Imperfect Forward Secrecy

Adrian, David; Bhargavan, Karthikeyan; Durumeric, Zakir; Gaudry, Pierrick; Green, Matthew; Halderman, J. Alex; Heninger, Nadia; Springall, Drew; Thomé, Emmanuel; Valenta, Luke; VanderSloot, Benjamin; Wustrow, Eric; Zanella-Béguelin, Santiago; Zimmermann, Paul

doi:10.1145/2810103.2813707

Cited by 256 publications

(26 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Cryptosystems offering 80 bits of security or less, which were phased out in 2011-2013, are at the greatest risk: they can be broken now at a cost ranging from tens of thousands to hundreds of millions of dollars [12,13,14,15]. Cryptosystems offering 112 bits of security are likely to remain secure for some time: they may be breakable for a budget of a billion dollars in 30 to 40 years 3 (using classical computers).…”

Section: The Path Forwardmentioning

confidence: 99%

Report on Post-Quantum Cryptography

Chen¹,

Jordan²,

Liu³

et al. 2016

536

249

View full text Add to dashboard Cite

All comments are subject to release under the Freedom of Information Act (FOIA).ii Reports on Computer Systems TechnologyThe Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. AbstractIn recent years, there has been a substantial amount of research on quantum computersmachines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere. The goal of post-quantum cryptography (also called quantum-resistant cryptography) is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks. This Internal Report shares the National Institute of Standards and Technology (NIST)'s current understanding about the status of quantum computing and post-quantum cryptography, and outlines NIST's initial plan to move forward in this space. The report also recognizes the challenge of moving to new cryptographic infrastructures and therefore emphasizes the need for agencies to focus on crypto agility.

show abstract

Section: The Path Forwardmentioning

confidence: 99%

Report on Post-Quantum Cryptography

Chen¹,

Jordan²,

Liu³

et al. 2016

536

249

View full text Add to dashboard Cite

show abstract

“…More information about the topic may be found on specialized web pages, such as open-source project called OpenSSL (2016c), specialized webpages and technical papers about DROWN attack (Aviram et al, 2016) or about Diffie-Hellman key exchange (Adrian et al, 2015).…”

Section: Test Resultsmentioning

confidence: 99%

Web Interface Security Vulnerabilities of Selected European Open-access Academic Repositories

Formanek

Zaborsky

2017

Liber Quarterly

View full text Add to dashboard Cite

The given analysis summarizes the status quo of the level of security of web interfaces of selected European academic repositories in the field of library and information science. It focuses on the presence and qualities of the secure HTTPS protocol via SSL/TLS protocols. The security of the transmitted data is particularly important in the network environment of the Internet, especially if log-in user data is transmitted. Disclosure may have a direct impact on saved digital objects and their metadata which together represent the most valuable parts of systems of digital libraries and repositories. Furthermore, the paper points to the most noticeable vulnerabilities of protocols of web interfaces and presents practical recommendations for the expert public. These may contribute to the increase of the level of security of the discussed systems. The authors base their proposals on the currently available scientific publications and scientific articles about the given topic.

show abstract

“…They want to be able to decrypt traffic that is inside their networks. So they asked the TLS WG to restore some of the removed cipher suites or provide some other mechanism to support their internal network requirements (Checkoway, ; see also Adrian et al, ).…”

Section: Why Code Is Not Law: Two Case Studiesmentioning

confidence: 99%

Requiem for a Dream: On Advancing Human Rights via Internet Architecture

Mueller¹,

Badiei²

2018

Policy & Internet

View full text Add to dashboard Cite

A growing number of scholars and policymakers are calling attention to the relationship between technology standards, protocols, human rights, ethics, and values—also claiming that human rights can be secured (or violated) via the Internet's standards and architecture. However, this assertion of governance through Internet architecture can oversimplify the complex relationship between technology and society. This article argues that human rights are primarily a political and institutional accomplishment, not a simple matter of technical design. By articulating a challenge to uncritical and imperfectly theorized efforts to link standards‐setting and protocol development to “values” and human rights objectives, we hope to foster a more realistic approach to Internet standardization and governance processes and a more balanced and well‐informed theoretical debate. Situated in the theoretical literature on science, technology, and society, our analysis is also informed by extensive empirical exposure to standardization and Internet governance processes. It includes two short case studies in which standards development and rights issues have intersected in ways that illuminate the relationship between rights and standards, and which can be interpreted to falsify certain claims.

show abstract

Imperfect Forward Secrecy

Cited by 256 publications

References 45 publications

Report on Post-Quantum Cryptography

Report on Post-Quantum Cryptography

Web Interface Security Vulnerabilities of Selected European Open-access Academic Repositories

Requiem for a Dream: On Advancing Human Rights via Internet Architecture

Contact Info

Product

Resources

About