From 385cc92bc91e1a6c3724085c060e76bf40c13ed3 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Tue, 15 Oct 2024 16:08:16 +0200 Subject: Import PhD thesis --- summary/src/introduction/refs.bib | 954 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 954 insertions(+) create mode 100644 summary/src/introduction/refs.bib (limited to 'summary/src/introduction/refs.bib') diff --git a/summary/src/introduction/refs.bib b/summary/src/introduction/refs.bib new file mode 100644 index 0000000..fc31dd8 --- /dev/null +++ b/summary/src/introduction/refs.bib @@ -0,0 +1,954 @@ +%%% +% Certificate transparency +%%% +@techreport{rfc6962, + author = {Ben Laurie and Adam Langley and Emilia Kasper}, + title = {{Certificate Transparency}}, + number = {6962}, + type = {RFC}, + institution = {IETF}, + year = {2013}, + url = {https://tools.ietf.org/html/rfc6962}, +} + +@techreport{rfc9162, + author = {Ben Laurie and Eran Messeri and Rob Stradling}, + title = {{Certificate Transparency} Version 2.0}, + number = {9162}, + type = {RFC}, + institution = {IETF}, + year = {2021}, + url = {https://tools.ietf.org/html/rfc9162}, +} + +@misc{google-log-policy, + author = {{Google LLC.}}, + title = {{Certificate Transparency} in {Chrome}}, + howpublished = {\url{https://googlechrome.github.io/CertificateTransparency/ct_policy.html}, accessed 2023-04-30}, +} + +@misc{apple-log-policy, + author = {{Apple Inc.}}, + title = {Apple's {Certificate Transparency} Policy}, + howpublished = {\url{https://support.apple.com/en-us/HT205280}, accessed 2023-04-30}, +} + +@misc{ct-monitors, + author = {{Google LLC.}}, + title = {The list of existing monitors}, + howpublished = {\url{https://certificate.transparency.dev/monitors/}, accessed 2023-04-30}, +} + +@misc{sslmate-history, + author = {{SSLMate Inc.}}, + title = {Timeline of Certificate Authority Failures}, + howpublished = {\url{https://sslmate.com/resources/certificate_authority_failures}, accessed 2023-04-30}, +} + +@misc{merkle-intro, + author = {Rasmus Dahlberg}, + title = {Transparency log preliminaries}, + howpublished = {\url{https://gitlab.torproject.org/rgdd/ct/-/blob/main/doc/tlog-preliminaries.md}, accessed 2023-04-30}, +} + +@article{ct, + author = {Ben Laurie}, + title = {{Certificate Transparency}}, + journal = {CACM}, + volume = {57}, + number = {10}, + year = {2014}, +} + +@article{ct-history, + author = {Emily Stark and + Joe DeBlasio and + Devon O'Brien and + Davide Balzarotti and + William Enck and + Samuel King and + Angelos Stavrou}, + title = {{Certificate Transparency} in {Google Chrome}: Past, Present, and Future}, + journal = {{IEEE} {S\&P}}, + volume = {19}, + number = {6}, + year = {2021}, +} + +@article{sok-sct-auditing, + author = {Sarah Meiklejohn and + Joe DeBlasio and + Devon O'Brien and + Chris Thompson and + Kevin Yeo and + Emily Stark}, + title = {{SoK}: {SCT} Auditing in {Certificate Transparency}}, + journal = {PETS}, + volume = {2022}, + number = {3}, +} + +@inproceedings{does-ct-break-the-web, + author = {Emily Stark and Ryan Sleevi and Rijad Muminovic and Devon O'Brien and Eran Messeri and Adrienne Porter Felt and Brendan McMillion and Parisa Tabriz}, + title = {Does {Certificate Transparency} Break the Web? {Measuring} Adoption and Error Rate}, + booktitle = {IEEE S\&P}, + year = {2019}, +} + +@inproceedings{ct-formal, + author = {Benjamin Dowling and + Felix G{\"{u}}nther and + Udyani Herath and + Douglas Stebila}, + title = {Secure Logging Schemes and {Certificate Transparency}}, + booktitle = {ESORICS}, + year = {2016}, +} + +@techreport{nordberg, + author = {Linus