Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
246 lines (243 sloc) 17.7 KB
Automatically generated by Mendeley Desktop 1.13.3
Any changes to this file will be lost if it is regenerated by Mendeley.
BibTeX export options can be customized via Preferences -> BibTeX in Mendeley Desktop
@inproceedings{Ulrich2011,
SHORTHAND = {Ulrich2011},
abstract = {We present results of a thorough analysis of the OpenPGP Web of Trust. We conducted our analysis on a recent data set with a focus on determining properties like usefulness and robustness. To this end, we analyzed graph topology, identified the strongly connected com- ponents and derived properties like verifiability of keys, signature chain lengths and redundant signature paths for nodes. Contrary to earlier works, our analysis revealed the Web of Trust to be only similar to a scale-free network, with different properties regarding the hub structure and its influence on overall connectivity. We also analyzed the commu- nity structure of theWeb of Trust and mapped it to social relationships. Finally, we present statistics which cryptographic algorithms are in use and give recommendations.},
author = {Ulrich, Alexander and Holz, Ralph and Hauck, Peter and Carle, Georg},
booktitle = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
file = {:Users/stefan2904/Dropbox/Mendeley/Ulrich et al/Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)/2011 - Ulrich et al. - Investigating the OpenPGP web of trust.pdf:pdf},
keywords = {Community Structure,GnuPG,OpenPGP,PGP,Web of Trust},
pages = {489--507},
title = {{Investigating the OpenPGP web of trust}},
volume = {6879 LNCS},
year = {2011}
}
@inproceedings{Davis,
annote = {Donald T. Davis},
author = {Davis, Donald T.},
booktitle = {Proceedings of the General Track: 2001 USENIX Annual Technical Conference},
keywords = {openpgp},
mendeley-tags = {openpgp},
pages = {65--78},
publisher = {USENIX Association Berkeley},
title = {{Defective Sign and Encrypt in S/MIME, PKCS\#7, MOSS, PEM, PGP, and XML}},
url = {https://dl.acm.org/citation.cfm?id=715781},
year = {2001}
}
@misc{Genkin2014,
author = {Genkin, Daniel and Pipman, Itamar and Tromer, Eran},
booktitle = {CHES 2014},
file = {:Users/stefan2904/Dropbox/Mendeley/Genkin, Pipman, Tromer/CHES 2014/2014 - Genkin, Pipman, Tromer - Physical Side-Channel Key-Extraction Attacks On PCs.pdf:pdf},
title = {{Physical Side-Channel Key-Extraction Attacks On PCs}},
url = {http://www.cs.tau.ac.il/~tromer/handsoff/},
urldate = {2015-02-20},
year = {2014}
}
@article{Wei2014,
author = {Wei, Wang},
journal = {The Hacker News},
title = {{Cryptography Expert Says, 'PGP Encryption is Fundamentally Broken, Time for PGP to Die'}},
url = {http://thehackernews.com/2014/08/cryptography-expert-pgp-encryption-is\_19.html},
year = {2014}
}
@article{nmav,
author = {nmav@gnutls.org, Nikos Mavrogiannopoulos},
title = {{Using OpenPGP Keys for Transport Layer Security (TLS) Authentication}},
url = {https://tools.ietf.org/html/rfc5081}
}
@article{Lin2004,
author = {Lin, HC and Yen, SM and Chen, GT},
file = {:Users/stefan2904/Dropbox/Mendeley/Lin, Yen, Chen/Information and Communications Security/2004 - Lin, Yen, Chen - Adaptive-CCA on OpenPGP revisited.pdf:pdf},
journal = {Information and Communications Security},
keywords = {cca,chosen ciphertext attack,e-mail,encryption mode,message format,openpgp,pgp},
pages = {452--464},
title = {{Adaptive-CCA on OpenPGP revisited}},
url = {http://link.springer.com/chapter/10.1007/978-3-540-30191-2\_35},
year = {2004}
}
@techreport{KeylenBSI,
annote = {Algorithms for Qualified Electronic Signatures, BNetzA, BSI, 01/2014 updated with BSI Draft, 10/2014.},
booktitle = {Algorithms for Qualified Electronic Signatures},
institution = {BNetzA, BSI},
keywords = {bsi,cryptanalyse,cryptography,cryptology,ecrypt,fnisa,key,keylength,length,lenstra,nist,nsa,openpgp,rfc3766,size,suite b,verheul},
mendeley-tags = {keylength,openpgp},
title = {{BSI Cryptographic Key Length Report for Digital Signature}},
year = {2015}
}
@book{Preneel2006,
address = {Berlin, Heidelberg},
doi = {10.1007/11693383},
editor = {Preneel, Bart and Tavares, Stafford},
isbn = {978-3-540-33108-7},
publisher = {Springer Berlin Heidelberg},
series = {Lecture Notes in Computer Science},
title = {{Selected Areas in Cryptography}},
url = {http://www.springerlink.com/index/10.1007/11693383},
volume = {3897},
year = {2006}
}
@article{Gerck2007,
author = {Gerck, Ed},
