2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements
暂无分享,去创建一个
[1] Eric Rescorla,et al. Transport Layer Security (TLS) Renegotiation Indication Extension , 2010, RFC.
[2] Ahmad-Reza Sadeghi,et al. Provably secure browser-based user-aware mutual authentication over TLS , 2008, ASIACCS '08.
[3] A. Porter. Phishing on Mobile Devices , 2011 .
[4] Donald E. Eastlake,et al. Transport Layer Security (TLS) Extensions: Extension Definitions , 2011, RFC.
[5] Marc Stevens,et al. Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate , 2009, CRYPTO.
[6] Lawrence C. Paulson,et al. Inductive analysis of the Internet protocol TLS , 1999, TSEC.
[7] Robin Sommer,et al. Revisiting SSL : A Large-Scale Study of the Internet ' s Most Trusted Protocol , 2012 .
[8] Hugo Krawczyk,et al. Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..
[9] Georg Carle,et al. The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements , 2011, IMC '11.
[10] Daniel Bleichenbacher,et al. Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.
[11] Eric Rescorla,et al. Deploying a New Hash Algorithm , 2006, NDSS.
[12] Eric Rescorla,et al. SSL and TLS: Designing and Building Secure Systems , 2000 .
[13] Desney S. Tan,et al. An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks , 2007, Financial Cryptography.
[14] Bernd Freisleben,et al. Why eve and mallory love android: an analysis of android SSL (in)security , 2012, CCS.
[15] Elaine B. Barker,et al. SP 800-131A. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths , 2011 .
[16] Robert Biddle,et al. Exploring User Reactions to New Browser Cues for Extended Validation Certificates , 2008, ESORICS.
[17] Sid Stamm,et al. Certified Lies: Detecting and Defeating Government Interception Attacks against SSL (Short Paper) , 2011, Financial Cryptography.
[18] Patrick Traynor,et al. Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road? , 2012, ISC.
[19] Ahmad-Reza Sadeghi,et al. Universally Composable Security Analysis of TLS , 2008, ProvSec.
[20] Onur Aciiçmez,et al. Improving Brumley and Boneh timing attack on unprotected SSL implementations , 2005, CCS '05.
[21] Gregory V. Bard,et al. A Challenging but Feasible Blockwise-Adaptive Chosen-Plaintext Attack on SSL , 2006, SECRYPT.
[22] David Brumley,et al. Remote timing attacks are practical , 2003, Comput. Networks.
[23] Douglas Stebila,et al. Reinforcing bad behaviour: the misuse of security indicators on popular websites , 2010, OZCHI '10.
[24] C. Jackson. Beware of Finer-Grained Origins , 2008 .
[25] Vitaly Shmatikov,et al. Finite-State Analysis of SSL 3.0 , 1998, USENIX Security Symposium.
[26] OppligerRolf,et al. SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle , 2006 .
[27] Kirstie Hawkey,et al. On the challenges in usable security lab studies: lessons learned from replicating a study on SSL warnings , 2011, SOUPS.
[28] J. Doug Tygar,et al. The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.
[29] Helen Nissenbaum,et al. Users' conceptions of web security: a comparative study , 2002, CHI Extended Abstracts.
[30] Marti A. Hearst,et al. Why phishing works , 2006, CHI.
[31] Margot Brereton,et al. Ceremony Analysis: Strengths and Weaknesses , 2011, SEC.
[32] Kori Inkpen Quinn,et al. Gathering evidence: use of visual security cues in web browsers , 2005, Graphics Interface.
[33] Paul E. Hoffman,et al. The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA , 2012, RFC.
[34] Serge Vaudenay,et al. Password Interception in a SSL/TLS Channel , 2003, CRYPTO.
[35] Dan S. Wallach,et al. Web Spoofing: An Internet Con Game , 1997 .
[36] Michael Myers. Revocation: Options and Challenges , 1998, Financial Cryptography.
[37] Frederik Vercauteren,et al. A cross-protocol attack on the TLS protocol , 2012, CCS.
[38] Cédric Fournet,et al. Cryptographically verified implementations for TLS , 2008, CCS.
[39] Stuart E. Schechter,et al. Web Sites Should Not Need to Rely On Users to Secure Communications , 2006 .
[40] Chris Palmer,et al. Public Key Pinning Extension for HTTP , 2015, RFC.
[41] David Ahmad. Two Years of Broken Crypto: Debian's Dress Rehearsal for a Global PKI Compromise , 2008, IEEE Security & Privacy.
[42] Erich M. Nahum,et al. Cryptographic strength of ssl/tls servers: current and recent practices , 2007, IMC '07.
[43] David Naccache,et al. Cut-&-Paste Attacks with JAVA , 2002, ICISC.
[44] Bruce Schneier,et al. Analysis of the SSL 3.0 protocol , 1996 .
[45] Mihir Bellare,et al. A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.
[46] Jakob Jonsson,et al. On the Security of RSA Encryption in TLS , 2002, CRYPTO.
[47] Eric Rescorla. Stone Knives and Bear Skins: Why Does the Internet Run on Pre-historic Cryptography? , 2011, INDOCRYPT.
[48] John C. Mitchell,et al. A modular correctness proof of IEEE 802.11i and TLS , 2005, CCS '05.
[49] Hugo Krawczyk,et al. The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?) , 2001, CRYPTO.