Nordberg and Daniel Kahn Gillmor and Tom Ritter}, + title = {Gossiping in {CT}}, + number = {draft-ietf-trans-gossip-05}, + type = {Internet-draft}, + institution = {IETF}, + year = {2018}, + url = {https://tools.ietf.org/html/draft-ietf-trans-gossip-05} +} + +@inproceedings{chuat, + author = {Laurent Chuat and Pawel Szalachowski and Adrian Perrig and Ben Laurie and Eran Messeri}, + title = {Efficient Gossip Protocols for Verifying the Consistency of Certificate Logs}, + booktitle = {CNS}, + year = {2015}, +} + +@inproceedings{gunn, + author = {Lachlan J. Gunn and Andrew Allison and Derek Abbott}, + title = {Safety in Numbers: Anonymization Makes Keyservers Trustworthy}, + booktitle = {HotPETs}, + year = {2017}, +} + +@article{hof, + author = {Benjamin Hof and Georg Carle}, + title = {Software Distribution Transparency and Auditability}, + journal = {CoRR}, + volume = {abs/1711.07278}, + year = {2017}, +} + +@inproceedings{syta, + author = {Ewa Syta and Iulia Tamas and Dylan Visher and David Isaac Wolinsky and Philipp Jovanovic and Linus Gasser and Nicolas Gailly and Ismail Khoffi and Bryan Ford}, + title = {Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning}, + booktitle = {IEEE S\&P}, + year = {2016}, +} + +@article{trustfabric-arxiv, + author = {Sarah Meiklejohn and + Pavel Kalinnikov and + Cindy S. Lin and + Martin Hutchinson and + Gary Belvin and + Mariana Raykova and + Al Cutter}, + title = {Think Global, Act Local: Gossip and Client Audits in Verifiable Data Structures}, + journal = {CoRR}, + volume = {abs/2011.04551}, + year = {2020}, +} + +@misc{sigsum-witness, + author = {Sigsum Project Contributors}, + title = {Witness {API} v0}, + howpublished = {\url{https://git.glasklar.is/sigsum/project/documentation/-/blob/main/witness.md}, accessed 2023-04-30}, +} + +@inproceedings{parakeet, + author = {Harjasleen Malvai and + Lefteris Kokoris{-}Kogias and + Alberto Sonnino and + Esha Ghosh and + Ercan Ozt{\"{u}}rk and + Kevin Lewi and + Sean F. Lawlor}, + title = {Parakeet: Practical Key Transparency for End-to-End Encrypted Messaging}, + booktitle = {{NDSS}}, + year = {2023}, +} + +@article{dirksen, + author = {Alexandra Dirksen and + David Klein and + Robert Michael and + Tilman Stehr and + Konrad Rieck and + Martin Johns}, + title = {{LogPicker}: Strengthening {Certificate Transparency} Against Covert Adversaries}, + journal = {PETS}, + volume = {2021}, + number = {4}, +} + +@misc{ct-over-dns, + author = {Ben Laurie}, + title = {{Certificate Transparency} over {DNS}}, + howpublished = {\url{https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md}, accessed 2023-04-30}, +} + +@inproceedings{lueks, + author = {Wouter Lueks and Ian Goldberg}, + title = {Sublinear Scaling for Multi-Client Private Information Retrieval}, + booktitle = {FC}, + year = {2015}, +} + +@inproceedings{kales, + author = {Daniel Kales and Olamide Omolola and Sebastian Ramacher}, + title = {Revisiting User Privacy for {Certificate Transparency}}, + booktitle = {IEEE EuroS\&P}, + year = {2019}, +} + +@inproceedings{henzinger, + author = {Alexandra Henzinger and Matthew M. Hong and Henry Corrigan-Gibbs and Sarah Meiklejohn and Vinod Vaikuntanathan}, + title = {One Server for the Price of Two: Simple and Fast Single-Server Private Information Retrieval}, + booktitle = {{USENIX Security}}, + year = {2023}, +} + +@inproceedings{chase, + author = {Melissa Chase and Sarah Meiklejohn}, + title = {Transparency Overlays and Applications}, + booktitle = {CCS}, + year = {2016}, +} + +@article{eskandarian, + author = {Saba Eskandarian and + Eran Messeri and + Joseph Bonneau and + Dan Boneh}, + title = {{Certificate Transparency} with Privacy}, + journal = {PETS}, + volume = {2017}, + number = {4}, +} + +@misc{opt-in-sct-auditing, + title = {Opt-in {SCT} Auditing}, + author = {Emily Stark and Chris Thompson}, + howpublished = {\url{https://docs.google.com/document/d/1G1Jy8LJgSqJ-B673GnTYIG4b7XRw2ZLtvvSlrqFcl4A/edit}, accessed 2023-04-30}, +} + +@misc{opt-out-sct-auditing, + title = {Opt-out {SCT} Auditing in {Chrome}}, + author = {Joe DeBlasio}, + howpublished = {\url{https://docs.google.com/document/d/16G-Q7iN3kB46GSW5b-sfH5MO3nKSYyEb77YsM7TMZGE/edit}, accessed 2023-04-30}, +} + +@misc{sth-push, + author = {Ryan Sleevi and Eran Messeri}, + title = {{Certificate Transparency} in {Chrome}: Monitoring {CT} Logs consistency}, + howpublished = {\url{https://docs.google.com/document/d/1FP5J5Sfsg0OR9P4YT0q1dM02iavhi8ix1mZlZe_z-ls/edit?pref=2&pli=1}, accessed 2023-04-30}, +} + +@misc{crt.sh, + author = {{Sectigo Limited}}, + title = {{crt.sh}: certificate search}, + howpublished = {\url{https://github.com/crtsh}, accessed 2023-04-30}, +} + +@misc{certspotter, + author = {{SSLMate Inc.}}, + title = {Cert Spotter---{Certificate Transparency} Monitor}, + howpublished = {\url{https://github.com/SSLMate/certspotter}, accessed 2023-04-30}, +} + +@misc{vds, + author = {Adam Eijdenberg and Ben Laurie and Al Cutter}, + title = {Verifiable Data Structures}, + howpublished = {\url{https://github.com/google/trillian/blob/master/docs/papers/VerifiableDataStructures.pdf}, accessed 2023-04-30}, +} + +@inproceedings{coniks, + author = {Marcela S. Melara and + Aaron Blankstein and + Joseph Bonneau and + Edward W. Felten and + Michael J. Freedman}, + title = {{CONIKS:} Bringing Key Transparency to End Users}, + booktitle = {{USENIX} Security}, + year = {2015}, +} + +@inproceedings{tomescu, + author = {Alin Tomescu and + Vivek Bhupatiraju and + Dimitrios Papadopoulos and + Charalampos Papamanthou and + Nikos Triandopoulos and + Srinivas Devadas}, + title = {Transparency Logs via Append-Only Authenticated Dictionaries}, + booktitle = {{CCS}}, + year = {2019}, +} + +@inproceedings{li, + author = {Bingyu Li and + Jingqiang Lin and + Fengjun Li and + Qiongxiao Wang and + Qi Li and + Jiwu Jing and + Congli Wang}, + title = {{Certificate Transparency} in the Wild: Exploring the Reliability of Monitors}, + booktitle = {{CCS}}, + year = {2019}, +} + +@misc{ayer-on-li, + author = {Andrew Ayer}, + title = {Reliability of Monitors | Mitigations}, + howpublished = {\url{https://groups.google.com/a/chromium.org/g/ct-policy/c/zCtQrn_7QK8}, accessed 2023-04-30}, +} + +@misc{cloudflare-scts, + author = {Nick Sullivan}, + title = {Understanding use-cases for {SCTs} delivered via {OCSP} stapling for {TLS} extension}, + howpublished = {\url{https://groups.google.com/a/chromium.org/g/ct-policy/c/WX6iZt7uJBs}, accessed 2023-04-30}, +} + +@misc{izenpe-err, + author = {Ryan Sleevi}, + title = {Upcoming {CT} Log Removal: {Izenpe}}, + howpublished = {\url{https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/qOorKuhL1vA}, accessed 2023-04-30}, +} + +@misc{venafi-err, + author = {Ryan Sleevi}, + title = {Upcoming Log Removal: {Venafi CT} Log Server}, + howpublished = {\url{https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/KMAcNT3asTQ}, accessed 2023-04-30}, +} + +@misc{trustasia-err, + author = {Andrew Ayer}, + title = {{Trust Asia} 2021 has produced inconsistent {STHs}}, + howpublished = {\url{https://groups.google.com/a/chromium.org/g/ct-policy/c/VJaSg717m9g}, accessed 2023-04-30}, +} + +@misc{google-err, + author = {Paul Hadfield}, + title = {Google {Aviator} incident under investigation}, + howpublished = {\url{https://groups.google.com/a/chromium.org/g/ct-policy/c/ZZf3iryLgCo/m/mi-4ViMiCAAJ}, accessed 2023-04-30}, +} + +@misc{starcom-err, + author = {Ryan Sleevi}, + title = {{StartCom} Log misbehaving: Failure to incorporate {SCTs}}, + howpublished = {\url{https://groups.google.com/a/chromium.org/g/ct-policy/c/92HIh2vG6GA/m/hBEHxcpoCgAJ}, accessed 2023-04-30}}, +} + +@misc{wosign-err, + author = {Graham Edgecombe}, + title = {{WoSign} log failure to incorporate entry within the {MMD}}, + howpublished = {\url{https://groups.google.com/a/chromium.org/g/ct-policy/c/-eV4Xe8toVk/m/pC5gSjJKCwAJ}, accessed 2023-04-30}, +} + +@misc{digicert-err, + author = {Andrew Ayer}, + title = {Retiring {DigiCert} Log Server (aka {``CT1''}) in {Chrome}}, + howpublished = {\url{https://groups.google.com/a/chromium.org/g/ct-policy/c/P5aj4JEBFPM/m/9AEcvY01EQAJ}, accessed 2023-04-30}, +} + +@misc{digicert-kc, + title = {{CT2} Log Compromised via {Salt} Vulnerability}, + author = {Jeremy Rowley}, + howpublished = {\url{https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/aKNbZuJzwfM}, accessed 2023-04-30}, +} + +%%% +% Tor and traffic analysis +%%% +@misc{tpo, + author = {Tor Project}, + title = {Browse Privately. {Explore} Freely. {Defend} yourself against tracking and surveillance. {Circumvent} censorship.}, + howpublished = {\url{https://www.torproject.org/}, accessed 2022-04-30}, +} + +@inproceedings{tor, + author = {Roger Dingledine and Nick Mathewson and Paul F. Syverson}, + title = {Tor: The Second-Generation Onion Router}, + booktitle = {{USENIX Security}}, + year = {2004}, +} + +@misc{tb, + author = {Mike Perry and Erinn Clark and Steven Murdoch and Georg Koppen}, + title = {The Design and Implementation of the {Tor Browser [DRAFT]}}, + howpublished = {\url{https://2019.www.torproject.org/projects/torbrowser/design/}, accessed 2023-04-30}, +} + +@inproceedings{mani, + author = {Akshaya Mani and + T. Wilson{-}Brown and + Rob Jansen and + Aaron Johnson and + Micah Sherr}, + title = {Understanding {Tor} Usage with Privacy-Preserving Measurement}, + booktitle = {{IMC}}, + year = {2018} +} + +@inproceedings{johnson13, + author = {Aaron Johnson and Chris Wacek and Rob Jansen and Micah Sherr and Paul F. Syverson}, + title = {Users get routed: traffic correlation on {Tor} by realistic adversaries}, + booktitle = {{CCS}}, + year = {2013} +} + +@inproceedings{nasr18, + author = {Milad Nasr and Alireza Bahramali and Amir Houmansadr}, + title = {{DeepCorr}: Strong Flow Correlation Attacks on {Tor} Using Deep Learning}, + booktitle = {{CCS}}, + year = {2018} +} + +@article{rimmer22, + author = {Vera Rimmer and + Theodor Schnitzler and + Tom van Goethem and + Abel Rodr{\'{\i}}guez Romero and + Wouter Joosen and + Katharina Kohls}, + title = {Trace Oddity: Methodologies for Data-Driven Traffic Analysis on {Tor}}, + journal = {PETS}, + volume = {2022}, + number = {3}, +} + +@inproceedings{oh22, + author = {Se Eun Oh and + Taiji Yang and + Nate Mathews and + James K. Holland and + Mohammad Saidur Rahman and + Nicholas Hopper and + Matthew Wright}, + title = {{DeepCoFFEA}: Improved Flow Correlation Attacks on {Tor} via Metric Learning and Amplification}, + booktitle = {{IEEE} {S\&P}}, + year = {2022}, +} + +@article{cheng98, + title = {Traffic analysis of {SSL} encrypted web browsing}, + author = {Cheng, Heyning and Avnur, Ron}, + journal = {Project paper, University of Berkeley}, + year = {1998} +} + +@inproceedings{herrmann09, + author = {Dominik Herrmann and