# Key Exchange Protocols @inproceedings{cremers2011examining, title={Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK}, author={Cremers, Cas}, booktitle={Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security}, pages={80--91}, year={2011}, organization={ACM} } @article{needham1978using, title={Using encryption for authentication in large networks of computers}, author={Needham, Roger M and Schroeder, Michael D}, journal={Communications of the ACM}, volume={21}, number={12}, pages={993--999}, year={1978}, publisher={ACM} } @article{dolev1983security, title={On the security of public key protocols}, author={Dolev, Danny and Yao, Andrew}, journal={IEEE Transactions on information theory}, volume={29}, number={2}, pages={198--208}, year={1983}, publisher={IEEE} } @inproceedings{gajek2008universally, title={Universally composable security analysis of TLS}, author={Gajek, Sebastian and Manulis, Mark and Pereira, Olivier and Sadeghi, Ahmad-Reza and Schwenk, J{\"o}rg}, booktitle={International Conference on Provable Security}, pages={313--327}, year={2008}, organization={Springer} } @inproceedings{krawczyk2016unilateral, title={A unilateral-to-mutual authentication compiler for key exchange (with applications to client authentication in tls 1.3)}, author={Krawczyk, Hugo}, booktitle={Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security}, pages={1438--1450}, year={2016}, organization={ACM} } @inproceedings{mitchell1998finite, title={Finite-State Analysis of SSL 3.0.}, author={Mitchell, John C and Shmatikov, Vitaly and Stern, Ulrich}, booktitle={USENIX Security Symposium}, pages={201--216}, year={1998} } @inproceedings{wagner1996analysis, title={Analysis of the SSL 3.0 protocol}, author={Wagner, David and Schneier, Bruce and others}, booktitle={The Second USENIX Workshop on Electronic Commerce Proceedings}, volume={1}, number={1}, pages={29--40}, year={1996} } @article{dowlingcryptographic, title={A Cryptographic Analysis of the WireGuard Protocol}, author={Dowling, Benjamin and Paterson, Kenneth G} } @article{kusters2017framework, title={A Framework for Universally Composable Diffie-Hellman Key Exchange.}, author={K{\"u}sters, Ralf and Rausch, Daniel}, journal={IACR Cryptology ePrint Archive}, volume={2017}, pages={256}, year={2017} } @inproceedings{boyd2016stateless, title={From stateless to stateful: Generic authentication and authenticated encryption constructions with application to TLS}, author={Boyd, Colin and Hale, Britta and Mj{\o}lsnes, Stig Frode and Stebila, Douglas}, booktitle={Cryptographers’ Track at the RSA Conference}, pages={55--71}, year={2016}, organization={Springer} } @inproceedings{krawczyk2001order, title={The order of encryption and authentication for protecting communications (or: How secure is SSL?)}, author={Krawczyk, Hugo}, booktitle={Advances in Cryptology—CRYPTO 2001}, pages={310--331}, year={2001}, organization={Springer} } @inproceedings{kudla2005modular, title={Modular security proofs for key agreement protocols}, author={Kudla, Caroline and Paterson, Kenneth G}, booktitle={International Conference on the Theory and Application of Cryptology and Information Security}, pages={549--565}, year={2005}, organization={Springer} } @article{brzuska2013less, title={Less is more: Relaxed yet composable security notions for key exchange}, author={Brzuska, Christina and Fischlin, Marc and Smart, Nigel P and Warinschi, Bogdan and Williams, Stephen C}, journal={International Journal of Information Security}, volume={12}, number={4}, pages={267--297}, year={2013}, publisher={Springer} } @inproceedings{boyd2013asics, title={ASICS: Authenticated key exchange security incorporating certification systems}, author={Boyd, Colin and Cremers, Cas and Feltz, Michele and Paterson, Kenneth G and Poettering, Bertram and Stebila, Douglas}, booktitle={European Symposium on Research in Computer Security}, pages={381--399}, year={2013}, organization={Springer} } @phdthesis{brzuska2013foundations, title={On the foundations of key exchange}, author={Brzuska, Christina}, year={2013}, school={Technische Universit{\"a}t} } @inproceedings{bellare1993entity, title={Entity Authentication and Key Distribution.