Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
-
爱吃猫的鱼1于 2021年9月28日 18:11
Jörg Schwenk | Damian Poddebniak | Juraj Somorovsky | Sebastian Schinzel | Jens Müller | Simon Friedberger | Christian Dresen | Fabian Ising | D. Poddebniak | Christian Dresen | Jens Müller | Fabian Ising | Sebastian Schinzel | Simon Friedberger | Juraj Somorovsky | Jörg Schwenk | Simon J. Friedberger
[1] Nathaniel S. Borenstein,et al. Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies , 1996, RFC.
[2] Peter Deutsch,et al. DEFLATE Compressed Data Format Specification version 1.3 , 1996, RFC.
[3] Jon Callas,et al. OpenPGP Message Format , 1998, RFC.
[4] Jonathan Katz,et al. A Chosen Ciphertext Attack Against Several E-Mail Encryption Protocols , 2000, USENIX Security Symposium.
[5] Gordon Good,et al. The LDAP Data Interchange Format (LDIF) - Technical Specification , 2000, RFC.
[6] Don Davis,et al. Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML , 2001, USENIX Annual Technical Conference, General Track.
[7] Peter W. Resnick,et al. Internet Message Format , 2001, RFC.
[8] Donald Davis. Sender Authentication and the Surreptitious Forwarding Attack in CMS and S/MIME , 2001 .
[9] Jonathan Katz,et al. Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG , 2002, ISC.
[10] Russ Housley,et al. Cryptographic Message Syntax (CMS) , 2002, RFC.
[11] Serge Vaudenay,et al. Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.
[12] David Shaw,et al. The OpenPGP HTTP Keyserver Protocol (HKP) , 2003 .
[13] Kenneth G. Paterson,et al. Padding Oracle Attacks on the ISO CBC Mode Encryption Standard , 2004, CT-RSA.
[14] Chris J. Mitchell,et al. Error Oracle Attacks on CBC Mode: Is There a Future for CBC Mode Encryption? , 2005, ISC.
[15] Clemens Fruhwirth,et al. New Methods in Hard Disk Encryption , 2005 .
[16] Robert J. Zuccherato,et al. An Attack on CFB Mode Encryption as Used by OpenPGP , 2005, Selected Areas in Cryptography.
[17] Russ Housley,et al. Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type , 2007, RFC.
[18] Kenneth G. Paterson,et al. Attacking the IPsec Standards in Encryption-only Configurations , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).
[19] Dan Harkins,et al. Synthetic Initialization Vector (SIV) Authenticated Encryption Using the Advanced Encryption Standard (AES) , 2008, RFC.
[20] Kenneth G. Paterson,et al. Plaintext Recovery Attacks against SSH , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[21] Blake Ramsdell,et al. Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification , 2010, RFC.
[22] Kenneth G. Paterson,et al. On the (in)security of IPsec in MAC-then-encrypt configurations , 2010, CCS '10.
[23] Thai Duong,et al. Practical Padding Oracle Attacks , 2010, WOOT.
[24] Tibor Jager,et al. How to break XML encryption , 2011, CCS '11.
[25] Kenneth G. Paterson,et al. One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography , 2013, NDSS.
[26] Kenneth G. Paterson,et al. Lucky Thirteen: Breaking the TLS and DTLS Record Protocols , 2013, 2013 IEEE Symposium on Security and Privacy.
[27] Stefan Savage,et al. Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild , 2014, Internet Measurement Conference.
[28] Gorka Irazoqui Apecechea,et al. Lucky 13 Strikes Back , 2015, AsiaCCS.
[29] Bryan Ford. Modernizing the OpenPGP Message Format , 2015 .
[30] Kenneth G. Paterson,et al. Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS , 2016, EUROCRYPT.
[31] Juraj Somorovsky,et al. Systematic Fuzzing and Testing of TLS Libraries , 2016, CCS.
[32] Kenneth G. Paterson,et al. A Surfeit of SSH Cipher Suites , 2016, CCS.
[33] Paul Wouters,et al. DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP , 2016, RFC.