file = {:Users/stefan2904/Dropbox/Mendeley/Gerck/Corporate Email Management/2007 - Gerck - Secure Email Technologies X. 509PKI, PGP, IBE and Zmail.pdf:pdf},
journal = {Corporate Email Management},
pages = {1--23},
title = {{Secure Email Technologies X. 509/PKI, PGP, IBE and Zmail}},
url = {http://email-security.net/papers/pki-pgp-ibe-zmail.pdf},
volume = {12797},
year = {2007}
}
@phdthesis{Klima2001,
author = {Kl\'{\i}ma, Vlastimil and Rosa, Tom\'{a}\v{s}},
file = {:Users/stefan2904/Dropbox/Mendeley/Kl\'{\i}ma, Rosa/Unknown/2001 - Kl\'{\i}ma, Rosa - Attack on Private Signature Keys of the OpenPGP format, PGP (TM) Programs and Other Applications Compatible with O.pdf:pdf},
keywords = {openpgp,pgp},
mendeley-tags = {openpgp,pgp},
title = {{Attack on Private Signature Keys of the OpenPGP format, PGP (TM) Programs and Other Applications Compatible with OpenPGP}},
url = {https://eprint.iacr.org/2002/076.pdf},
year = {2001}
}
@misc{Toponce2014,
author = {Toponce, Aaron},
booktitle = {Aaron Toponce's Blog},
title = {{What's The Matter With PGP?}},
url = {https://pthree.org/2014/08/18/whats-the-matter-with-pgp/},
urldate = {2015-02-20},
year = {2014}
}
@techreport{K.JalladJ.Katz,
author = {Jallad, K. and Katz, J. and Schneier, B.},
booktitle = {Information Security Conference 2002 Proceedings},
keywords = {gpg,openpgp,pgp},
mendeley-tags = {gpg,openpgp,pgp},
title = {{Implementation of Chosen-Ciphertext Attacks Against PGP and GnuPG}},
url = {https://www.schneier.com/paper-pgp.html},
year = {2002}
}
@article{Callas1998,
abstract = {This document is maintained in order to publish all necessary$\backslash$ninformation needed to develop interoperable applications based on the$\backslash$nOpenPGP format. It is not a step-by-step cookbook for writing an$\backslash$napplication. It describes only the format and methods needed to read,$\backslash$ncheck, generate, and write conforming packets crossing any network. It$\backslash$ndoes not deal with storage and implementation questions. It does,$\backslash$nhowever, discuss implementation issues necessary to avoid security$\backslash$nflaws. OpenPGP software uses a combination of strong public-key and$\backslash$nsymmetric cryptography to provide security services for electronic$\backslash$ncommunications and data storage. These services include$\backslash$nconfidentiality, key management, authentication, and digital$\backslash$nsignatures. This document specifies the message formats used in$\backslash$nOpenPGP.},
author = {Callas, J and Donnerhacke, L and Finney, H and Thayer, R},
isbn = {2440},
journal = {Zhurnal Eksperimental'noi i Teoreticheskoi Fiziki},
pages = {1--90},
title = {{OpenPGP message format (RFC4880)}},
url = {http://scholar.google.com/scholar?hl=en\&btnG=Search\&q=intitle:No+Title\#0$\backslash$nhttp://www.hjp.at/doc/rfc/rfc4880.html},
year = {1998}
}
@article{Delozier2013,
abstract = {Purpose: The purpose of this paper is to describe personal privacy and data authenticity problems in the cloud and provide solutions to reduce or eliminate them. Design/methodology/approach: This paper reveals issues and applications of anonymity and authenticity in the cloud. It outlines common privacy settings of five web browsers, anonymous browsing on the Tor network and standard methods for verifying the integrity of files obtained in the cloud. Findings: Cloud computing is an emerging technology for libraries which must balance the convenience of ubiquitous access against the potential risks for loss of anonymity and authenticity. Originality/value: This article contributes to the body of literature on user privacy and data preservation in the cloud and their impact on the library community. © Emerald Group Publishing Limited.},
author = {Delozier, Eric P.},
issn = {1065-075X},
journal = {OCLC Systems \& Services},
keywords = {anonymity,data integrity,digital preservation,openpgp,paper type general review,privacy,tor project,web sites},
number = {2},
pages = {65--77},
title = {{Anonymity and authenticity in the cloud: issues and applications}},
url = {http://www.emeraldinsight.com/10.1108/10650751311319278},
volume = {29},
year = {2013}
}
@article{Milo2011,