}, author={Bellare, Mihir and Rogaway, Phillip}, booktitle={Crypto}, volume={93}, pages={232--249}, year={1993}, organization={Springer} } @article{cremers2015beyond, title={Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal}, author={Cremers, Cas and Feltz, Michele}, journal={Designs, Codes and Cryptography}, volume={74}, number={1}, pages={183--218}, year={2015}, publisher={Springer} } @article{law2003efficient, title={An efficient protocol for authenticated key agreement}, author={Law, Laurie and Menezes, Alfred and Qu, Minghua and Solinas, Jerry and Vanstone, Scott}, journal={Designs, Codes and Cryptography}, volume={28}, number={2}, pages={119--134}, year={2003}, publisher={Springer} } @inproceedings{bellare1995provably, title={Provably secure session key distribution: the three party case}, author={Bellare, Mihir and Rogaway, Phillip}, booktitle={Proceedings of the twenty-seventh annual ACM symposium on Theory of computing}, pages={57--66}, year={1995}, organization={ACM} } @inproceedings{krawczyk2016optls, title={The OPTLS protocol and TLS 1.3}, author={Krawczyk, Hugo and Wee, Hoeteck}, booktitle={Security and Privacy (EuroS\&P), 2016 IEEE European Symposium on}, pages={81--96}, year={2016}, organization={IEEE} } @inproceedings{cremers2016automated, title={Automated analysis and verification of TLS 1.3: 0-RTT, resumption and delayed authentication}, author={Cremers, Cas and Horvat, Marko and Scott, Sam and van der Merwe, Thyla}, booktitle={Security and Privacy (SP), 2016 IEEE Symposium on}, pages={470--485}, year={2016}, organization={IEEE} } @article{dowling2016cryptographic, title={A Cryptographic Analysis of the TLS 1.3 draft-10 Full and Pre-shared Key Handshake Protocol.}, author={Dowling, Benjamin and Fischlin, Marc and G{\"u}nther, Felix and Stebila, Douglas}, journal={IACR Cryptology ePrint Archive}, volume={2016}, pages={81}, year={2016} } @inproceedings{zhao2016identity, title={Identity-Concealed Authenticated Encryption and Key Exchange}, author={Zhao, Yunlei}, booktitle={Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security}, pages={1464--1479}, year={2016}, organization={ACM} } @inproceedings{krawczyk2003sigma, title={SIGMA: The ‘SIGn-and-MAc’approach to authenticated Diffie-Hellman and its use in the IKE protocols}, author={Krawczyk, Hugo}, booktitle={Annual International Cryptology Conference}, pages={400--425}, year={2003}, organization={Springer} } @inproceedings{krawczyk2005hmqv, title={HMQV: A high-performance secure Diffie-Hellman protocol}, author={Krawczyk, Hugo}, booktitle={Annual International Cryptology Conference}, pages={546--566}, year={2005}, organization={Springer} } @inproceedings{he2005modular, title={A modular correctness proof of IEEE 802.11 i and TLS}, author={He, Changhua and Sundararajan, Mukund and Datta, Anupam and Derek, Ante and Mitchell, John C}, booktitle={Proceedings of the 12th ACM conference on Computer and communications security}, pages={2--15}, year={2005}, organization={ACM} } @article{aiello2004just, title={Just fast keying: Key agreement in a hostile internet}, author={Aiello, William and Bellovin, Steven M and Blaze, Matt and Canetti, Ran and Ioannidis, John and Keromytis, Angelos D and Reingold, Omer}, journal={ACM Transactions on Information and System Security (TISSEC)}, volume={7}, number={2}, pages={242--273}, year={2004}, publisher={ACM} } @inproceedings{boyd2004key, title={Key agreement using statically keyed authenticators}, author={Boyd, Colin and Mao, Wenbo and Paterson, Kenneth G}, booktitle={International Conference on Applied Cryptography and Network Security}, pages={248--262}, year={2004}, organization={Springer} } @article{menezes2007another, title={Another look at HMQV}, author={Menezes, Alfred}, journal={Mathematical Cryptology JMC}, volume={1}, number={1}, pages={47--64}, year={2007} } @inproceedings{lamacchia2007stronger, title={Stronger security of authenticated key exchange}, author={LaMacchia, Brian and Lauter, Kristin and