Rolf Wendolsky and Hannes Federrath}, + title = {Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial na{\"{\i}}ve-bayes classifier}, + booktitle = {{CCSW}}, + year = {2009} +} + +@inproceedings{hintz02, + author = {Andrew Hintz}, + title = {Fingerprinting Websites Using Traffic Analysis}, + booktitle = {{PETS}}, + year = {2002} +} + +@inproceedings{liberatore06, + author = {Marc Liberatore and Brian Neil Levine}, + title = {Inferring the source of encrypted {HTTP} connections}, + booktitle = {{CCS}}, + year = {2006} +} + +@inproceedings{panchenko11, + author = {Andriy Panchenko and Lukas Niessen and Andreas Zinnen and Thomas Engel}, + title = {Website fingerprinting in onion routing based anonymization networks}, + booktitle = {{WPES}}, + year = {2011} +} + +@inproceedings{sun02, + author = {Qixiang Sun and Daniel R. Simon and Yi{-}Min Wang and Wilf Russell and Venkata N. Padmanabhan and Lili Qiu}, + title = {Statistical Identification of Encrypted Web Browsing Traffic}, + booktitle = {{IEEE S\&P}}, + year = {2002} +} + +@inproceedings{juarez14, + author = {Marc Ju{\'{a}}rez and Sadia Afroz and Gunes Acar and Claudia D{\'{\i}}az and Rachel Greenstadt}, + title = {A Critical Evaluation of Website Fingerprinting Attacks}, + booktitle = {{CCS}}, + year = {2014}, +} + +@misc{perryCrit, + author = {Mike Perry}, + title = {A Critique of Website Traffic Fingerprinting Attacks}, + howpublished = {\url{https://blog.torproject.org/critique-website-traffic-fingerprinting-attacks}, accessed 2023-04-30}, +} + +@article{realistic, + author = {Tao Wang and Ian Goldberg}, + title = {On Realistically Attacking {Tor} with Website Fingerprinting}, + journal = {PETS}, + volume = {2016}, + number = {4}, +} + +@inproceedings{onlinewf, + title={Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on {Tor} in the Real World}, + author={Cherubin, Giovanni and Jansen, Rob and Troncoso, Carmela}, + booktitle={{USENIX Security}}, + year={2022} +} + +@inproceedings{df, + author = {Payap Sirinam and + Mohsen Imani and + Marc Ju{\'{a}}rez and + Matthew Wright}, + title = {Deep Fingerprinting: Undermining Website Fingerprinting Defenses with + Deep Learning}, + booktitle = {{CCS}}, + year = {2018} +} + +@article{tiktok, + author = {Mohammad Saidur Rahman and + Payap Sirinam and + Nate Mathews and + Kantha Girish Gangadhara and + Matthew Wright}, + title = {{Tik-Tok}: The Utility of Packet Timing in Website Fingerprinting Attacks}, + journal = {{PETS}}, + volume = {2020}, + number = {3}, +} + +@inproceedings{wfdef, + title={{SoK}: A Critical Evaluation of Efficient Website Fingerprinting Defenses}, + author={Mathews, Nate and Holland, James K and Oh, Se Eun and Rahman, Mohammad Saidur and Hopper, Nicholas and Wright, Matthew}, + booktitle = {{IEEE} S{\&}P}, + year={2023} +} + +@inproceedings{spoiled-onions, + author = {Philipp Winter and Richard K{\"{o}}wer and Martin Mulazzani and Markus Huber and Sebastian Schrittwieser and Stefan Lindskog and Edgar R. Weippl}, + title = {Spoiled Onions: Exposing Malicious {Tor} Exit Relays}, + booktitle = {PETS}, + year = {2014}, +} + +@inproceedings{murdoch05, + author = {Steven J. Murdoch and George Danezis}, + title = {Low-Cost Traffic Analysis of {Tor}}, + booktitle = {{IEEE S\&P}}, + year = {2005}, +} + +@inproceedings{chakravarty10, + author = {Sambuddho Chakravarty and Angelos Stavrou and Angelos D. Keromytis}, + title = {Traffic Analysis against Low-Latency Anonymity Networks Using Available Bandwidth Estimation}, + booktitle = {{ESORICS}}, + year = {2010}, +} + +@inproceedings{mittal11, + author = {Prateek