diff options
Diffstat (limited to 'summary/src/ctor/src/ref.bib')
| -rw-r--r-- | summary/src/ctor/src/ref.bib | 536 |
1 files changed, 536 insertions, 0 deletions
diff --git a/summary/src/ctor/src/ref.bib b/summary/src/ctor/src/ref.bib new file mode 100644 index 0000000..b39ae33 --- /dev/null +++ b/summary/src/ctor/src/ref.bib @@ -0,0 +1,536 @@ +@misc{apple-on-independence, + author = {Clint Wilson}, + title = {{CT} Days 2020}, + howpublished = {\url{https://groups.google.com/a/chromium.org/g/ct-policy/c/JWVVhZTL5RM}, accessed 2020-12-15} +} + +@misc{onionskins, + author = {{Tor Project}}, + title = {Functions to queue create cells for processing}, + howpublished = {\url{https://src-ref.docs.torproject.org/tor/onion__queue_8c_source.html}, accessed 2020-12-15}, +} + +@misc{delayed-merge, + author = {{Google LLC.}}, + title = {Trillian Log Signer}, + howpublished = {\url{https://github.com/google/trillian/blob/master/cmd/trillian_log_signer/main.go}, accessed 2020-12-15}, +} + +@misc{stark, + title = {Opt-in {SCT} Auditing}, + author = {Emily Stark and Chris Thompson}, + howpublished = {\url{https://docs.google.com/document/d/1G1Jy8LJgSqJ-B673GnTYIG4b7XRw2ZLtvvSlrqFcl4A/edit}, accessed 2020-12-15}, +} + +@article{meiklejohn, + author = {Sarah Meiklejohn and Pavel Kalinnikov and Cindy S. Lin and Martin Hutchinson and Gary Belvin and Mariana Raykova and Al Cutter}, + title = {Think Global, Act Local: Gossip and Client Audits in Verifiable Data Structures}, + journal = {CoRR}, + volume = {abs/2011.04551}, + year = {2020}, +} + +@misc{sfo-dist, + author = {Rasmus Dahlberg and Tobias Pulls and Tom Ritter and Paul Syverson}, + title = {{SFO} Distribution Artificat}, + year = {2020}, + howpublished = {\url{https://github.com/rgdd/ctor/tree/master/artifact}}, +} + +@misc{ct-policy-mailing-list, + author = {{CT policy mailing list}}, + title = {{Certificate Transparency} Policy}, + howpublished = {\url{https://groups.google.com/a/chromium.org/forum/\#!forum/ct-policy}, accessed 2020-12-15}, +} + +@misc{no-hard-fail, + author = {Adam Langley}, + title = {No, don't enable revocation checking}, + howpublished = {\url{https://www.imperialviolet.org/2014/04/19/revchecking.html}, accessed 2020-12-15}, +} + +@misc{de-anonymize-exploit, + author = {Joseph Cox}, + title = {The {FBI} Used a 'Non-Public' Vulnerability to Hack Suspects on {Tor}}, + howpublished = {\url{https://www.vice.com/en_us/article/kb7kza/the-fbi-used-a-non-public-vulnerability-to-hack-suspects-on-tor}, accessed 2020-12-15}, +} + +@Misc{forbes-fbi-tor, + author = {Kashmir Hill}, + title = {How Did The {FBI} Break {Tor}?}, + howpublished = {\url{https://www.forbes.com/sites/kashmirhill/2014/11/07/how-did-law-enforcement-break-tor/#6cf2ed594bf7}, accessed 2020-12-15}, +} + + +@Misc{doj-fbi-tor, + author = {{U.S. Dept. of Justice}}, + title = {More Than 400 .Onion Addresses, Including Dozens of ‘Dark Market’ Sites, Targeted as Part of Global Enforcement Action on {Tor} Network}, + howpublished = {\url{https://www.fbi.gov/news/pressrel/press-releases/more-than-400-.onion-addresses-including-dozens-of-dark-market-sites-targeted-as-part-of-global-enforcement-action-on-tor-network}, accessed 2020-12-15}, +} + + +@Misc{syria-facebook-mitm, + author = {Peter