Mityagin, Anton}, booktitle={International Conference on Provable Security}, pages={1--16}, year={2007}, organization={Springer} } @inproceedings{bos2015post, title={Post-quantum key exchange for the TLS protocol from the ring learning with errors problem}, author={Bos, Joppe W and Costello, Craig and Naehrig, Michael and Stebila, Douglas}, booktitle={Security and Privacy (SP), 2015 IEEE Symposium on}, pages={553--570}, year={2015}, organization={IEEE} } @inproceedings{di2006deniable, title={Deniable authentication and key exchange}, author={Di Raimondo, Mario and Gennaro, Rosario and Krawczyk, Hugo}, booktitle={Proceedings of the 13th ACM conference on Computer and communications security}, pages={400--409}, year={2006}, organization={ACM} } @inproceedings{choo2005session, title={On session key construction in provably-secure key establishment protocols}, author={Choo, Kim-Kwang Raymond and Boyd, Colin and Hitchcock, Yvonne}, booktitle={International Conference on Cryptology in Malaysia}, pages={116--131}, year={2005}, organization={Springer} } @article{goldberg2012anonymity, title={Anonymity and one-way authentication in key exchange protocols}, author={Goldberg, Ian and Stebila, Douglas and Ustaoglu, Berkant}, journal={Designs, Codes and Cryptography}, pages={1--25}, year={2012}, publisher={Springer} } @inproceedings{yao2010deniable, title={Deniable internet key exchange}, author={Yao, Andrew C and Zhao, Yunlei}, booktitle={International Conference on Applied Cryptography and Network Security}, pages={329--348}, year={2010}, organization={Springer} } @article{cremers2011one, title={One-round strongly secure key exchange with perfect forward secrecy and deniability}, author={Cremers, Cas and Feltz, Michele}, journal={IACR Cryptology ePrint Archive}, volume={2011}, pages={300}, year={2011} } @article{harn2005authenticated, title={Authenticated Diffie--Hellman key agreement protocol using a single cryptographic assumption}, author={Harn, Lein and Hsin, W-J and Mehta, Mohit}, journal={IEE Proceedings-Communications}, volume={152}, number={4}, pages={404--410}, year={2005}, publisher={IET} } @phdthesis{datta2005security, title={Security analysis of network protocols: Compositional reasoning and complexity-theoretic foundations}, author={Datta, Anupam}, year={2005}, school={Citeseer} } @article{menezes2010reusing, title={On reusing ephemeral keys in Diffie-Hellman key agreement protocols}, author={Menezes, Alfred and Ustaoglu, Berkant}, journal={International Journal of Applied Cryptography}, volume={2}, number={2}, pages={154--158}, year={2010}, publisher={Inderscience Publishers} } @inproceedings{yao2013oake, title={OAKE: a new family of implicitly authenticated diffie-hellman protocols}, author={Yao, Andrew Chi-Chih and Zhao, Yunlei}, booktitle={Proceedings of the 2013 ACM SIGSAC conference on Computer \& communications security}, pages={1113--1128}, year={2013}, organization={ACM} } @inproceedings{zhang2015authenticated, title={Authenticated key exchange from ideal lattices}, author={Zhang, Jiang and Zhang, Zhenfeng and Ding, Jintai and Snook, Michael and Dagdelen, {\"O}zg{\"u}r}, booktitle={Annual International Conference on the Theory and Applications of Cryptographic Techniques}, pages={719--751}, year={2015}, organization={Springer} } @inproceedings{jiang2008efficient, title={An efficient deniable key exchange protocol}, author={Jiang, Shaoquan and Safavi-Naini, Reihaneh}, booktitle={International Conference on Financial Cryptography and Data Security}, pages={47--52}, year={2008}, organization={Springer} } @inproceedings{yang2011authenticated, title={Authenticated key exchange under bad randomness}, author={Yang, Guomin and Duan, Shanshan and Wong, Duncan S and Tan, Chik How and Wang, Huaxiong}, booktitle={International Conference on Financial Cryptography and Data Security}, pages={113--126}, year={2011}, organization={Springer} } @article{singh2015practical, title={A Practical Key Exchange for the Internet using Lattice Cryptography.