src/security.bib

   1 @string {J_AM =
   2     {\hyperref{http://stackexchange.com/}{}{}{Proceedings}
   3      \hyperref{http://stackexchange.com/}{}{}{of}
   4      \hyperref{http://stackexchange.com/}{}{}{Symposia}
   5      \hyperref{http://stackexchange.com/}{}{}{in}
   6      \hyperref{http://stackexchange.com/}{}{}{Applied}
   7      \hyperref{http://stackexchange.com/}{}{}{Mathematics}}
   8 }
   9 @string {I_PolarSSL =
  10     {\hyperref{https://polarssl.org/}{}{}{PolarSSL}}
  11 }
  12 @string {I_Stackexchange =
  13     {\hyperref{http://stackexchange.com/}{}{}{Stackexchange}
  14      \hyperref{http://stackexchange.com/}{}{}{Q\&A}
  15      \hyperref{http://stackexchange.com/}{}{}{Site}}
  16 }
  17 @string {I_Wikipedia =
  18     {\hyperref{https://wikipedia.org/}{}{}{Wikipedia}}
  19 }
  20 @string {I_Wolfram =
  21     {\hyperref{http://mathworld.wolfram.com/}{}{}{Wolfram}
  22      \hyperref{http://mathworld.wolfram.com/}{}{}{Research}
  23      \hyperref{http://mathworld.wolfram.com/}{}{}{Mathworld}}
  24 }
  25 @string {J_TOMACS =
  26     {\hyperref{https://tomacs.acm.org/}{}{}{ACM}
  27      \hyperref{https://tomacs.acm.org/}{}{}{Transactions}
  28      \hyperref{https://tomacs.acm.org/}{}{}{on}
  29      \hyperref{https://tomacs.acm.org/}{}{}{Modeling}
  30      \hyperref{https://tomacs.acm.org/}{}{}{and}
  31      \hyperref{https://tomacs.acm.org/}{}{}{Computer}
  32      \hyperref{https://tomacs.acm.org/}{}{}{Simulation}}
  33 }
  34
  35 @string {I_MIT =
  36         {\hyperref{http://web.mit.edu/}{}{}{MIT}}
  37 }
  38
  39 @string {I_IETF =
  40         {\hyperref{https://www.ietf.org/}{}{}{IETF}}
  41 }
  42
  43 @string {I_ORACLE =
  44         {\hyperref{http://www.oracle.com/}{}{}{Oracle}}
  45 }
  46
  47 @string {I_GNU =
  48         {\hyperref{https://www.gnu.org/}{}{}{GNU}}
  49 }
  50
  51 @string {I_BLACKHAT =
  52     {\hyperref{https://blackhat.com}{}{}{Blackhat}
  53      \hyperref{https://blackhat.com}{}{}{USA}}
  54 }
  55
  56 @inproceedings{HDWH12,
  57    author    = {Nadia Heninger and Zakir Durumeric and Eric Wustrow
  58                 and J. Alex Halderman},
  59    title     = {Mining Your {P}s and {Q}s: {D}etection of Widespread Weak Keys
  60                 in Network Devices},
  61   booktitle  = {Proceedings of the 21st {USENIX} Security Symposium},
  62   month      = aug,
  63   year       = {2012},
  64   url        = {https://factorable.net/weakkeys12.extended.pdf},
  65 }
  66
  67 @techreport{Wikipedia:/dev/random,
  68    key       = {Wikipedia:/dev/random},
  69    title     = {/dev/random},
  70    institution = I_Wikipedia,
  71    year      = {2013},
  72    month     = Dec,
  73    type      = {Wikipedia},
  74    url       = {https://en.wikipedia.org/wiki/dev/random},
  75    note      = {Accessed 2013-12-06},
  76 }
  77
  78 @article{SS03,
  79    author    = {A. Seznec and N. Sendrier},
  80    title     = {{HAVEGE}: a user-level software heuristic for generating
  81                 empirically strong random numbers},
  82    journal   = J_TOMACS,
  83    year      = {2003},
  84    volume    = {13},
  85    number    = {4},
  86    month     = Oct,
  87    pages     = {334-346},
  88    url       = {http://www.irisa.fr/caps/projects/hipsor/scripts/down.php?id=13781296&ext=.pdf},
  89 }
  90
  91 @techreport{Eng11,
  92    author    = {Jakob Engblom},
  93    title     = {Evaluating {HAVEGE} Randomness},
  94    year      = {2011},
  95    month     = Feb,
  96    type      = {Blog: Observations from Uppsala},
  97    url       = {http://jakob.engbloms.se/archives/1374},
  98 }
  99
 100 @techreport{POL11,
 101    key       = {POL},
 102    title     = {Weak random number generation within virtualized
 103                 environments},
 104    institution = I_PolarSSL,
 105    year      = {2011},
 106    month     = Dec,
 107    type      = {Security Advisory},
 108    number    = {2011-02},