abstract = {We describe the implementation, based on the Compute Unified Device Architecture (CUDA) for Graphics Processing Units (GPU), of a novel and very effective approach to quickly test passphrases used to protect private keyrings of OpenPGP cryptosystems. Our combination of algorithm and implementation, reduces the time required to test a set of possible passphrases by three-orders of magnitude with respect to an attack based on the procedure described in the OpenPGP standard and implemented by software packages like GnuPG, and a tenfold speed up if compared to our highly tuned CPU implementation. Our solution can be considered a replacement and an extension of pgpcrack, a utility used in the past for attacking PGP. The optimizations described can be applied to other cryptosystems and confirm that the GPU architecture is also very effective for running applications that make extensive (if not exclusive) use of integer operations. ?? 2011 Elsevier Inc. All rights reserved.},
author = {Milo, Fabrizio and Bernaschi, Massimo and Bisson, Mauro},
journal = {Journal of Systems and Software},
keywords = {CUDA,Cryptanalysis,Graphics Processing Units,OpenPGP},
number = {12},
pages = {2088--2096},
title = {{A fast, GPU based, dictionary attack to OpenPGP secret keyrings}},
volume = {84},
year = {2011}
}
@article{Whitten1999,
abstract = {User errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent. Is this simply due to a failure to apply standard user interface design techniques to security? We argue that, on the contrary, effective security requires a different usability standard, and that it will not be achieved through the user interface design techniques appropriate to other types of consumer software. To test this hypothesis, we performed a case study of a security program which does have a good user interface by general standards: PGP 5.0. Our case study used a cognitive walkthrough analysis together with a laboratory user test to evaluate whether PGP 5.0 can be successfully used by cryptography novices to achieve effective electronic mail security. The analysis found a number of user interface design flaws that may contribute to security failures, and the user test demonstrated that when our test participants were given 90 minutes in which to sign and encrypt a message using PGP 5.0, the majority of them were unable to do so successfully. We conclude that PGP 5.0 is not usable enough to provide effective security for most computer users, despite its attractive graphical user interface, supporting our hypothesis that user interface design for effective security remains an open problem. We close with a brief description of our continuing work on the development and application of user interface design principles and techniques for security.},
author = {Whitten, A. and Tygar, J.D.},
file = {:Users/stefan2904/Dropbox/Mendeley/Whitten, Tygar/Proceedings of the 8th USENIX Security Symposium/1999 - Whitten, Tygar - Why Johnny can’t encrypt A usability evaluation of PGP 5.0.pdf:pdf},
journal = {Proceedings of the 8th USENIX Security Symposium},
pages = {169--184},
publisher = {Citeseer},
title = {{Why Johnny can’t encrypt: A usability evaluation of PGP 5.0}},
url = {https://dl.acm.org/citation.cfm?id=1251435},
year = {1999}
}
@article{Zimmermann1995,
author = {Zimmermann, Philip R.},
isbn = {0-262-74017-6},
month = may,
publisher = {MIT Press},
title = {{The official PGP user's guide}},
url = {http://dl.acm.org/citation.cfm?id=202735},
year = {1995}
}
@book{Lopez2004,
address = {Berlin, Heidelberg},
doi = {10.1007/b101042},
editor = {Lopez, Javier and Qing, Sihan and Okamoto, Eiji},
isbn = {978-3-540-23563-7},
publisher = {Springer Berlin Heidelberg},
series = {Lecture Notes in Computer Science},
title = {{Information and Communications Security}},
url = {http://www.springerlink.com/index/10.1007/b101042},
volume = {3269},
year = {2004}
}
@techreport{keylenNIST,
annote = {Recommendation for Key Management, Special Publication 800-57 Part 1 Rev. 3, NIST, 07/2012.},
booktitle = {Recommendation for Key Management, Special Publication 800-57 Part 1 Rev. 3},
institution = {NIST},
keywords = {bsi,cryptanalyse,cryptography,cryptology,ecrypt,fnisa,key,keylength,length,lenstra,nist,nsa,openpgp,rfc3766,size,suite b,verheul},
mendeley-tags = {keylength,openpgp},
title = {{NIST Report on Cryptographic Key Length and Cryptoperiod}},
year = {2012}
}
@inproceedings{Michael2007,
abstract = {MD5 and SHA-1 are the most common hash functions used in most security protocols and implementations. However, recent discoveries show that these hash functions are not secure as they should be, which necessitate the need for deploying a new hash function. This implies a number of changes for all major cryptographic protocols. This paper analyzes OpenPGP and SSL/TLS protocols showing all the necessary changes to make the transition to a new hash function},