}, author={Singh, Vikram}, journal={IACR Cryptology ePrint Archive}, volume={2015}, pages={138}, year={2015} } @inproceedings{yi2011three, title={Three-party password-authenticated key exchange without random oracles}, author={Yi, Xun and Tso, Raylin and Okamoto, Eiji}, booktitle={Security and Cryptography (SECRYPT), 2011 Proceedings of the International Conference on}, pages={15--24}, year={2011}, organization={IEEE} } @phdthesis{jost2014constructive, title={A constructive analysis of IPsec}, author={Jost, Daniel}, year={2014}, school={Citeseer} } @inproceedings{chen2016strongly, title={Strongly leakage-resilient authenticated key exchange}, author={Chen, Rongmao and Mu, Yi and Yang, Guomin and Susilo, Willy and Guo, Fuchun}, booktitle={Cryptographers’ Track at the RSA Conference}, pages={19--36}, year={2016}, organization={Springer} } @article{feltz2014limits, title={On the Limits of Authenticated Key Exchange Security with an Application to Bad Randomness.}, author={Feltz, Michele and Cremers, Cas}, journal={IACR Cryptology ePrint Archive}, volume={2014}, pages={369}, year={2014} } @article{katz2010one, title={One-Round Password-Based Authenticated Key Exchange.}, author={Katz, Jonathan and Vaikuntanathan, Vinod}, journal={IACR Cryptology ePrint Archive}, volume={2010}, pages={368}, year={2010}, publisher={Citeseer} } @inproceedings{liu2013security, title={Security model and analysis of FHMQV, revisited}, author={Liu, Shengli and Sakurai, Kouichi and Weng, Jian and Zhang, Fangguo and Zhao, Yunlei}, booktitle={International Conference on Information Security and Cryptology}, pages={255--269}, year={2013}, organization={Springer} } @inproceedings{jager2015security, title={On the security of TLS 1.3 and QUIC against weaknesses in PKCS\# 1 v1. 5 encryption}, author={Jager, Tibor and Schwenk, J{\"o}rg and Somorovsky, Juraj}, booktitle={Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security}, pages={1185--1196}, year={2015}, organization={ACM} } @article{lan2017investigating, title={Investigating the Multi-Ciphersuite and Backwards-Compatibility Security of the Upcoming TLS 1.3}, author={Lan, Xiao and Xu, Jing and Zhang, Zhenfeng and Zhu, Wen Tao}, journal={IEEE Transactions on Dependable and Secure Computing}, year={2017}, publisher={IEEE} } @inproceedings{dowling2015modelling, title={Modelling ciphersuite and version negotiation in the TLS protocol}, author={Dowling, Benjamin and Stebila, Douglas}, booktitle={Australasian Conference on Information Security and Privacy}, pages={270--288}, year={2015}, organization={Springer} } @inproceedings{li2016multiple, title={Multiple handshakes security of TLS 1.3 candidates}, author={Li, Xinyu and Xu, Jing and Zhang, Zhenfeng and Feng, Dengguo and Hu, Honggang}, booktitle={Security and Privacy (SP), 2016 IEEE Symposium on}, pages={486--505}, year={2016}, organization={IEEE} } @inproceedings{fischlin2016key, title={Key confirmation in key exchange: a formal treatment and implications for TLS 1.3}, author={Fischlin, Marc and G{\"u}nther, Felix and Schmidt, Benedikt and Warinschi, Bogdan}, booktitle={Security and Privacy (SP), 2016 IEEE Symposium on}, pages={452--469}, year={2016}, organization={IEEE} } @inproceedings{bellare2000authenticated, title={Authenticated key exchange secure against dictionary attacks}, author={Bellare, Mihir and Pointcheval, David and Rogaway, Phillip}, booktitle={Advances in Cryptology—EUROCRYPT 2000}, pages={139--155}, year={2000}, organization={Springer} } @inproceedings{canetti2001analysis, title={Analysis of key-exchange protocols and their use for building secure channels}, author={Canetti, Ran and Krawczyk, Hugo}, booktitle={International Conference on the Theory and Applications of Cryptographic Techniques}, pages={453--474}, year={2001}, organization={Springer} } @article{blake1997key, title={Key agreement protocols and their security analysis}, author={Blake-Wilson, Simon and Johnson, Don and Menezes, Alfred}, journal={Crytography and Coding}, pages={30--45}, year={1997}, publisher={Springer} } @inproceedings{blake1998authenticated, title={Authenticated Diffe-Hellman key agreement protocols}, author={Blake-Wilson, Simon and