 109    url       = {https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02},
 110 }
 111
 112 @techreport{HAV13a,
 113    key       = {HAV},
 114    title     = {haveged -- A simple entropy daemon},
 115    year      = {2013},
 116    month     = Dec,
 117    type      = {Software Homepage},
 118    url       = {http://www.issihosts.com/haveged/},
 119    note      = {Accessed 2013-12-06},
 120 }
 121
 122 @techreport{HAV13b,
 123    key       = {HAV},
 124    title     = {haveged -- A simple entropy daemon: Runtime Testing},
 125    year      = {2013},
 126    month     = Dec,
 127    type      = {Technical Background},
 128    url       = {http://www.issihosts.com/haveged/},
 129    note      = {Accessed 2013-12-06},
 130 }
 131
 132 @book{katz2008introduction,
 133   title={Introduction to modern cryptography},
 134   author={Katz, J. and Lindell, Y.},
 135   isbn={9781584885511},
 136   lccn={2007017861},
 137   series={Chapman and Hall/CRC Cryptography and Network Security Series},
 138   url={http://books.google.at/books?id=WIc\_AQAAIAAJ},
 139   year={2008},
 140   publisher={Chapman \& Hall/CRC}
 141 }
 142
 143 @techreport{DJBSC,
 144    key       = {DJB},
 145    title     = {SafeCurves: choosing safe curves for elliptic-curve cryptography},
 146    year      = {2013},
 147    month     = Dec,
 148    type      = {Technical Background},
 149    url       = {http://safecurves.cr.yp.to/rigid.html},
 150    note      = {Accessed 2013-12-09},
 151 }
 152
 153 @techreport{Wikipedia:ExportCipher,
 154    key       = {Wikipedia:ExportCipher},
 155    title     = {Export of cryptography in the {U}nited {S}tates},
 156    institution = I_Wikipedia,
 157    year      = {2013},
 158    month     = Dec,
 159    type      = {Wikipedia},
 160    url       = {https://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States},
 161    note      = {Accessed 2013-12-09},
 162 }
 163
 164 @article{ii2011ecrypt,
 165    title     = {ECRYPT II},
 166    author    = {II, ECRYPT and SYM, D},
 167    year      = {2012},
 168    url       = {http://www.ecrypt.eu.org/documents/D.SPA.20.pdf},
 169    pages     = {79-86},
 170 }
 171
 172 @techreport{Wikipedia:Tempest,
 173    key       = {Wikipedia:Tempest},
 174    title     = {Tempest (codename)},
 175    institution = I_Wikipedia,
 176    year      = {2013},
 177    month     = Dec,
 178    type      = {Wikipedia},
 179    url       = {https://en.wikipedia.org/wiki/Tempest_(codename)},
 180    note      = {Accessed 2013-12-12},
 181 }
 182
 183 @techreport{Wikipedia:Discrete,
 184    key       = {Wikipedia:Discrete},
 185    title     = {Discrete logarithm},
 186    institution = I_Wikipedia,
 187    year      = {2013},
 188    month     = Dec,
 189    type      = {Wikipedia},
 190    url       = {https://en.wikipedia.org/wiki/Discrete_logarithm},
 191    note      = {Accessed 2013-12-12},
 192 }
 193
 194 @techreport{Wikipedia:Certificate,
 195    key       = {Wikipedia:Certificate},
 196    title     = {Certificate Policy},
 197    institution = I_Wikipedia,
 198    year      = {2013},
 199    month     = Dec,
 200    type      = {Wikipedia},
 201    url       = {https://en.wikipedia.org/wiki/Certificate_Policy},
 202    note      = {Accessed 2013-12-12},
 203 }
 204
 205 @techreport{Sch13,
 206    author    = {Bruce Schneier},
 207    title     = {The {NSA} Is Breaking Most Encryption on the Internet},
 208    year      = {2013},
 209    month     = Sep,
 210    type      = {Blog: Schneier on Security},
 211    url       = {https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html},
 212 }
 213
 214 @techreport{Sch13b,
 215    author    = {Bruce Schneier},
 216    title     = {The {NSA} Is Breaking Most Encryption on the Internet},
 217    year      = {2013},
 218    month     = Sep,
 219    type      = {Answer to Blog Comment},
 220    url       = {https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html\#c1675929},
