% Encoding: UTF-8 @InProceedings{wireguard:analysis, author = {Benjamin Dowling and Kenneth G. Paterson}, title = {A Cryptographic Analysis of the WireGuard Protocol}, booktitle = {Applied Cryptography and Network Security - 16th International Conference, {ACNS} 2018, Leuven, Belgium, July 2-4, 2018, Proceedings}, year = {2018}, pages = {3--21}, doi = {10.1007/978-3-319-93387-0\_1}, url = {https://doi.org/10.1007/978-3-319-93387-0\_1}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/bib/conf/acns/DowlingP18}, timestamp = {Wed, 13 Jun 2018 14:00:44 +0200}, } @InProceedings{wireguard:intro, author = {Jason A. Donenfeld}, title = {WireGuard: Next Generation Kernel Network Tunnel}, booktitle = {24th Annual Network and Distributed System Security Symposium, {NDSS} 2017, San Diego, California, USA, February 26 - March 1, 2017}, year = {2017}, url = {https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/wireguard-next-generation-kernel-network-tunnel/}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/bib/conf/ndss/Donenfeld17}, timestamp = {Tue, 16 Jan 2018 15:44:17 +0100}, } @Book{book:debian, author = {Raphaël Hertzog and Roland Mas}, title = {The Debian Administrator’s Handbook}, year = {2015}, isbn = {979-10-91414-04-3}, url = {https://debian-handbook.info/}, urldate = {2018-07-17}, } @Manual{man:openvpn, author = {James Yonan}, title = {openvpn(8) - System Manager's Manual}, year = {2018}, date = {2018-04-24}, edition = {OpenVPN Version 2.4}, note = {\url{{https://manpages.debian.org/stretch/openvpn/openvpn.8.en.html}}}, url = {https://manpages.debian.org/stretch/openvpn/openvpn.8.en.html}, urldate = {2018-07-17}, timestamp = {2018-07-17}, } @TechReport{RFC4301, author = {S. Kent and K. Seo}, title = {Security Architecture for the Internet Protocol}, institution = {Internet Engineering Task Force}, year = {2005}, type = {RFC}, number = {4301}, note = {\url{https://tools.ietf.org/html/rfc4301.txt}}, month = {December}, url = {https://tools.ietf.org/html/rfc4301.txt}, howpublished = {Internet Requests for Comments}, issn = {2070-1721}, publisher = {Internet Engineering Task Force}, } @TechReport{RFC4302, author = {S. Kent}, title = {IP Authentication Header}, institution = {Internet Engineering Task Force}, year = {2005}, type = {RFC}, number = {4302}, note = {\url{https://tools.ietf.org/html/rfc4302.txt}}, month = {December}, url = {https://tools.ietf.org/html/rfc4302.txt}, howpublished = {Internet Requests for Comments}, issn = {2070-1721}, publisher = {Internet Engineering Task Force}, } @TechReport{RFC4303, author = {S. Kent}, title = {IP Encapsulating Security Payload (ESP)}, institution = {Internet Engineering Task Force}, year = {2005}, type = {RFC}, number = {4303}, note = {\url{https://tools.ietf.org/html/rfc4303.txt}}, month = {December}, url = {https://tools.ietf.org/html/rfc4303.txt}, howpublished = {Internet Requests for Comments}, issn = {2070-1721}, publisher = {Internet Engineering Task Force}, } @TechReport{RFC7296, author = {C. Kaufman and P. Hoffman and Y. Nir and P. Eronen and T. Kivinen}, title = {Internet Key Exchange Protocol Version 2 (IKEv2)}, institution = {Internet Engineering Task Force}, year = {2014}, type = {RFC}, number = {7296}, note = {\url{https://tools.ietf.org/html/rfc7296.txt}}, month = {October}, url = {https://tools.ietf.org/html/rfc7296.txt}, howpublished = {Internet Requests for Comments}, issn = {2070-1721}, publisher = {Internet Engineering Task Force}, } @TechReport{RFC7321, author = {D. McGrew and P. Hoffman}, title = {Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)}, institution = {Internet Engineering Task Force}, year = {2014}, type = {RFC}, number = {7321}, note = {\url{https://tools.ietf.org/html/rfc7321.txt}}, month = {August}, url = {https://tools.ietf.org/html/rfc7321.txt}, howpublished = {Internet Requests for Comments}, issn = {2070-1721}, publisher = {Internet Engineering Task Force}, } @TechReport{RFC8200, author = {S. Deering and R. Hinden}, title = {Internet Protocol, Version 6 (IPv6) Specification}, institution = {Internet Engineering Task Force}, year = {2017}, type = {RFC}, number = {8200}, note = {\url{https://tools.ietf.org/html/rfc8200.txt}}, month = {July}, url = {https://tools.ietf.org/html/rfc8200.txt}, howpublished = {Internet Requests for Comments}, issn = {2070-1721}, publisher = {Internet Engineering