Menezes, Alfred}, booktitle={International Workshop on Selected Areas in Cryptography}, pages={339--361}, year={1998}, organization={Springer} } @inproceedings{bellare1998modular, title={A modular approach to the design and analysis of authentication and key exchange protocols}, author={Bellare, Mihir and Canetti, Ran and Krawczyk, Hugo}, booktitle={Proceedings of the thirtieth annual ACM symposium on Theory of computing}, pages={419--428}, year={1998}, organization={ACM} } @article{shoup1999formal, title={On formal models for secure key exchange}, author={Shoup, Victor}, year={1999}, publisher={Citeseer} } @inproceedings{canetti2002universally, title={Universally composable notions of key exchange and secure channels}, author={Canetti, Ran and Krawczyk, Hugo}, booktitle={International Conference on the Theory and Applications of Cryptographic Techniques}, pages={337--351}, year={2002}, organization={Springer} } @inproceedings{lincoln1998probabilistic, title={A probabilistic poly-time framework for protocol analysis}, author={Lincoln, Patrick and Mitchell, John and Mitchell, Mark and Scedrov, Andre}, booktitle={Proceedings of the 5th ACM conference on Computer and communications security}, pages={112--121}, year={1998}, organization={ACM} } @inproceedings{choo2005examining, title={Examining indistinguishability-based proof models for key establishment protocols}, author={Choo, Kim-Kwang Raymond and Boyd, Colin and Hitchcock, Yvonne}, booktitle={International Conference on the Theory and Application of Cryptology and Information Security}, pages={585--604}, year={2005}, organization={Springer} } @article{katz2007scalable, title={Scalable protocols for authenticated group key exchange}, author={Katz, Jonathan and Yung, Moti}, journal={Journal of Cryptology}, volume={20}, number={1}, pages={85--113}, year={2007}, publisher={Springer} } @inproceedings{katz2002forward, title={Forward secrecy in password-only key exchange protocols}, author={Katz, Jonathan and Ostrovsky, Rafail and Yung, Moti}, booktitle={International Conference on Security in Communication Networks}, pages={29--44}, year={2002}, organization={Springer} } @article{cheng2005indistinguishability, title={On The Indistinguishability-Based Security Model of Key Agreement Protocols-Simple Cases.}, author={Cheng, Zhaohui and Nistazakis, Manos and Comley, Richard and Vasiu, Luminita}, journal={IACR Cryptology ePrint Archive}, volume={2005}, pages={129}, year={2005}, publisher={Citeseer} } @inproceedings{morrissey2008modular, title={A modular security analysis of the TLS handshake protocol}, author={Morrissey, Paul and Smart, Nigel P and Warinschi, Bogdan}, booktitle={International Conference on the Theory and Application of Cryptology and Information Security}, pages={55--73}, year={2008}, organization={Springer} } @inproceedings{boyd2003deniable, title={Deniable authenticated key establishment for internet protocols}, author={Boyd, Colin and Mao, Wenbo and Paterson, Kenneth G}, booktitle={International Workshop on Security Protocols}, pages={255--271}, year={2003}, organization={Springer} } @inproceedings{groce2010new, title={A new framework for efficient password-based authenticated key exchange}, author={Groce, Adam and Katz, Jonathan}, booktitle={Proceedings of the 17th ACM conference on Computer and communications security}, pages={516--525}, year={2010}, organization={ACM} } @article{mackenzie2001security, title={On the Security of the SPEKE Password-Authenticated Key Exchange Protocol.