Mittal and + Ahmed Khurshid and + Joshua Juen and + Matthew Caesar and + Nikita Borisov}, + title = {Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting}, + booktitle = {{CCS}}, + year = {2011}, +} + +@inproceedings{greschbach, + author = {Benjamin Greschbach and + Tobias Pulls and + Laura M. Roberts and + Phillip Winter and + Nick Feamster}, + title = {The Effect of {DNS} on {Tor}'s Anonymity}, + booktitle = {{NDSS}}, + year = {2017}, +} + +@inproceedings{siby20, + author = {Sandra Siby and Marc Ju{\'{a}}rez and Claudia D{\'{\i}}az and Narseo Vallina{-}Rodriguez and Carmela Troncoso}, + title = {Encrypted {DNS} -{\textgreater} Privacy? {A} Traffic Analysis Perspective}, + booktitle = {NDSS}, + year = {2020}, +} + +@misc{anonterm, + title={A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management}, + author={Pfitzmann, Andreas and Hansen, Marit}, + publisher={Dresden, Germany}, + year={2010}, +} + +### +# Side-channels +### +@inproceedings{kocher96, + author = {Paul C. Kocher}, + title = {Timing Attacks on Implementations of {Diffie-Hellman}, {RSA}, {DSS}, and Other Systems}, + booktitle = {{CRYPTO}}, + year = {1996}, +} + +@inproceedings{dbrumley03, + author = {David Brumley and Dan Boneh}, + title = {Remote Timing Attacks Are Practical}, + booktitle = {{USENIX} Security}, + year = {2003}, +} + +@inproceedings{tsunoo03, + author = {Yukiyasu Tsunoo and + Teruo Saito and + Tomoyasu Suzaki and + Maki Shigeri and + Hiroshi Miyauchi}, + title = {Cryptanalysis of {DES} Implemented on Computers with Cache}, + booktitle = {{CHES}}, + year = {2003}, +} + +@article{crosby09, + author = {Scott A. Crosby and Dan S. Wallach and Rudolf H. Riedi}, + title = {Opportunities and Limits of Remote Timing Attacks}, + journal = {{ACM} Trans. Inf. Syst. Secur.}, + volume = {12}, + number = {3}, + year = {2009}, +} + +@inproceedings{bbrumley11, + author = {Billy Bob Brumley and Nicola Tuveri}, + title = {Remote Timing Attacks Are Still Practical}, + booktitle = {{ESORICS}}, + year = {2011}, +} + +@article{ge18, + author = {Qian Ge and + Yuval Yarom and + David A. Cock and + Gernot Heiser}, + title = {A survey of microarchitectural timing attacks and countermeasures on contemporary hardware}, + journal = {JCEN}, + volume = {8}, + number = {1}, + year = {2018}, +} + +@inproceedings{mart21, + author = {Macarena C. Mart{\'{\i}}nez{-}Rodr{\'{\i}}guez and + Ignacio M. Delgado{-}Lozano and + Billy Bob Brumley}, + title = {{SoK}: Remote Power Analysis}, + booktitle = {{ARES}}, + year = {2021}, +} + +@inproceedings{lucky13, + author = {Nadhem J. AlFardan and Kenneth G. Paterson}, + title = {Lucky Thirteen: Breaking the {TLS} and {DTLS} Record Protocols}, + booktitle = {{IEEE} {S\&P}}, + year = {2013}, +} + +@inproceedings{heist, + author = {Mathy Vanhoef and Tom Van Goethem}, + title = {{HEIST}: {HTTP} Encrypted Information can be +Stolen through {TCP}-windows}, + booktitle = {Black Hat US Briefings}, + year = {2016}, +} + +@inproceedings{timeless, + author = {Tom van Goethem and Christina P{\"{o}}pper and Wouter Joosen and Mathy Vanhoef}, + title = {Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections}, + booktitle = {{USENIX} Security}, + year = {2020}, +} + +@inproceedings{wang22, + author = {Yingchen Wang and + Riccardo Paccagnella and + Elizabeth Tang He and + Hovav Shacham and + Christopher W. Fletcher and + David Kohlbrenner}, + title = {Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86}, + booktitle = {{USENIX} Security}, + year = {2022}, +} + +%%% +% Research methods +%%% +@inproceedings{sse, + author = {Cormac Herley and