Eckersley}, + title = {A {Syrian} Man-In-The-Middle Attack against {Facebook}}, + howpublished = {\url{https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook}, accessed 2020-12-15}, +} + +@misc{wiki-bgp, + author = {{Wikipedia contributors}}, + title = {{BGP} hijacking---{Wikipedia}{,} The Free Encyclopedia}, + howpublished = {\url{https://en.wikipedia.org/w/index.php?title=BGP_hijacking&oldid=964360841}, accessed 2020-12-15}, +} + +@misc{bgp-hijacking-for-crypto-2, + author = {Ameet Naik}, + title = {Anatomy of a {BGP} Hijack on {Amazon’s} Route 53 {DNS} Service}, + howpublished = {\url{https://blog.thousandeyes.com/amazon-route-53-dns-and-bgp-hijack}, accessed 2020-12-15}, +} + +@misc{bgp-hijacking-for-crypto, + author = {Joe Stewart}, + title = {{BGP} Hijacking for Cryptocurrency Profit}, + howpublished = {\url{https://www.secureworks.com/research/bgp-hijacking-for-cryptocurrency-profit}, accessed 2020-12-15}, +} + +@misc{myetherwallet, + author = {Russell Brandom}, + title = {Hackers emptied {Ethereum} wallets by breaking the basic infrastructure of the {Internet}}, + howpublished = {\url{https://www.theverge.com/2018/4/24/17275982/myetherwallet-hack-bgp-dns-hijacking-stolen-ethereum}, accessed 2020-12-15}, +} + +@Misc{ethereum-hijack-isoc, + author = {Aftab Siddiqui}, + title = {What Happened? {The Amazon Route 53 BGP} Hijack to Take Over {Ethereum} Cryptocurrency Wallets}, + howpublished = {\url{https://www.internetsociety.org/blog/2018/04/amazons-route-53-bgp-hijack/}, accessed 2020-12-15}} + +@Misc{iran-telegram-bgp, + author = {Patrick Howell O'Neill}, + title = {Telegram traffic from around the world took a detour through {Iran}}, + howpublished = {\url{https://www.cyberscoop.com/telegram-iran-bgp-hijacking/}, accessed 2020-12-15}, +} + +@misc{google-log-policy, + author = {{Google LLC.}}, + title = {Chromium {Certificate Transparency} Policy}, + howpublished = {\url{https://github.com/chromium/ct-policy/blob/master/README.md}, accessed 2020-12-15}, +} + +@misc{apple-log-policy, + author = {{Apple Inc.}}, + title = {Apple's {Certificate Transparency} log program}, + howpublished = {\url{https://support.apple.com/en-om/HT209255}, accessed 2020-12-15}, +} + +@misc{tor-bandwidth, + author = {{Tor project}}, + title = {Advertised and consumed bandwidth by relay flag}, + howpublished = {\url{https://metrics.torproject.org/bandwidth-flags.html}, accessed 2020-05-30}, +} + +@misc{relay-by-flag, + author = {{Tor project}}, + title = {Relays by relay flag}, + howpublished = {\url{https://metrics.torproject.org/relayflags.html}, accessed 2020-05-29}, +} + +@misc{relay-config, + author = {{Tor project}}, + title = {Relay requirements}, + howpublished = {\url{https://community.torproject.org/relay/relays-requirements/}, accessed 2020-05-29}, +} + +@misc{turktrust, + author = {Adam Langley}, + title = {Enhancing digital certificate security}, + howpublished = {\url{https://security.googleblog.com/2013/01/enhancing-digital-certificate-security.html}, accessed 2020-12-15}, +} + +@inproceedings{doublecheck, + author = {Mansoor Alicherry and Angelos D. Keromytis}, + title = {{DoubleCheck}: Multi-path verification against man-in-the-middle attacks}, + booktitle = {ISCC}, + year = {2009}, +} + +@misc{consensus-transparency, + author = {Linus Nordberg}, + title = {{Tor} Consensus Transparency}, + howpublished = {\url{https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/267-tor-consensus-transparency.txt}, accessed 2020-12-15}, +} + +@misc{sth-push, + author = {Ryan Sleevi and Eran Messeri}, + title = {Certificate transparency in {Chrome}: Monitoring {CT} Logs consistency}, + howpublished = {\url{https://docs.google.com/document/d/1FP5J5Sfsg0OR9P4YT0q1dM02iavhi8ix1mZlZe_z-ls/edit?pref=2&pli=1}, accessed 2020-12-15}, +} + +@misc{minimal-gossip, + author = {{Google LLC.}}, + title = {Minimal Gossip}, + howpublished = {\url{https://github.com/google/trillian-examples/blob/master/gossip/minimal/README.md}, accessed 2020-12-15}, +} + +@inproceedings{catena, + author = {Alin Tomescu and Srinivas Devadas}, + title = {Catena: Efficient Non-equivocation via {Bitcoin}}, + booktitle = {IEEE S\&P}, + year = {2017}, +} + +@inproceedings{chase, + author = {Melissa Chase and Sarah Meiklejohn}, + title = {Transparency Overlays and Applications}, + booktitle = {CCS}, + year = {2016}, +} + +@inproceedings{kales, + author = {Daniel Kales and Olamide Omolola and Sebastian Ramacher}, + title = {Revisiting User Privacy for {Certificate Transparency}}, + booktitle = {IEEE EuroS\&P}, + year = {2019}, +} + +@inproceedings{lueks-and-goldberg, + author = {Wouter Lueks and Ian Goldberg}, + title = {Sublinear Scaling for Multi-Client Private Information Retrieval}, + booktitle = {FC}, + year = {2015}, +} + +@misc{ct-over-dns, + author = {Ben Laurie}, + title = {{Certificate Transparency} over {DNS}}, + howpublished = {\url{https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md}, accessed 2020-12-15}, +} + +@inproceedings{lwm, + author = {Rasmus Dahlberg and Tobias Pulls}, + title = {Verifiable Light-Weight Monitoring for {Certificate Transparency} Logs}, + booktitle = {NordSec}, + year = {2018}, +} + +@article{ct-with-privacy, + author = {Saba Eskandarian and Eran Messeri and Joseph Bonneau and Dan Boneh}, + title = {{Certificate Transparency} with Privacy}, + journal = {PETS}, + volume = {2017}, + number = {4}, +} + +@inproceedings{ct-monitors, + author = {Bingyu Li and Jingqiang Lin and Fengjun Li and Qiongxiao Wang and Qi Li and Jiwu Jing and Congli Wang}, + title = {{Certificate Transparency} in the Wild: Exploring the Reliability of Monitors}, + booktitle = {CCS}, + year = {2019}, +} + +@inproceedings{syta, + author = {Ewa Syta and Iulia Tamas and Dylan Visher and David Isaac Wolinsky and Philipp Jovanovic and Linus Gasser and Nicolas Gailly and Ismail Khoffi and Bryan Ford}, + title = {Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning}, + booktitle = {IEEE S\&P}, + year = {2016}, +} + +@inproceedings{dahlberg, + author = {Rasmus Dahlberg and Tobias Pulls and Jonathan Vestin and Toke H{\o}iland-J{\o}rgensen and Andreas Kassler}, + title = {Aggregation-Based {Certificate Transparency} Gossip}, + booktitle = {SECURWARE}, + year = {2019}, +} + +@inproceedings{secure-logging-and-ct, + author = {Benjamin Dowling and Felix G{\"{u}}nther and Udyani Herath and Douglas Stebila}, + title = {Secure Logging Schemes and {Certificate Transparency}}, + booktitle = {ESORICS}, + year = {2016}, +} + +@misc{tor-browser, + author = {Mike Perry and Erinn Clark and Steven Murdoch and Georg Koppen}, + title = {The Design and Implementation of the {Tor Browser [DRAFT]}}, + howpublished = {\url{https://2019.www.torproject.org/projects/torbrowser/design/}, accessed 2020-12-15}, +} + +@inproceedings{mani, + author = {Akshaya Mani and T. Wilson{-}Brown and Rob Jansen and Aaron Johnson and Micah Sherr}, + title = {Understanding {Tor} Usage with Privacy-Preserving Measurement}, + booktitle = {IMC}, + year = {2018}, +} + +@inproceedings{ct-root-landscape, + author = {Nikita Korzhitskii and Niklas Carlsson}, + title = {Characterizing the Root Landscape of {Certificate Transparency} Logs}, + booktitle = {IFIP Networking}, + year = {2020}, +} + +@inproceedings{spoiled-onions, + author = {Philipp Winter and Richard K{\"{o}}wer and Martin Mulazzani and Markus Huber and Sebastian Schrittwieser and Stefan Lindskog and Edgar R. Weippl}, + title = {Spoiled Onions: Exposing Malicious {Tor} Exit Relays}, + booktitle = {PETS}, + year = {2014}, +} + +@misc{gdca1-omission, + title = {Un-incorporated {SCTs} from {GDCA1}}, + author = {Brendan McMillion}, + howpublished = {\url{https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/Emh3ZaU0jqI}, accessed 2020-12-15}, +} + +@misc{digicert-log-compromised, + title = {{CT2} Log Compromised via {Salt} Vulnerability}, + author = {Jeremy Rowley}, + howpublished = {\url{https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/aKNbZuJzwfM}, accessed 2020-12-15}, +} + +@misc{izenpe-disqualified, + title = {Upcoming {CT} Log Removal: {Izenpe}}, + author = {Ryan Sleevi}, + howpublished = {\url{https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/qOorKuhL1vA}, accessed 2020-12-15}, +} + +@misc{venafi-disqualified, + title = {Upcoming Log Removal: {Venafi} {CT} Log Server}, + author = {Ryan Sleevi}, + howpublished = {\url{https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/KMAcNT3asTQ}, accessed 2020-12-15}, +} + +@inproceedings{does-ct-break-the-web, + author = {Emily Stark and Ryan Sleevi and Rijad Muminovic and Devon O'Brien and Eran Messeri and Adrienne Porter Felt and Brendan McMillion and Parisa Tabriz}, + title = {Does {Certificate Transparency} Break the Web? {Measuring} Adoption and Error Rate}, + booktitle = {IEEE S\&P}, + year = {2019}, +} + +@inproceedings{https-sok, + author = {Jeremy Clark and Paul C. van Oorschot}, + title = {{SoK:} {SSL} and {HTTPS:} Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements}, + booktitle = {IEEE S\&P}, + year = {2013}, +} + +@inproceedings{ca-ecosystem, + author = {Zakir Durumeric and James Kasten and Michael Bailey and J. Alex Halderman}, + title = {Analysis of the {HTTPS} certificate ecosystem}, + booktitle = {IMC}, + year = {2013}, +} + +@article{ct/a, + author = {Ben Laurie}, + title = {Certificate transparency}, + journal = {CACM}, + volume = {57}, + number = {10}, + year = {2014}, +} + +@inproceedings{tor, + author = {Roger Dingledine and Nick Mathewson and Paul F. Syverson}, + title = {Tor: The Second-Generation Onion Router}, + booktitle = {USENIX Security}, + year = {2004}, +} + +@misc{rapid-tls13, + author = {Joseph A.\ Salowey and Sean Turner and Christopher A.