}, author={MacKenzie, Philip}, journal={IACR Cryptology ePrint Archive}, volume={2001}, pages={57}, year={2001} } @inproceedings{sarr2010new, title={A new security model for authenticated key agreement}, author={Sarr, Augustin P and Elbaz-Vincent, Philippe and Bajard, Jean-Claude}, booktitle={International Conference on Security and Cryptography for Networks}, pages={219--234}, year={2010}, organization={Springer} } @phdthesis{katz2002efficient, title={Efficient Cryptographic Protocols Preventing “Man-in-the-Middle” Attacks}, author={Katz, Jonathan}, year={2002}, school={COLUMBIA UNIVERSITY} } @article{goldreich2006session, title={Session-key generation using human passwords only}, author={Goldreich, Oded and Lindell, Yehuda}, journal={Journal of Cryptology}, volume={19}, number={3}, pages={241--340}, year={2006}, publisher={Springer} } @inproceedings{choo2005security, title={Security requirements for key establishment proof models: revisiting Bellare--Rogaway and Jeong--Katz--Lee protocols}, author={Choo, Kim-Kwang Raymond and Hitchcock, Yvonne}, booktitle={Australasian Conference on Information Security and Privacy}, pages={429--442}, year={2005}, organization={Springer} } @inproceedings{kusters2011composition, title={Composition theorems without pre-established session identifiers}, author={K{\"u}sters, Ralf and Tuengerthal, Max}, booktitle={Proceedings of the 18th ACM conference on Computer and communications security}, pages={41--50}, year={2011}, organization={ACM} } @inproceedings{bresson2007security, title={On security models and compilers for group key exchange protocols}, author={Bresson, Emmanuel and Manulis, Mark and Schwenk, J{\"o}rg}, booktitle={International Workshop on Security}, pages={292--307}, year={2007}, organization={Springer} } @article{morrissey2010tls, title={The TLS handshake protocol: A modular analysis}, author={Morrissey, Paul and Smart, Nigel P and Warinschi, Bogdan}, journal={Journal of Cryptology}, volume={23}, number={2}, pages={187--223}, year={2010}, publisher={Springer} } @inproceedings{brzuska2011composability, title={Composability of Bellare-Rogaway key exchange protocols}, author={Brzuska, Christina and Fischlin, Marc and Warinschi, Bogdan and Williams, Stephen C}, booktitle={Proceedings of the 18th ACM conference on Computer and communications security}, pages={51--62}, year={2011}, organization={ACM} } @inproceedings{tin2003provably, title={Provably secure mobile key exchange: Applying the Canetti-Krawczyk approach}, author={Tin, Yiu Shing Terry and Boyd, Colin and Nieto, Juan Manuel Gonz{\'a}lez}, booktitle={Australasian Conference on Information Security and Privacy}, pages={166--179}, year={2003}, organization={Springer} } @phdthesis{choo2006key, title={Key Establishment: Proofs and Refutations}, author={Choo, Kim-Kwang Raymond}, year={2006}, school={Queensland University of Technology} } @inproceedings{zhang2010deniable, title={A deniable group key establishment protocol in the standard model}, author={Zhang, Yazhe and Wang, Kunpeng and Li, Bao}, booktitle={International Conference on Information Security Practice and Experience}, pages={308--323}, year={2010}, organization={Springer} } @article{hitchcock2006modular, title={Modular proofs for key exchange: rigorous optimizations in the Canetti--Krawczyk model}, author={Hitchcock, Yvonne and Boyd, Colin and Gonz{\'a}lez Nieto, Juan Manuel}, journal={Applicable Algebra in Engineering, Communication and Computing}, volume={16}, number={6}, pages={405--438}, year={2006}, publisher={Springer} } @article{jager2011standard, title={A Standard-Model Security Analysis of TLS-DHE.}, author={Jager, Tibor and Kohlar, Florian and Sch{\"a}ge, Sven and Schwenk, J{\"o}rg}, journal={IACR Cryptology ePrint Archive}, volume={2011}, number={219}, year={2011} } @incollection{jager2012security, title={On the security of TLS-DHE in the standard model}, author={Jager, Tibor and Kohlar, Florian and Sch{\"a}ge, Sven and Schwenk, J{\"o}rg}, booktitle={Advances in Cryptology--CRYPTO 2012}, pages={273--293}, year={2012}, publisher={Springer} } ### INCOMPLETE, financial crypto 2017 @article{dodisunilaterally, title={Unilaterally-Authenticated Key Exchange}, author={Dodis, Yevgeniy and Fiore, Dario} } @inproceedings{bhargavan2017content, title={Content Delivery over TLS: A Cryptographic Analysis of Keyless SSL}, author={Bhargavan, Karthikeyan and Boureanu, IC and Fouque, Pierre-Alain and Onete, Cristina and Richard, Benjamin}, booktitle={Proceedings of the 2nd IEEE European Symposium on Security and Privacy}, year={2017} } @inproceedings{gunther20170, title={0-RTT Key Exchange with Full Forward Secrecy}, author={G{\"u}nther, Felix and Hale, Britta