Paul C. van Oorschot}, + title = {{SoK}: Science, Security and the Elusive Goal of Security as a Scientific Pursuit}, + booktitle = {{IEEE} {S\&P}}, + year = {2017}, +} + +@inproceedings{smics, + author = {Dodig-Crnkovic, Gordana}, + title = {Scientific methods in computer science}, + booktitle = {Proceedings of the Conference for the Promotion of Research in IT at New Universities and at University Colleges in Sk\"{o}vde, Sweden}, + year = {2002}, +} + +@article{icss, + author = {Denning, Peter J}, + title = {Is computer science science?}, + journal = {CACM}, + volume = {48}, + number = {4}, + year = {2005}, +} + +@article{rfenr, + author = {Vaibhav Bajpai and + Anna Brunstr{\"{o}}m and + Anja Feldmann and + Wolfgang Kellerer and + Aiko Pras and + Henning Schulzrinne and + Georgios Smaragdakis and + Matthias W{\"{a}}hlisch and + Klaus Wehrle}, + title = {The Dagstuhl beginners guide to reproducibility for experimental networking research}, + journal = {CCR}, + volume = {49}, + number = {1}, + year = {2019}, +} + +% "There are several reasons why definitions are important [...]" +% "[...] focusing their efforts on devising attacks that are outside the model" +@article{secdefs, + author = {Neal Koblitz and Alfred Menezes}, + title = {Another look at security definitions}, + journal = {AMC}, + volume = {7}, + number = {1}, + year = {2013}, +} + +% §1.1 gives the background of the first reduction proofs / provable security +@article{provsec, + author = {Neal Koblitz and + Alfred Menezes}, + title = {Another Look at ``Provable Security''}, + journal = {J. Cryptol.}, + volume = {20}, + number = {1}, + year = {2007}, +} + + +%%% +% Naming of onion services +%%% +@misc{onion-location, + author = {Tor Project}, + title = {{Onion-Location}}, + howpublished = {\url{https://community.torproject.org/onion-services/advanced/onion-location/}, accessed 2023-04-30}, +} + +@misc{kadianakis, + author = {George Kadianakis and Yawning Angel and David Goulet}, + title = {A Name System {API} for {Tor} Onion Services}, + howpublished = {\url{https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/279-naming-layer-api.txt}, accessed 2023-04-30}, +} + +@misc{muffet-onions, + author = {Alec Muffett}, + title = {Real-World Onion Sites}, + howpublished = {\url{https://github.com/alecmuffett/real-world-onion-sites}, accessed 2023-04-30}, +} + +@phdthesis{nurmi, + author = {Nurmi, Juha}, + title = {Understanding the Usage of Anonymous Onion Services}, + year = {2019}, + school = {Tampere University, Finland}, +} + +@Misc{h-e-securedrop, + author = {SecureDrop}, + title = {Getting an Onion Name for Your {SecureDrop}}, + howpublished = {\url{https://securedrop.org/faq/getting-onion-name-your-securedrop/}, accessed 2023-04-30}, +} + +@article{onio-ns, + author = {Jesse Victors and Ming Li and Xinwen Fu}, + title = {The Onion Name System}, + journal = {PETS}, + volume = {2017}, + number = {1}, +} + +%%% +% Other +%%% +@inproceedings{le, + author = {Josh Aas and + Richard Barnes and + Benton Case and + Zakir Durumeric and + Peter Eckersley and + Alan Flores{-}L{\'{o}}pez and + J. Alex Halderman and + Jacob Hoffman{-}Andrews and + James Kasten and + Eric Rescorla and + Seth D. Schoen and + Brad Warren}, + title = {{Let's Encrypt}: An Automated Certificate Authority to Encrypt the Entire Web}, + booktitle = {{CCS}}, + year = {2019}, +} + +@inproceedings{sok-https, + author = {Jeremy Clark and Paul C. van Oorschot}, + title = {{SoK}: {SSL} and {HTTPS:} Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements}, + booktitle = {{IEEE} {S\&P}}, + year = {2013}, +} + +@inproceedings{browser-ui, + author = {Emanuel von Zezschwitz and Serena Chen and Emily Stark}, + title = {``{It} builds trust with the customers''---Exploring User Perceptions of the Padlock Icon in Browser {UI}}, + booktitle = {{IEEE} SPW}, + year = {2022}, +} + +@article{tls-timeline, + author = {Ralph Holz and + Jens Hiller and + Johanna Amann and + Abbas Razaghpanah and + Thomas Jost and + Narseo Vallina{-}Rodriguez and + Oliver Hohlfeld}, + title = {Tracking the deployment of {TLS} 1.3 on the web: a story of experimentation and centralization}, + journal = {CCR}, + volume = {50}, + number = {3}, + year = {2020}, +} + +@misc{mls, + author = {Nick Sullivan and Sean Turner}, + title = {Messaging Layer Security: Secure and Usable End-to-End Encryption}, + howpublished = {\url{https://www.ietf.org/blog/mls-secure-and-usable-end-to-end-encryption/}, accessed 2023-04-30}, +} + +@inproceedings{wireguard, + author = {Jason A. Donenfeld}, + title = {WireGuard: Next Generation Kernel Network Tunnel}, + booktitle = {{NDSS}}, + year = {2017}, +} + +@techreport{rfc8484, + author = {Paul Hoffman and Patrick McManus}, + title = {{DNS} Queries over {HTTPS} ({DoH})}, + number = {8484}, + type = {RFC}, + institution = {IETF}, + year = {2018}, + howpublished = {https://tools.ietf.org/html/rfc8484}, +} + +@misc{zerodium, + author = {{Zerodium}}, + title = {We pay big bounties}, + howpublished = {\url{https://zerodium.com/}, accessed 2023-04-30}, +} + +@misc{ca/b, + author = {{CA/Browser Forum}}, + title = {Baseline Requirements for the Issuance and Management of Publicly‐Trusted Certificates}, + howpublished = {\url{https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.8.7.pdf}, accessed 2023-04-30}, +} + +@misc{crt:www.example.com, + author = {{Sectigo Limited}}, + title = {crt.sh: certificate search {ID = '8913351873'}}, + howpublished = {\url{https://crt.sh/?id=8913351873}, accessed 2023-04-30}, +} + +@inproceedings{merkle, + author = {Ralph C. Merkle}, + title = {A Digital Signature Based on a Conventional Encryption Function}, + booktitle = {{CRYPTO}}, + year = {1987}, +} + +@inproceedings{history-trees, + author = {Scott A. Crosby and Dan S. Wallach}, + title = {Efficient Data Structures For Tamper-Evident Logging}, + booktitle = {{USENIX} Security}, + year = {2009}, +} + +@techreport{black-tulip, + author = {Hans Hoogstraaten}, + title = {Black Tulip---Report of the investigation into the {DigiNotar} Certificate Authority breach}, + institution = {Fox-IT}, + year = {2012}, +} + +@inproceedings{bambo-cas, + author = {Henry Birge{-}Lee and + Yixin Sun and + Anne Edmundson and + Jennifer Rexford and + Prateek Mittal}, + title = {Bamboozling Certificate Authorities with {BGP}}, + booktitle = {{USENIX Security}}, + year = {2018}, +} + +@article{rtb, + author = {Jun Wang and + Weinan Zhang and + Shuai Yuan}, + title = {Display Advertising with Real-Time Bidding {(RTB)} and Behavioural + Targeting}, + journal = {Foundations and Trends in Information Retrieval}, + year = {2017} +} + +@techreport{ocsp, + author = {Santesson, Stefan and Myers, Michael and Ankney, Rich and Malpani, Ambarish and Galperin, Slava and Adams, Carlisle}, + title = {X.509 {Internet} Public Key Infrastructure Online Certificate Status Protocol---{OCSP}}, + number = {6960}, + type = {RFC}, + institution = {IETF}, + year = {2013}, + url = {https://tools.ietf.org/html/rfc2560}, +} + +@misc{trsb, + author = {Tor Project}, + title = {Research Safety Board}, + howpublished = {\url{https://research.torproject.org/safetyboard/}, accessed 2023-04-30}, +} -- cgit v1.2.3