Task Force}, } @TechReport{RFC8247, author = {Y. Nir and T. Kivinen and P. Wouters and D. Migault}, title = {Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2)}, institution = {Internet Engineering Task Force}, year = {2017}, type = {RFC}, number = {8247}, note = {\url{https://tools.ietf.org/html/rfc8247.txt}}, month = {September}, url = {https://tools.ietf.org/html/rfc8247.txt}, howpublished = {Internet Requests for Comments}, issn = {2070-1721}, publisher = {Internet Engineering Task Force}, } @TechReport{RFC8221, author = {P. Wouters and D. Migault and J. Mattsson and Y. Nir and T. Kivinen}, title = {Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)}, institution = {Internet Engineering Task Force}, year = {2017}, type = {RFC}, number = {8221}, note = {\url{https://tools.ietf.org/html/rfc8221.txt}}, month = {October}, url = {https://tools.ietf.org/html/rfc8221.txt}, howpublished = {Internet Requests for Comments}, issn = {2070-1721}, publisher = {Internet Engineering Task Force}, } @WWW{strongswan:contributions, title = {Contributions - strongSwan}, year = {2018}, date = {2018-09-04}, url = {https://wiki.strongswan.org/projects/strongswan/wiki/Contributions}, note = {\url{https://wiki.strongswan.org/projects/strongswan/wiki/Contributions}, zuletzt abgerufen am 04.09.2018}, } @WWW{openvpn:easyrsa3howto, title = {EasyRSA3-OpenVPN-Howto – OpenVPN Community}, year = {2018}, date = {2018-08-31}, url = {https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto}, note = {\url{https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto}, zuletzt abgerufen am 31.08.2018}, } @WWW{strongswan:introduction, title = {Introduction to strongSwan}, year = {2018}, date = {2018-07-18}, url = {https://wiki.strongswan.org/projects/strongswan/wiki/IntroductionTostrongSwan}, note = {\url{https://wiki.strongswan.org/projects/strongswan/wiki/IntroductionTostrongSwan}, zuletzt abgerufen am 18.07.2018}, } @WWW{openvpn:securityoverview, title = {Security Overview}, year = {2018}, date = {2018-09-05}, url = {https://openvpn.net/index.php/open-source/documentation/security-overview.html}, note = {\url{https://openvpn.net/index.php/open-source/documentation/security-overview.html}, zuletzt abgerufen am 05.09.2018}, } @WWW{strongswan:onwindows, title = {strongSwan on Windows}, year = {2018}, date = {2018-08-07}, url = {https://wiki.strongswan.org/projects/strongswan/wiki/Windows}, note = {\url{https://wiki.strongswan.org/projects/strongswan/wiki/Windows}, zuletzt abgerufen am 07.08.2018}, } @WWW{openvpn:topology, title = {Topology – OpenVPN Community}, year = {2018}, date = {2018-09-05}, url = {https://community.openvpn.net/openvpn/wiki/Topology}, note = {\url{https://community.openvpn.net/openvpn/wiki/Topology}, zuletzt abgerufen am 05.09.2018}, } @Report{bsi:tr-02102-1, author = {BSI}, title = {BSI Technische Richtlinie TR-02102-1: Kryptographische Verfahren: Empfehlungen und Schlüssellängen}, type = {techreport}, institution = {Bundesamt für Sicherheit in der Informationstechnik}, year = {2018}, date = {29.05.2018}, subtitle = {TR-02102-1}, url = {https://www.bsi.bund.de/DE/Publikationen/TechnischeRichtlinien/tr02102/index_htm.html}, } @Report{bsi:tr-02102-3, author = {BSI}, title = {BSI Technische Richtlinie TR-02102-3: Kryptographische Verfahren: Empfehlungen und Schlüssellängen Teil 3 – Verwendung von Internet Protocol Security (IPsec) und Internet Key Exchange (IKEv2)}, type = {techreport}, institution = {Bundesamt für Sicherheit in der Informationstechnik}, year = {2018}, subtitle = {TR-02102-3 Teil 3}, url = {https://www.bsi.bund.de/DE/Publikationen/TechnischeRichtlinien/tr02102/index_htm.html}, } @Report{bsi:tls-checkliste, author = {BSI}, title = {TLS nach TR-03116-4 Checkliste für Diensteanbieter}, type = {techreport}, institution = {Bundesamt für Sicherheit in der Informationstechnik}, year = {2018}, date = {23.04.2018}, subtitle = {Checkliste für Diensteanbieter}, url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/TLS-Checkliste.html}, } @TechReport{RFC7525, author = {Y. Sheffer and R. Holz and P. Saint-Andre}, title = {Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)}, institution = {Internet Engineering Task Force}, year = {2015}, type = {BCP}, number = {195}, note = {\url{https://tools.ietf.org/html/rfc7525.txt}}, month = {May}, url = {https://tools.ietf.org/html/rfc7525.txt}, howpublished = {Internet Requests for Comments}, issn = {2070-1721}, publisher = {Internet Engineering Task Force}, } @WWW{strongswan:onmac, title = {strongSwan on Mac OS X}, year = {2018}, date = {2018-08-07}, url = {https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX}, note = {\url{https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX}, zuletzt abgerufen am 27.09.2018}, } @TechReport{RFC5280, author = {D. Cooper and S. Santesson and S. Farrell and S. Boeyen and R. Housley and W. Polk}, title = {Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile}, institution = {Internet Engineering Task Force}, year = {2008}, type = {RFC}, number = {5280}, note = {\url{https://tools.ietf.org/html/rfc5280.txt}}, month = {May}, url = {https://tools.ietf.org/html/rfc5280.txt}, howpublished = {Internet Requests for Comments}, issn = {2070-1721}, publisher = {Internet Engineering Task Force}, } @Proceeding{analysis:tcpintcp, author = {Osamu Honda and Hiroyuki Ohsaki and Makoto Imase and Mika Ishizuka and Junichi Murayama}, title = {Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency}, year = {2005}, doi = {10.1117/12.630496}, url = {https://doi.org/10.1117/12.630496}, journal = {Proc.SPIE}, pages = {6011 - 6011 - 9}, volume = {6011}, } @TechReport{RFC5246, author = {T. Dierks and E. Rescorla}, title = {The Transport Layer Security (TLS) Protocol Version 1.2}, institution = {Internet Engineering Task Force}, year = {2008}, type = {RFC}, number = {5246}, note = {\url{https://tools.ietf.org/html/rfc5246.txt}}, month = {August}, url = {https://tools.ietf.org/html/rfc5246.txt}, howpublished = {Internet Requests for Comments}, issn = {2070-1721}, publisher = {Internet Engineering Task Force}, } @TechReport{RFC7539, author = {Y. Nir and A. Langley}, title = {ChaCha20 and Poly1305 for IETF Protocols}, institution = {Internet Engineering Task Force}, year = {2015}, type = {RFC}, number = {7539}, note = {\url{https://tools.ietf.org/html/rfc7539.txt}}, month = {May}, url = {https://tools.ietf.org/html/rfc7539.txt}, howpublished = {Internet Requests for Comments}, issn = {2070-1721}, publisher = {Internet Engineering Task Force}, } @InProceedings{blake2s:definition, author = {Aumasson, Jean-Philippe and Neves, Samuel and Wilcox-O'Hearn, Zooko and Winnerlein, Christian}, title = {BLAKE2: Simpler, Smaller, Fast as MD5}, booktitle = {Applied Cryptography and Network Security}, year = {2013}, editor = {Jacobson, Michael and Locasto, Michael and Mohassel, Payman and Safavi-Naini, Reihaneh}, publisher = {Springer Berlin Heidelberg}, isbn = {978-3-642-38980-1}, pages = {119--135}, abstract = {We present the hash function BLAKE2, an improved version of the SHA-3 finalist BLAKE optimized for speed in software. Target applications include cloud storage, intrusion detection, or version control systems. BLAKE2 comes in two main flavors: BLAKE2b is optimized for 64-bit platforms, and BLAKE2s for smaller architectures. On 64-bit platforms, BLAKE2 is often faster than MD5, yet provides security similar to that of SHA-3: up to 256-bit collision resistance, immunity to length extension, indifferentiability from a random oracle, etc. We specify parallel versions BLAKE2bp and BLAKE2sp that are up to 4 and 8 times faster, by taking advantage of SIMD and/or multiple cores. BLAKE2 reduces the RAM requirements of BLAKE down to 168 bytes, making it smaller than any of the five SHA-3 finalists, and 32{\%} smaller than BLAKE. Finally, BLAKE2 provides a comprehensive support for tree-hashing as well as keyed hashing (be it in sequential or tree mode).}, address = {Berlin, Heidelberg}, } @Report{enisa:algorithms, author = {ENISA}, title = {Algorithms, key size and parameters report – 2014}, institution = {European Union Agency for Network and Information Security}, year = {2014}, date = {2014-11-21}, note = {\url{https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014}}, doi = {10.2824/36822}, url = {https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014}, } @Report{ecrypt-csa:algorithms, author = {ECRYPT-CSA}, title = {Algorithms, Key Size and Protocols Report (2018)}, year = {2018}, date = {2018-02-28}, note = {\url{http://www.ecrypt.eu.org/csa/publications.html}}, url = {http://www.ecrypt.eu.org/csa/documents/D5.4-FinalAlgKeySizeProt.pdf}, } @Comment{jabref-meta: databaseType:biblatex;}