and Jager, Tibor and Lauer, Sebastian}, booktitle={Annual International Conference on the Theory and Applications of Cryptographic Techniques}, pages={519--548}, year={2017}, organization={Springer} } # Attacks and Real-World Protocols @inproceedings{lauter2006security, title={Security analysis of KEA authenticated key exchange protocol}, author={Lauter, Kristin and Mityagin, Anton}, booktitle={Public Key Cryptography}, volume={3958}, pages={378--394}, year={2006}, organization={Springer} } @inproceedings{jager2015practical, title={Practical invalid curve attacks on TLS-ECDH}, author={Jager, Tibor and Schwenk, J{\"o}rg and Somorovsky, Juraj}, booktitle={European Symposium on Research in Computer Security}, pages={407--425}, year={2015}, organization={Springer} } @inproceedings{bhargavan2016transcript, title={Transcript collision attacks: Breaking authentication in TLS, IKE, and SSH}, author={Bhargavan, Karthikeyan and Leurent, Ga{\"e}tan}, booktitle={Network and Distributed System Security Symposium--NDSS 2016}, year={2016} } @inproceedings{bhargavan2016downgrade, title={Downgrade resilience in key-exchange protocols}, author={Bhargavan, Karthikeyan and Brzuska, Christina and Fournet, C{\'e}dric and Green, Matthew and Kohlweiss, Markulf and Zanella-B{\'e}guelin, Santiago}, booktitle={Security and Privacy (SP), 2016 IEEE Symposium on}, pages={506--525}, year={2016}, organization={IEEE} } @inproceedings{aviram2016drown, title={DROWN: breaking TLS using SSLv2}, author={Aviram, Nimrod and Schinzel, Sebastian and Somorovsky, Juraj and Heninger, Nadia and Dankel, Maik and Steube, Jens and Valenta, Luke and Adrian, David and Halderman, J Alex and Dukhovni, Viktor and others}, booktitle={25th USENIX Security Symposium (USENIX Security 16)(Aug. 2016)}, year={2016} } @inproceedings{meyer2014revisiting, title={Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks.}, author={Meyer, Christopher and Somorovsky, Juraj and Weiss, Eugen and Schwenk, J{\"o}rg and Schinzel, Sebastian and Tews, Erik}, booktitle={USENIX Security}, volume={14}, pages={733--748}, year={2014} } @inproceedings{albrecht2016lucky, title={Lucky Microseconds: A timing attack on amazon’s s2n implementation of TLS}, author={Albrecht, Martin R and Paterson, Kenneth G}, booktitle={Annual International Conference on the Theory and Applications of Cryptographic Techniques}, pages={622--643}, year={2016}, organization={Springer} } @inproceedings{garman2015attacks, title={Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS.}, author={Garman, Christina and Paterson, Kenneth G and Van der Merwe, Thyla}, booktitle={USENIX Security}, pages={113--128}, year={2015} } @article{kaliski2001unknown, title={An unknown key-share attack on the MQV key agreement protocol}, author={Kaliski Jr, Burton S}, journal={ACM Transactions on Information and System Security (TISSEC)}, volume={4}, number={3}, pages={275--288}, year={2001}, publisher={ACM} } @inproceedings{giesen2013security, title={On the security of TLS renegotiation}, author={Giesen, Florian and Kohlar, Florian and Stebila, Douglas}, booktitle={Proceedings of the 2013 ACM SIGSAC conference on Computer \& communications security}, pages={387--398}, year={2013}, organization={ACM} } @incollection{krawczyk2013security, title={On the security of the TLS protocol: A systematic analysis}, author={Krawczyk, Hugo and Paterson, Kenneth G and Wee, Hoeteck}, booktitle={Advances in Cryptology--CRYPTO 2013}, pages={429--448}, year={2013}, publisher={Springer} } # Verified Implementations @article{bhargavan2016mitls, title={miTLS: Verifying Protocol Implementations against Real-World Attacks}, author={Bhargavan, Karthikeyan and Fournet, Cedric and Kohlweiss, Markulf}, journal={IEEE Security \& Privacy}, volume={14}, number={6}, pages={18--25}, year={2016}, publisher={IEEE} } @inproceedings{kusters2009using, title={Using ProVerif to analyze protocols with Diffie-Hellman exponentiation}, author={K{\"u}sters, Ralf and Truderung, Tomasz}, booktitle={Computer Security Foundations Symposium, 2009. CSF'09. 