src/security.bib

   1 @string {J_AM =
   2     {\hyperref{http://stackexchange.com/}{}{}{Proceedings}
   3      \hyperref{http://stackexchange.com/}{}{}{of}
   4      \hyperref{http://stackexchange.com/}{}{}{Symposia}
   5      \hyperref{http://stackexchange.com/}{}{}{in}
   6      \hyperref{http://stackexchange.com/}{}{}{Applied}
   7      \hyperref{http://stackexchange.com/}{}{}{Mathematics}}
   8 }
   9 @string {I_PolarSSL =
  10     {\hyperref{http://polarssl.org/}{}{}{PolarSSL}}
  11 }
  12 @string {I_Stackexchange =
  13     {\hyperref{http://stackexchange.com/}{}{}{Stackexchange}
  14      \hyperref{http://stackexchange.com/}{}{}{Q\&A}
  15      \hyperref{http://stackexchange.com/}{}{}{Site}}
  16 }
  17 @string {I_Wikipedia =
  18     {\hyperref{http://wikipedia.org/}{}{}{Wikipedia}}
  19 }
  20 @string {I_Wolfram =
  21     {\hyperref{http://mathworld.wolfram.com/}{}{}{Wolfram}
  22      \hyperref{http://mathworld.wolfram.com/}{}{}{Research}
  23      \hyperref{http://mathworld.wolfram.com/}{}{}{Mathworld}}
  24 }
  25 @string {J_TOMACS =
  26     {\hyperref{http://tomacs.acm.org/}{}{}{ACM}
  27      \hyperref{http://tomacs.acm.org/}{}{}{Transactions}
  28      \hyperref{http://tomacs.acm.org/}{}{}{on}
  29      \hyperref{http://tomacs.acm.org/}{}{}{Modeling}
  30      \hyperref{http://tomacs.acm.org/}{}{}{and}
  31      \hyperref{http://tomacs.acm.org/}{}{}{Computer}
  32      \hyperref{http://tomacs.acm.org/}{}{}{Simulation}}
  33 }
  34
  35 @inproceedings{HDWH12,
  36    author    = {Nadia Heninger and Zakir Durumeric and Eric Wustrow
  37                 and J. Alex Halderman},
  38    title     = {Mining Your {P}s and {Q}s: {D}etection of Widespread Weak Keys
  39                 in Network Devices},
  40   booktitle  = {Proceedings of the 21st {USENIX} Security Symposium},
  41   month      = aug,
  42   year       = {2012},
  43   url        = {https://factorable.net/weakkeys12.extended.pdf},
  44 }
  45
  46 @techreport{Wikipedia:/dev/random,
  47    key       = {Wikipedia:/dev/random},
  48    title     = {/dev/random},
  49    institution = I_Wikipedia,
  50    year      = {2013},
  51    month     = Dec,
  52    type      = {Wikipedia},
  53    url       = {http://en.wikipedia.org/wiki/dev/random},
  54    note      = {Accessed 2013-12-06},
  55 }
  56
  57 @article{SS03,
  58    author    = {A. Seznec and N. Sendrier},
  59    title     = {{HAVEGE}: a user-level software heuristic for generating
  60                 empirically strong random numbers},
  61    journal   = J_TOMACS,
  62    year      = {2003},
  63    volume    = {13},
  64    number    = {4},
  65    month     = Oct,
  66    pages     = {334-346},
  67    url       = {http://www.irisa.fr/caps/projects/hipsor/scripts/down.php?id=13781296&ext=.pdf},
  68 }
  69
  70 @techreport{Eng11,
  71    author    = {Jakob Engblom},
  72    title     = {Evaluating {HAVEGE} Randomness},
  73    year      = {2011},
  74    month     = Feb,
  75    type      = {Blog: Observations from Uppsala},
  76    url       = {http://jakob.engbloms.se/archives/1374},
  77 }
  78
  79 @techreport{POL11,
  80    key       = {POL},
  81    title     = {Weak random number generation within virtualized
  82                 environments},
  83    institution = I_PolarSSL,
  84    year      = {2011},
  85    month     = Dec,
  86    type      = {Security Advisory},
  87    number    = {2011-02},
  88    url       = {https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02},
  89 }
  90
  91 @techreport{HAV13a,
  92    key       = {HAV},
  93    title     = {haveged -- A simple entropy daemon},
  94    year      = {2013},
  95    month     = Dec,
  96    type      = {Software Homepage},
  97    url       = {http://www.issihosts.com/haveged/},
  98    note      = {Accessed 2013-12-06},
  99 }
 100
 101 @techreport{HAV13b,
 102    key       = {HAV},
 103    title     = {haveged -- A simple entropy daemon: Runtime Testing},
 104    year      = {2013},
 105    month     = Dec,
 106    type      = {Technical Background},
 107    url       = {http://www.issihosts.com/haveged/},
 108    note      = {Accessed 2013-12-06},
 109 }
 110
 111 @book{katz2008introduction,
 112   title={Introduction to modern cryptography},
 113   author={Katz, J. and Lindell, Y.},
 114   isbn={9781584885511},
 115   lccn={2007017861},
