Assessing the overhead of post-quantum cryptography in TLS 1.3 and SSH
D Sikeridis, P Kampanakis, M Devetsikiotis - Proceedings of the 16th …, 2020 - dl.acm.org
The advances in quantum computing present a threat to public key primitives due to their
ability to solve hard cryptographic problems in polynomial time. To address this threat to …
ability to solve hard cryptographic problems in polynomial time. To address this threat to …
We really need to talk about session tickets: A {Large-Scale} analysis of cryptographic dangers with {TLS} session tickets
Session tickets improve the performance of the TLS protocol. They allow abbreviating the
handshake by using secrets from a previous session. To this end, the server encrypts the …
handshake by using secrets from a previous session. To this end, the server encrypts the …
Passive SSH Key Compromise via Lattices
K Ryan, K He, GA Sullivan, N Heninger - Proceedings of the 2023 ACM …, 2023 - dl.acm.org
We demonstrate that a passive network attacker can opportunistically obtain private RSA
host keys from an SSH server that experiences a naturally arising fault during signature …
host keys from an SSH server that experiences a naturally arising fault during signature …
Postcards from the post-http world: Amplification of https vulnerabilities in the web ecosystem
HTTPS aims at securing communication over the Web by providing a cryptographic
protection layer that ensures the confidentiality and integrity of communication and enables …
protection layer that ensures the confidentiality and integrity of communication and enables …
Scalable scanning and automatic classification of {TLS} padding oracle vulnerabilities
The TLS protocol provides encryption, data integrity, and authentication on the modern
Internet. Despite the protocol's importance, currently-deployed TLS versions use obsolete …
Internet. Despite the protocol's importance, currently-deployed TLS versions use obsolete …
" You have to read 50 different {RFCs} that contradict each other": An Interview Study on the Experiences of Implementing Cryptographic Standards
Implementing cryptographic standards is a critical process for the cryptographic ecosystem.
Cryptographic standards aim to support developers and engineers in implementing …
Cryptographic standards aim to support developers and engineers in implementing …
Exploring the Unknown {DTLS} Universe: Analysis of the {DTLS} Server Ecosystem on the Internet
DTLS aims to bring the same security guarantees as TLS to UDP. It is used for latency-
sensitive applications such as VPN, VoIP, video conferencing, and online gaming that can …
sensitive applications such as VPN, VoIP, video conferencing, and online gaming that can …
Degenerate fault attacks on elliptic curve parameters in OpenSSL
A Takahashi, M Tibouchi - 2019 IEEE European Symposium on …, 2019 - ieeexplore.ieee.org
In this paper, we describe several practically exploitable fault attacks against OpenSSL's
implementation of elliptic curve cryptography, related to the singular curve point …
implementation of elliptic curve cryptography, related to the singular curve point …
{Diffie-Hellman} Picture Show: Key Exchange Stories from Commercial {VoWiFi} Deployments
GK Gegenhuber, F Holzbauer, PÉ Frenzel… - 33rd USENIX Security …, 2024 - usenix.org
Voice over Wi-Fi (VoWiFi) uses a series of IPsec tunnels to deliver IP-based telephony from
the subscriber's phone (User Equipment, UE) into the Mobile Network Operator's (MNO) …
the subscriber's phone (User Equipment, UE) into the Mobile Network Operator's (MNO) …
{CSProp}: ciphertext and signature propagation {Low-Overhead}{Public-Key} cryptosystem for {IoT} environments
Cryptographic operations can be prohibitively expensive for IoT and other resource-
constrained devices. We introduce a new cryptographic primitive which we call Ciphertext …
constrained devices. We introduce a new cryptographic primitive which we call Ciphertext …