22nd IEEE}, pages={157--171}, year={2009}, organization={IEEE} } @inproceedings{barthe2015mind, title={Mind the gap: Modular machine-checked proofs of one-round key exchange protocols}, author={Barthe, Gilles and Crespo, Juan Manuel and Lakhnech, Yassine and Schmidt, Benedikt}, booktitle={Annual International Conference on the Theory and Applications of Cryptographic Techniques}, pages={689--718}, year={2015}, organization={Springer} } @article{delignattowards, title={Towards a Provably Secure Implementation of TLS 1.3}, author={Delignat, Benjamin Beurdouche Karthikeyan Bhargavan Antoine and Ishtiaq, Lavaud C{\'e}dric Fournet Samin and Swamy, Markulf Kohlweiss Jonathan Protzenko Nikhil and Zinzindohou{\'e}, Santiago Zanella-B{\'e}guelin Jean Karim} } @article{bhargavan2016implementing, title={Implementing and Proving the TLS 1.3 Record Layer}, author={Bhargavan, Karthikeyan and Delignat-Lavaud, Antoine and Fournet, Cédric and Kohlweiss, Markulf and Pan, Jianyang and Protzenko, Jonathan and Rastogi, Aseem and Swamy, Nikhil and Zanella-Béguelin, Santiago and Zinzindohoué, Jean Karim}, year={2016} } @inproceedings{bhargavan2016proscript, title={ProScript TLS: Building a TLS 1.3 Implementation with a Verifiable Protocol Model}, author={Bhargavan, Karthikeyan and Kobeissi, Nadim and Blanchet, Bruno}, booktitle={TRON Workshop-TLS 1.3, Ready Or Not}, year={2016} } @inproceedings{beurdouche2015messy, title={A messy state of the union: Taming the composite state machines of TLS}, author={Beurdouche, Benjamin and Bhargavan, Karthikeyan and Delignat-Lavaud, Antoine and Fournet, C{\'e}dric and Kohlweiss, Markulf and Pironti, Alfredo and Strub, Pierre-Yves and Zinzindohoue, Jean Karim}, booktitle={Security and Privacy (SP), 2015 IEEE Symposium on}, pages={535--552}, year={2015}, organization={IEEE} } @inproceedings{somorovsky2016systematic, title={Systematic fuzzing and testing of TLS libraries}, author={Somorovsky, Juraj}, booktitle={Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security}, pages={1492--1504}, year={2016}, organization={ACM} } @book{cremers2006scyther, title={Scyther: Semantics and verification of security protocols}, author={Cremers, Casimier Joseph Franciscus}, year={2006}, publisher={Eindhoven University of Technology Eindhoven, Netherlands} } @article{goubault2000method, title={A method for automatic cryptographic protocol verification}, author={Goubault-Larrecq, Jean}, journal={Parallel and Distributed Processing}, pages={977--984}, year={2000}, publisher={Springer} } @techreport{bella2000inductive, title={Inductive verification of cryptographic protocols}, author={Bella, Giampaolo}, year={2000}, institution={University of Cambridge, Computer Laboratory} } # Standards @techreport{kaufman2014internet, title={Internet key exchange protocol version 2 (IKEv2)}, author={Kaufman, Charlie and Hoffman, Paul and Nir, Yoav and Eronen, Parsi and Kivinen, T}, year={2014} } @incollection{paterson2016reactive, title={Reactive and Proactive Standardisation of TLS}, author={Paterson, Kenneth G and van der Merwe, Thyla}, booktitle={Security Standardisation Research}, pages={160--186}, year={2016}, publisher={Springer} } # General, Measurement, etc. ### INCOMPLETE, financial crypto 2017 @article{samarasinghe2017short, title={Short Paper: TLS Ecosystems in Networked Devices vs. Web Servers}, author={Samarasinghe, Nayanamana and Mannan, Mohammad}, year={2017} } ### INCOMPLETE, financial crypto 2017 @article{chothiabanker, title={Why Banker Bob (still) Can’t Get TLS Right: A Security Analysis of TLS in Leading UK Banking Apps}, author={Chothia, Tom and Garcia, Flavio D and Heppel, Chris and Stone, Chris McMahon} } @phdthesis{levillain2016study, title={A study of the TLS ecosystem}, author={Levillain, Olivier}, year={2016}, school={Institut National des T{\'e}l{\'e}communications} } @inproceedings{springall2016measuring, title={Measuring the Security Harm of TLS Crypto Shortcuts}, author={Springall, Drew and Durumeric, Zakir and Halderman, J Alex}, booktitle={Proceedings of the 2016 ACM on Internet Measurement Conference}, pages={33--47}, year={2016}, organization={ACM} }