\ Wood}, + title = {{TLS} 1.3: One Year Later}, + howpublished = {\url{https://www.ietf.org/blog/tls13-adoption}, accessed 2020-12-15}, +} + +@misc{chrome-ui, + author = {Emily Schechter}, + title = {Evolving {Chrome's} Security Indicators}, + howpublished = {\url{https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html}, accessed 2020-12-15}, +} + +@misc{firefox-ui, + author = {Johann Hofmann}, + title = {Improved Security and Privacy Indicators in {Firefox} 70}, + howpublished = {\url{https://blog.mozilla.org/security/2019/10/15/improved-security-and-privacy-indicators-in-firefox-70/}, accessed 2020-12-15} +} + +@inproceedings{le, + author = {Josh Aas and Richard Barnes and Benton Case and Zakir Durumeric and Peter Eckersley and Alan Flores{-}L{\'{o}}pez and J. Alex Halderman and Jacob Hoffman{-}Andrews and James Kasten and Eric Rescorla and Seth D. Schoen and Brad Warren}, + title = {{Let's Encrypt}: An Automated Certificate Authority to Encrypt the Entire Web}, + booktitle = {CCS}, + year = {2019}, +} + +@misc{google-metrics, + author = {{Google LLC}}, + title = {{HTTPS} encryption on the web}, + howpublished = {\url{https://transparencyreport.google.com/https/overview?hl=en}, accessed 2020-05-19}, +} + +@misc{mozilla-metrics, + author = {{Mozilla}}, + title = {{SSL} Ratios}, + howpublished = {\url{https://docs.telemetry.mozilla.org/datasets/other/ssl/reference.html}, accessed 2020-05-19}, +} + +@techreport{nordberg, + author = {Linus Nordberg and Daniel Kahn Gillmor and Tom Ritter}, + title = {Gossiping in {CT}}, + number = {draft-ietf-trans-gossip-05}, + type = {Internet-draft}, + institution = {IETF}, + year = {2018}, + url = {https://tools.ietf.org/html/draft-ietf-trans-gossip-05} +} + +@techreport{ct, + author = {Ben Laurie and Adam Langley and Emilia Kasper}, + title = {{Certificate Transparency}}, + number = {6962}, + type = {RFC}, + institution = {IETF}, + year = {2013}, + url = {https://tools.ietf.org/html/rfc6962}, +} + +@techreport{ct/bis, + author = {Ben Laurie and Adam Langley and Emilia Kasper and Eran Messeri and Rob Stradling}, + title = {{Certificate Transparency} Version 2.0}, + number = {draft-ietf-trans-rfc6962-bis-34}, + type = {Internet-draft}, + institution = {IETF}, + year = {2019}, + url = {https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-34}, +} + +@techreport{hpkp, + author = {Chris Evans and Chris Palmer and Ryan Sleevi}, + title = {Public Key Pinning Extension for {HTTP}}, + number = {7469}, + type = {RFC}, + institution = {IETF}, + year = {2015}, + url = {https://tools.ietf.org/html/rfc7469}, +} + +@inproceedings{chuat, + author = {Laurent Chuat and Pawel Szalachowski and Adrian Perrig and Ben Laurie and Eran Messeri}, + title = {Efficient Gossip Protocols for Verifying the Consistency of Certificate Logs}, + booktitle = {CNS}, + year = {2015}, +} + +@inproceedings{TorDNS, + author = {Benjamin Greschbach and Tobias Pulls and Laura M. Roberts and Philipp Winter and Nick Feamster}, + title = {The Effect of {DNS} on {Tor's} Anonymity}, + booktitle = {NDSS}, + year = {2017}, +} + +@inproceedings{trickle02, + author = {Andrei Serjantov and Roger Dingledine and Paul Syverson}, + title = {From a Trickle to a Flood: Active Attacks on Several Mix Types}, + booktitle = {IH}, + year = {2002}, +} + +@inproceedings{kesdogan:ih1998, + title = {{Stop-and-Go} {MIX}es: Providing Probabilistic Anonymity in an Open System}, + author = {Dogan Kesdogan and Jan Egner and Roland B\"uschkes}, + booktitle = {IH}, + year = {1998}, +} + +@inproceedings{danezis:pets2008, + author = {George Danezis and Paul Syverson}, + title = {Bridging and Fingerprinting: Epistemic Attacks on Route Selection}, + booktitle = {PETS}, + year = {2008}, +} + +@inproceedings{long-paths, + author = {Nathan S. Evans and Roger Dingledine and Christian Grothoff}, + title = {A Practical Congestion Attack on {Tor} Using Long Paths}, + booktitle = {USENIX Security}, + year = {2009}, +} + + +@misc{tor-documentation, + author = {{Tor Project}}, + title = {Getting up to speed on {Tor's} past, present, and future}, + howpublished = {\url{https://2019.www.torproject.org/docs/documentation.html.en}, accessed 2020-12-15}, +} + +@inproceedings{PIR, + author = {Benny Chor and Oded Goldreich and Eyal Kushilevitz and Madhu Sudan}, + title = {Private Information Retrieval}, + booktitle = {FOCS}, + year = {1995}, +} + +@inproceedings{DBLP:conf/pam/AmannS16, + author = {Johanna Amann and Robin Sommer}, + title = {Exploring {Tor's} Activity Through Long-Term Passive {TLS} Traffic Measurement}, + booktitle = {PAM}, + year = {2016}, +} + +@inproceedings{1mtrack, + author = {Steven Englehardt and Arvind Narayanan}, + title = {Online Tracking: A 1-million-site Measurement and Analysis}, + booktitle = {CCS}, + year = {2016}, +} + +@techreport{diginotar, + author = {J.R. Prins}, + title = {{DigiNotar} Certificate Authority breach “Operation Black Tulip”}, + institution = {Fox-IT}, + year = {2011}, + type = {Interim Report}, +} + +@misc{ffct, + author = {{Bugzilla}}, + title = {Implement {Certificate Transparency} support ({RFC} 6962)}, + howpublished = {\url{https://bugzilla.mozilla.org/show_bug.cgi?id=1281469}, accessed 2020-12-15}, +} + +@misc{fftor, + author = {{Mozilla}}, + title = {Mozilla Research Grants {2019H1}}, + howpublished = {\url{https://mozilla-research.forms.fm/mozilla-research-grants-2019h1/forms/6510}, accessed 2020-12-15}, +} + +@misc{zerotor, + author = {{Zerodium}}, + title = {{Tor Browser} Zero-Day Exploit Bounty (Expired)}, + howpublished = {\url{https://zerodium.com/tor.html}, accessed 2020-12-15}, +} + +@misc{zeromain, + author = {{Zerodium}}, + title = {Our Exploit Acquisition Program}, + howpublished = {\url{https://zerodium.com/program.html}, accessed 2020-05-21}, +} + +@misc{lepop1, + author = {{Catalin Cimpanu}}, + title = {Exploit vendor drops {Tor Browser} zero-day on {Twitter}}, + howpublished = {\url{https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/}, accessed 2020-12-15}, +} + +@misc{lepop2, + author = {{firstwatch at sigaint.org}}, + title = {[tor-talk] Javascript exploit}, + howpublished = {\url{https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html}, accessed 2020-12-15}, +} + +@article{selfrando, + author = {Mauro Conti and Stephen Crane and Tommaso Frassetto and Andrei Homescu and Georg Koppen and Per Larsen and Christopher Liebchen and Mike Perry and Ahmad{-}Reza Sadeghi}, + title = {Selfrando: Securing the {Tor Browser} against De-anonymization Exploits}, + journal = {PETS}, + volume = {2016}, + number = {4}, +} |