 221 }
 222
 223 @techreport{BL13,
 224    author    = {D. J. Bernstein and Tanja Lange},
 225    title     = {Security dangers of the {NIST} curves},
 226    year      = {2013},
 227    month     = Sep,
 228    type      = {Presentation slides},
 229    url       = {http://cr.yp.to/talks/2013.09.16/slides-djb-20130916-a4.pdf},
 230 }
 231
 232 @techreport{W13,
 233    author    = {D. W.},
 234    title     = {Should we trust the {NIST}-recommended {ECC} parameters?},
 235    year      = {2013},
 236    month     = Sep,
 237    type      = {Stackexchange Question},
 238    institution = I_Stackexchange,
 239    url       = {http://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters},
 240 }
 241
 242 @inproceedings{McC90,
 243    author    = {Kevin S. McCurley},
 244    title     = {The Discrete Logarithm Problem},
 245    booktitle = {Cryptology and Computational Number Theory, } # J_AM,
 246    year      = {1990},
 247    volume    = {42},
 248    pages     = {49-74},
 249    url       = {http://www.mccurley.org/papers/dlog.pdf},
 250 }
 251
 252 @techreport{WR13,
 253    key       = {Wolfram Research, Mathworld},
 254    title     = {Elliptic Curve},
 255    year      = {2013},
 256    month     = Dec,
 257    type      = {Math Dictionary Entry},
 258    institution = I_Wolfram,
 259    url       = {http://mathworld.wolfram.com/EllipticCurve.html},
 260    note      = {Accessed 2013-12-12},
 261 }
 262
 263 @misc{yarom2013flush+,
 264   title      = {Flush+ Reload: a high resolution, low noise, L3 cache side-channel attack},
 265   author     = {Yarom, Yuval and Falkner, Katrina},
 266   year       = {2013},
 267   publisher  = {Cryptology ePrint Archive, Report 2013/448, 2013. http://eprint. iacr. org/2013/448/. 3},
 268   url        = {http://eprint.iacr.org/2013/448.pdf}
 269 }
 270
 271 @techreport{TR02102,
 272   title      = {BSI TR-02102 Kryptographische Verfahren},
 273   author     = {Bundesamt für Sicherheit in der Informationstechnik (BSI)},
 274   year       = {2013},
 275   month      = {Jan},
 276   url        = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102_pdf}
 277 }
 278
 279 @techreport{ENISA2013,
 280   title      = {ENISA - Algorithms, Key Sizes and Parameters Report},
 281   author     = {{ENISA and Vincent Rijmen, Nigel P. Smart, Bogdan warinschi, Gaven Watson}},
 282   year       = {2013},
 283   month      = {Oct},
 284   url        = {http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report},
 285 }
 286
 287 @book{anderson2008security,
 288   title      = {Security engineering},
 289   author     = {Anderson, Ross},
 290   year       = {2008},
 291   publisher  = {Wiley.com},
 292   url        = {http://www.cl.cam.ac.uk/~rja14/book.html},
 293 }
 294
 295 @misc{tschofenig-webpki,
 296   author = {{H. Tschofenig and E. Lear}},
 297   title = {{Evolving the Web Public Key Infrastructure}},
 298   howpublished = {\url{https://tools.ietf.org/html/draft-tschofenig-iab-webpki-evolution-01.txt}},
 299   year = 2013,
 300   month = Nov,
 301 }
 302
 303 @misc{diginotar-hack,
 304   author = {{Elinor Mills}},
 305   title = {{Fraudulent Google certificate points to Internet attack}},
 306   howpublished = {\url{http://news.cnet.com/8301-27080\_3-20098894-245/fraudulent-google-certificate-points-to-internet-attack/}},
 307   year = 2011,
 308   month = Aug,
 309 }
 310
 311 @misc{googlecahack,
 312   author = {{Damon Poeter}},
 313   title = {{Fake Google Certificate Puts Gmail at Risk}},
 314   howpublished = {\url{http://www.pcmag.com/article2/0,2817,2392063,00.asp}},
 315   year = 2011,
 316   month = Aug,
 317 }
 318
 319 @misc{draft-ietf-websec-key-pinning,
 320   author = {{C. Evans and C. Palmer}},
 321   title = {{Public Key Pinning Extension for HTTP}},
 322   howpublished = {\url{https://tools.ietf.org/html/draft-ietf-websec-key-pinning-09}},
 323   year = 2013,
 324   month = Nov,
 325 }
 326