 116   series={Chapman and Hall/CRC Cryptography and Network Security Series},
 117   url={http://books.google.at/books?id=WIc\_AQAAIAAJ},
 118   year={2008},
 119   publisher={Chapman \& Hall/CRC}
 120 }
 121
 122 @techreport{DJBSC,
 123    key       = {DJB},
 124    title     = {SafeCurves: choosing safe curves for elliptic-curve cryptography},
 125    year      = {2013},
 126    month     = Dec,
 127    type      = {Technical Background},
 128    url       = {http://safecurves.cr.yp.to/rigid.html},
 129    note      = {Accessed 2013-12-09},
 130 }
 131
 132 @techreport{Wikipedia:ExportCipher,
 133    key       = {Wikipedia:ExportCipher},
 134    title     = {Export of cryptography in the {U}nited {S}tates},
 135    institution = I_Wikipedia,
 136    year      = {2013},
 137    month     = Dec,
 138    type      = {Wikipedia},
 139    url       = {http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States},
 140    note      = {Accessed 2013-12-09},
 141 }
 142
 143 @article{ii2011ecrypt,
 144    title     = {ECRYPT II},
 145    author    = {II, ECRYPT and SYM, D},
 146    year      = {2012},
 147    url       = {http://www.ecrypt.eu.org/documents/D.SPA.20.pdf},
 148    pages     = {79-86},
 149 }
 150
 151 @techreport{Wikipedia:Tempest,
 152    key       = {Wikipedia:Tempest},
 153    title     = {Tempest (codename)},
 154    institution = I_Wikipedia,
 155    year      = {2013},
 156    month     = Dec,
 157    type      = {Wikipedia},
 158    url       = {https://en.wikipedia.org/wiki/Tempest_(codename)},
 159    note      = {Accessed 2013-12-12},
 160 }
 161
 162 @techreport{Wikipedia:Discrete,
 163    key       = {Wikipedia:Discrete},
 164    title     = {Discrete logarithm},
 165    institution = I_Wikipedia,
 166    year      = {2013},
 167    month     = Dec,
 168    type      = {Wikipedia},
 169    url       = {https://en.wikipedia.org/wiki/Discrete_logarithm},
 170    note      = {Accessed 2013-12-12},
 171 }
 172
 173 @techreport{Wikipedia:Certificate,
 174    key       = {Wikipedia:Certificate},
 175    title     = {Certificate Policy},
 176    institution = I_Wikipedia,
 177    year      = {2013},
 178    month     = Dec,
 179    type      = {Wikipedia},
 180    url       = {https://en.wikipedia.org/wiki/Certificate_Policy},
 181    note      = {Accessed 2013-12-12},
 182 }
 183
 184 @techreport{Sch13,
 185    author    = {Bruce Schneier},
 186    title     = {The {NSA} Is Breaking Most Encryption on the Internet},
 187    year      = {2013},
 188    month     = Sep,
 189    type      = {Blog: Schneier on Security},
 190    url       = {https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html},
 191 }
 192
 193 @techreport{Sch13b,
 194    author    = {Bruce Schneier},
 195    title     = {The {NSA} Is Breaking Most Encryption on the Internet},
 196    year      = {2013},
 197    month     = Sep,
 198    type      = {Answer to Blog Comment},
 199    url       = {https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html\#c1675929},
 200 }
 201
 202 @techreport{BL13,
 203    author    = {D. J. Bernstein and Tanja Lange},
 204    title     = {Security dangers of the {NIST} curves},
 205    year      = {2013},
 206    month     = Sep,
 207    type      = {Presentation slides},
 208    url       = {http://cr.yp.to/talks/2013.09.16/slides-djb-20130916-a4.pdf},
 209 }
 210
 211 @techreport{W13,
 212    author    = {D. W.},
 213    title     = {Should we trust the {NIST}-recommended {ECC} parameters?},
 214    year      = {2013},
 215    month     = Sep,
 216    type      = {Stackexchange Question},
 217    institution = I_Stackexchange,
 218    url       = {http://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters},
 219 }
 220
 221 @inproceedings{McC90,
 222    author    = {Kevin S. McCurley},
 223    title     = {The Discrete Logarithm Problem},
 224    booktitle = {Cryptology and Computational Number Theory, } # J_AM,
 225    year      = {1990},
 226    volume    = {42},
 227    pages     = {49-74},
 228    url       = {http://www.mccurley.org/papers/dlog.pdf},
 229 }
 230
 231 @techreport{WR13,
 232    key       = {Wolfram Research, Mathworld},
 233    title     = {Elliptic Curve},
 234    year      = {2013},
 235    month     = Dec,
 236    type      = {Math Dictionary Entry},
 237    institution = I_Wolfram,