[50] Hovav Shacham,et al. When private keys are public: results from the 2008 Debian OpenSSL vulnerability , 2009, IMC '09.
[51] Len Sassaman,et al. PKI Layer Cake: New Collision Attacks against the Global X.509 Infrastructure , 2010, Financial Cryptography.
[52] Adrian Perrig,et al. Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.
[53] Dongwan Shin,et al. An empirical study of visual security cues to prevent the SSLstripping attack , 2011, ACSAC '11.
[54] A. Ornaghi,et al. Man in the middle attacks Demos , 2003 .
[55] David A. Wagner,et al. Conditioned-safe ceremonies and a user study of an application to web authentication , 2009, NDSS.
[56] Rolf Oppliger,et al. SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle , 2006, Comput. Commun..
[57] Serge Vaudenay,et al. Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.
[58] Yvo Desmedt. Man-in-the-Middle Attack , 2005, Encyclopedia of Cryptography and Security.
[59] Jeff Hodges,et al. HTTP Strict Transport Security (HSTS) , 2012, RFC.
[60] C. Jackson,et al. Towards Short-Lived Certificates , 2012 .
[61] Jörg Schwenk,et al. Visual Spoofing of SSL Protected Web Sites and Effective Countermeasures , 2005, ISPEC.
[62] Alexander Sotirov,et al. Sub-Prime PKI: Attacking Extended Validation SSL , 2009 .
[63] Rolf Oppliger,et al. SSL/TLS Session-Aware User Authentication , 2008, Computer.
[64] Paul C. van Oorschot,et al. Parallel Collision Search with Cryptanalytic Applications , 2013, Journal of Cryptology.
[65] Gregory V. Bard,et al. The Vulnerability of SSL to Chosen Plaintext Attack , 2004, IACR Cryptol. ePrint Arch..
[66] Vitaly Shmatikov,et al. The most dangerous code in the world: validating SSL certificates in non-browser software , 2012, CCS.
[67] Elaine B. Barker,et al. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths , 2011 .
[68] Eric Wustrow,et al. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices , 2012, USENIX Security Symposium.
[69] Tibor Jager,et al. On the Security of TLS-DHE in the Standard Model , 2012, CRYPTO.
[70] Angelos D. Keromytis,et al. DoubleCheck: Multi-path verification against man-in-the-middle attacks , 2009, 2009 IEEE Symposium on Computers and Communications.
[71] Kenneth G. Paterson,et al. Lucky Thirteen: Breaking the TLS and DTLS Record Protocols , 2013, 2013 IEEE Symposium on Security and Privacy.
[72] Barbara Fox,et al. Certificate Recocation: Mechanics and Meaning , 1998, Financial Cryptography.
[73] Sid Stamm,et al. Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL , 2010 .
[74] Frank Stajano,et al. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes , 2012, 2012 IEEE Symposium on Security and Privacy.
[75] Julien Freudiger,et al. The Inconvenient Truth about Web Certificates , 2011, WEIS.
[76] Sean W. Smith,et al. Trusted paths for browsers , 2002, TSEC.
[77] Adam Langley. Beyond the Basics of HTTPS Serving , 2011, login Usenix Mag..
[78] Ronald L. Rivest,et al. Can We Eliminate Certificate Revocations Lists? , 1998, Financial Cryptography.
[79] Jeff Jarmoc,et al. SSL/TLS Interception Proxies and Transitive Trust , 2012 .
[80] Douglas Stebila,et al. On the security of TLS renegotiation , 2013, IACR Cryptol. ePrint Arch..
[81] Patrick Traynor,et al. Trust No One Else: Detecting MITM Attacks against SSL/TLS without Third-Parties , 2012, ESORICS.
[82] Steve Hanna,et al. Building Certifications Paths: Forward vs. Reverse , 2001, NDSS.
[83] Arjen K. Lenstra,et al. Public Keys , 2012, CRYPTO.
[84] Dan S. Wallach,et al. Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web , 2012, USENIX Security Symposium.
[85] Phillip M. Hallam-Baker,et al. DNS Certification Authority Authorization (CAA) Resource Record , 2019, RFC.
[86] Bogdan Warinschi,et al. A Modular Security Analysis of the TLS Handshake Protocol , 2008, ASIACRYPT.
[87] Ian Goldberg,et al. Randomness and the Netscape browser , 1996 .
[88] Marc Stevens,et al. Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities , 2007, EUROCRYPT.
[89] Helen J. Wang,et al. The Multi-Principal OS Construction of the Gazelle Web Browser , 2009, USENIX Security Symposium.
[90] Adrian Perrig,et al. Phoolproof Phishing Prevention , 2006, Financial Cryptography.
[91] Billy Bob Brumley,et al. Remote Timing Attacks Are Still Practical , 2011, ESORICS.
[92] John Kelsey. Compression and Information Leakage of Plaintext , 2002, FSE.
[93] Stuart E. Schechter,et al. The Emperor's New Security Indicators An evaluation of website authentication and the effect of role playing on usability studies † , 2007 .
[94] Lorrie Faith Cranor,et al. Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.
[95] Collin Jackson,et al. Forcehttps: protecting high-security web sites from network attacks , 2008, WWW.
[96] Carl M. Ellison,et al. Ceremony Design and Analysis , 2007, IACR Cryptol. ePrint Arch..
[97] Vitaly Shmatikov,et al. The Hitchhiker's Guide to DNS Cache Poisoning , 2010, SecureComm.