year       = {2013},
262   month      = {Oct},
263   url        = {http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report},
264 }
265   
266 @book{anderson2008security,
267   title      = {Security engineering},
268   author     = {Anderson, Ross},
269   year       = {2008},
270   publisher  = {Wiley. com}
271 }
272
273 @misc{tschofenig-webpki,
274   author = {{H. Tschofenig and E. Lear}},
275   title = {{Evolving the Web Public Key Infrastructure}},
276   howpublished = {\url{http://tools.ietf.org/html/draft-tschofenig-iab-webpki-evolution-01.txt}},
277   year = 2013,
278   month = Nov,
279 }
280
281 @misc{diginotar-hack,
282   author = {{Elinor Mills}},
283   title = {{Fraudulent Google certificate points to Internet attack}},
284   howpublished = {\url{http://news.cnet.com/8301-27080\_3-20098894-245/fraudulent-google-certificate-points-to-internet-attack/}},
285   year = 2011,
286   month = Aug,
287 }
288
289 @misc{googlecahack,
290   author = {{Damon Poeter}},
291   title = {{Fake Google Certificate Puts Gmail at Risk}},
292   howpublished = {\url{http://www.pcmag.com/article2/0,2817,2392063,00.asp}},
293   year = 2011,
294   month = Aug,
295 }
296
297 @misc{draft-ietf-websec-key-pinning,
298   author = {{C. Evans and C. Palmer}},
299   title = {{Public Key Pinning Extension for HTTP}},
300   howpublished = {\url{http://tools.ietf.org/html/draft-ietf-websec-key-pinning-09}},
301   year = 2013,
302   month = Nov,
303 }
304
305 @misc{gocode,
306   author = {{Adam Langley, et. al.}},
307   title = {{Go X.509 Verification Source Code}},
308   howpublished = {\url{https://code.google.com/p/go/source/browse/src/pkg/crypto/x509/verify.go#173}},
309   year = 2013,
310   month = 12,
311 }
312
313 @misc{certtransparency,
314   author = {{Adam Langley, Ben Laurie, Emilia Kasper}},
315   title = {{Certificate Transparency}},
316   howpublished = "\url{http://www.certificate-transparency.org}
317                 \url{http://datatracker.ietf.org/doc/rfc6962/}",
318   year = 2013,
319   month = 07,
320 }
321
322 @misc{snowdenGuardianGreenwald,
323   author = {{Glenn Greenwald}},
324   title = {{Edward Snowden: NSA whistleblower answers reader questions}},
325   howpublished = "\url{http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower},
326                 \url{http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower}",
327   year = 2013,
328   month = 07,
329   day = 17,
330 }
331
332 @InProceedings{https13,
333         author = {Zakir Durumeric and James Kasten and Michael Bailey and J. Alex Halderman},
334         title = {Analysis of the {HTTPS} Certificate Ecosystem},
335         booktitle = {Proceedings of the 13th Internet Measurement Conference},
336         month = oct,
337         year = {2013},
338         url = {https://jhalderm.com/pub/papers/https-imc13.pdf},
339 }