 238    url       = {http://mathworld.wolfram.com/EllipticCurve.html},
 239    note      = {Accessed 2013-12-12},
 240 }
 241
 242 @misc{yarom2013flush+,
 243   title      = {Flush+ Reload: a high resolution, low noise, L3 cache side-channel attack},
 244   author     = {Yarom, Yuval and Falkner, Katrina},
 245   year       = {2013},
 246   publisher  = {Cryptology ePrint Archive, Report 2013/448, 2013. http://eprint. iacr. org/2013/448/. 3},
 247   url        = {http://eprint.iacr.org/2013/448.pdf}
 248 }
 249
 250 @techreport{TR02102,
 251   title      = {BSI TR-02102 Kryptographische Verfahren},
 252   author     = {Bundesamt f\"ur Sicherheit in der Informationstechnik (BSI)},
 253   year       = {2013},
 254   month      = {Jan},
 255   url        = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102_pdf}
 256 }
 257
 258 @techreport{ENISA2013,
 259   title      = {ENISA - Algorithms, Key Sizes and Parameters Report},
 260   author     = {{ENISA and Vincent Rijmen, Nigel P. Smart, Bogdan warinschi, Gaven Watson}},
 261   year       = {2013},
 262   month      = {Oct},
 263   url        = {http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report},
 264 }
 265
 266 @book{anderson2008security,
 267   title      = {Security engineering},
 268   author     = {Anderson, Ross},
 269   year       = {2008},
 270   publisher  = {Wiley.com},
 271   url        = {http://www.cl.cam.ac.uk/~rja14/book.html},
 272 }
 273
 274 @misc{tschofenig-webpki,
 275   author = {{H. Tschofenig and E. Lear}},
 276   title = {{Evolving the Web Public Key Infrastructure}},
 277   howpublished = {\url{http://tools.ietf.org/html/draft-tschofenig-iab-webpki-evolution-01.txt}},
 278   year = 2013,
 279   month = Nov,
 280 }
 281
 282 @misc{diginotar-hack,
 283   author = {{Elinor Mills}},
 284   title = {{Fraudulent Google certificate points to Internet attack}},
 285   howpublished = {\url{http://news.cnet.com/8301-27080\_3-20098894-245/fraudulent-google-certificate-points-to-internet-attack/}},
 286   year = 2011,
 287   month = Aug,
 288 }
 289
 290 @misc{googlecahack,
 291   author = {{Damon Poeter}},
 292   title = {{Fake Google Certificate Puts Gmail at Risk}},
 293   howpublished = {\url{http://www.pcmag.com/article2/0,2817,2392063,00.asp}},
 294   year = 2011,
 295   month = Aug,
 296 }
 297
 298 @misc{draft-ietf-websec-key-pinning,
 299   author = {{C. Evans and C. Palmer}},
 300   title = {{Public Key Pinning Extension for HTTP}},
 301   howpublished = {\url{http://tools.ietf.org/html/draft-ietf-websec-key-pinning-09}},
 302   year = 2013,
 303   month = Nov,
 304 }
 305
 306 @misc{gocode,
 307   author = {{Adam Langley, et. al.}},
 308   title = {{Go X.509 Verification Source Code}},
 309   howpublished = {\url{https://code.google.com/p/go/source/browse/src/pkg/crypto/x509/verify.go#173}},
 310   year = 2013,
 311   month = 12,
 312 }
 313
 314 @misc{certtransparency,
 315   author = {{Adam Langley, Ben Laurie, Emilia Kasper}},
 316   title = {{Certificate Transparency}},
 317   howpublished = "\url{http://www.certificate-transparency.org}
 318                 \url{http://datatracker.ietf.org/doc/rfc6962/}",
 319   year = 2013,
 320   month = 07,
 321 }
 322
 323 @misc{snowdenGuardianGreenwald,
 324   author = {{Glenn Greenwald}},
 325   title = {{Edward Snowden: NSA whistleblower answers reader questions}},
 326   howpublished = "\url{http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower},
 327                 \url{http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower}",
 328   year = 2013,
 329   month = 07,
 330   day = 17,
 331 }
 332
 333 @InProceedings{https13,
 334         author = {Zakir Durumeric and James Kasten and Michael Bailey and J. Alex Halderman},
 335         title = {Analysis of the {HTTPS} Certificate Ecosystem},
 336         booktitle = {Proceedings of the 13th Internet Measurement Conference},
 337         month = oct,
 338         year = {2013},
 339         url = {https://jhalderm.com/pub/papers/https-imc13.pdf},
 340 }
 341
 342 @techreport{Wikipedia:TinyCA,
 343    key       = {Wikipedia:TinyCA},
 344    title     = {TinyCA},
 345    institution = I_Wikipedia,
 346    year      = {2013},
 347    month     = Dec,
 348    type      = {Wikipedia},
 349    url       = {http://en.wikipedia.org/wiki/TinyCA},
 350    note      = {Accessed 2013-12-24},
 351 }
 352