 327 @misc{gocode,
 328   author = {{Adam Langley, et. al.}},
 329   title = {{Go X.509 Verification Source Code}},
 330   howpublished = {\url{https://code.google.com/p/go/source/browse/src/pkg/crypto/x509/verify.go#173}},
 331   year = 2013,
 332   month = 12,
 333 }
 334
 335 @misc{certtransparency,
 336   author = {{Adam Langley, Ben Laurie, Emilia Kasper}},
 337   title = {{Certificate Transparency}},
 338   howpublished = "\url{http://www.certificate-transparency.org}
 339                 \url{https://datatracker.ietf.org/doc/rfc6962/}",
 340   year = 2013,
 341   month = 07,
 342 }
 343
 344 @misc{snowdenGuardianGreenwald,
 345   author = {{Glenn Greenwald}},
 346   title = {{Edward Snowden: NSA whistleblower answers reader questions}},
 347   howpublished = "\url{http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower},
 348                 \url{http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower}",
 349   year = 2013,
 350   month = 07,
 351   day = 17,
 352 }
 353
 354 @InProceedings{https13,
 355         author = {Zakir Durumeric and James Kasten and Michael Bailey and J. Alex Halderman},
 356         title = {Analysis of the {HTTPS} Certificate Ecosystem},
 357         booktitle = {Proceedings of the 13th Internet Measurement Conference},
 358         month = oct,
 359         year = {2013},
 360         url = {https://jhalderm.com/pub/papers/https-imc13.pdf},
 361 }
 362
 363 @techreport{Wikipedia:TinyCA,
 364    key       = {Wikipedia:TinyCA},
 365    title     = {TinyCA},
 366    institution = I_Wikipedia,
 367    year      = {2013},
 368    month     = Dec,
 369    type      = {Wikipedia},
 370    url       = {https://en.wikipedia.org/wiki/TinyCA},
 371    note      = {Accessed 2013-12-24},
 372 }
 373
 374 @techreport{MITKrbDoc:realm_config,
 375         key = {MITKrbDoc:realm_config},
 376         title = {Realm configuration decisions},
 377         institution = I_MIT,
 378         year = {2013},
 379         type = {Documentation},
 380         url = {http://web.mit.edu/kerberos/krb5-latest/doc/admin/realm_config.html},
 381 }
 382
 383 @techreport{IETF:cat-krb-dns-locate-02,
 384         key = {IETF:cat-krb-dns-locate-02},
 385         title = {Distributing Kerberos KDC and Realm Information with DNS},
 386         institution = I_IETF,
 387         year = {2000},
 388         month = Mar,
 389         author = {Ken Hornstein and Jeffrey Altman},
 390         type = {Internet Draft},
 391         url = {https://www.ietf.org/proceedings/48/I-D/cat-krb-dns-locate-02.txt},
 392 }
 393
 394 @techreport{krb519,
 395         key = {krb519},
 396         title = {Kerberos 5 Release 1.9},
 397         institution = I_MIT,
 398         year = {2010},
 399         month = Dec,
 400         type = {Release Notes},
 401         url = {http://web.mit.edu/kerberos/krb5-1.9/},
 402 }
 403
 404 @techreport{JavaJGSS,
 405         key = {JavaJGSS},
 406         title = {Java Generic Security Services: (Java GSS) and Kerberos},
 407         institution = I_ORACLE,
 408         type = {Documentation},
 409         url = {http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/jgss-features.html},
 410 }
 411
 412 @techreport{ShishiEnctypes,
 413         key = {ShishiEnctypes},
 414         title = {GNU Shishi 1.0.2},
 415         institution = I_GNU,
 416         type = {Documentation},
 417         url = {https://www.gnu.org/software/shishi/manual/shishi.html\#Cryptographic-Overview},
 418 }
 419
 420 @techreport{AttKerbDepl,
 421         key = {AttKerbDepl},
 422         author = {Rachel Engel and Brad Hill and Scott Stender},
 423         title = {Attacking Kerberos Deployments},
 424         journal = I_BLACKHAT,
 425         year = {2010},
 426         type = {Slides},
 427         url = {https://media.blackhat.com/bh-us-10/presentations/Stender_Engel_Hill/BlackHat-USA-2010-Stender-Engel-Hill-Attacking-Kerberos-Deployments-slides.pdf},
 428 }