author = {Michael, Christina N. and Su, Xiao},
booktitle = {Proceedings - International Conference on Information Technology-New Generations, ITNG 2007},
pages = {556--561},
title = {{Incorporating a new hash function in OpenPGP and SSL/TLS}},
year = {2007}
}
@inproceedings{Mister2006,
abstract = {This paper describes an adaptive-chosen-ciphertext attack on the Cipher Feedback (CFB) mode of encryption as used in OpenPGP. In most circumstances it will allow an attacker to determine 16 bits of any block of plaintext with about \$2\^{}\{15\}\$ oracle queries for the initial $\backslash$nsetup work and \$2\^{}\{15\}\$ oracle queries for each block. Standard CFB mode encryption does not appear to be affected by this attack. It applies to a particular variation of CFB used by OpenPGP. In particular it exploits an ad-hoc integrity check feature in OpenPGP which was meant as a "quick check" to determine the correctness of the decrypting symmetric key.},
author = {Mister, Serge and Zuccherato, Robert},
booktitle = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
doi = {10.1007/11693383\_6},
file = {:Users/stefan2904/Dropbox/Mendeley/Mister, Zuccherato/Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)/2006 - Mister, Zuccherato - An attack on CFB mode encryption as used by OpenPGP.pdf:pdf},
isbn = {3540331085},
issn = {03029743},
keywords = {Chosen-ciphertext attacks,Cipher-Feedback Mode,Encryption,OpenPGP},
pages = {82--94},
title = {{An attack on CFB mode encryption as used by OpenPGP}},
url = {https://eprint.iacr.org/2005/033.pdf},
volume = {3897 LNCS},
year = {2006}
}
@phdthesis{Jakubei,
abstract = {The majority of Internet users send e-mails in plain text, but there are always threats regarding the confidentiality and the authenticity of an e-mail. These threats can be reduced with the help of e-mail encryption and signatures.},
author = {Jakubeit, Philipp and Poll, Erik and Vullers, Pim and de Ruiter, Joeri},
file = {:Users/stefan2904/Dropbox/Mendeley/Jakubeit et al/Unknown/2012 - Jakubeit et al. - Implementation and Analysis of OpenPGP Functionality via NFC.pdf:pdf},
keywords = {openpgp,pgp},
mendeley-tags = {openpgp,pgp},
school = {Radboud University},
title = {{Implementation and Analysis of OpenPGP Functionality via NFC}},
type = {Bachelor's Thesis},
url = {http://www.cs.ru.nl/bachelorscripties/2012/Philipp\_Jakubeit\_\_\_0814881\_\_\_Implementation\_and\_Analysis\_of\_OpenPGP\_Functionality\_via\_NFC.pdf},
year = {2012}
}
@misc{Green2014,
author = {Green, Matthew},
booktitle = {Thoughts on Cryptographic Engineering},
title = {{What's the matter with PGP?}},
url = {http://blog.cryptographyengineering.com/2014/08/whats-matter-with-pgp.html},
urldate = {2015-02-20},
year = {2014}
}
@phdthesis{TUB2015,
abstract = {OpenPGP is a standard consisting of methods for key management, digital signatures, encryption, and data formats. It is currently defined by RFC 4880 with several extensions. It is mainly utilized for sending end-to-end signed and encrypted emails to allow confidentiality, integrity, and authenticity between sender and recipient. Its cryptography and key management has been proven to be resistant against modern active attackers and was required by Edward Snowden to allow secure communications with him. While man-in-the-middle attacks against TLS connections are easy after infiltrating a certificate authority, OpenPGP provides a more decentralized approach to key distribution and authenticity between originator and sender. The most common implementations are the open-source command-line program gpg written in C, its corresponding user interfaces like Enigmail, and the Bouncy Castle library written in Java. With Symantec Encryption Desktop and Symantec Encryption Server, two well developed proprietary implementations exist, too. While the OpenPGP standard keeps its promises and has a sound message syntax and well thought out formats, it also has some weak points.},
author = {Sandra Hesse},
keywords = {openpgp,pgp},
mendeley-tags = {openpgp,pgp},
school = {to appear},
title = {{Security Evaluation of Cryptographic Schemes in OpenPGP}},
type = {Master Thesis, TU Braunschweig},
url = {http://www.ibr.cs.tu-bs.de/theses/schuerm/openpgp-evaluation.html}
}