351 lines
15 KiB
BibTeX
351 lines
15 KiB
BibTeX
% Encoding: UTF-8
|
||
|
||
@InProceedings{wireguard:analysis,
|
||
author = {Benjamin Dowling and Kenneth G. Paterson},
|
||
title = {A Cryptographic Analysis of the WireGuard Protocol},
|
||
booktitle = {Applied Cryptography and Network Security - 16th International Conference, {ACNS} 2018, Leuven, Belgium, July 2-4, 2018, Proceedings},
|
||
year = {2018},
|
||
pages = {3--21},
|
||
doi = {10.1007/978-3-319-93387-0\_1},
|
||
url = {https://doi.org/10.1007/978-3-319-93387-0\_1},
|
||
bibsource = {dblp computer science bibliography, https://dblp.org},
|
||
biburl = {https://dblp.org/rec/bib/conf/acns/DowlingP18},
|
||
timestamp = {Wed, 13 Jun 2018 14:00:44 +0200},
|
||
}
|
||
|
||
@InProceedings{wireguard:intro,
|
||
author = {Jason A. Donenfeld},
|
||
title = {WireGuard: Next Generation Kernel Network Tunnel},
|
||
booktitle = {24th Annual Network and Distributed System Security Symposium, {NDSS} 2017, San Diego, California, USA, February 26 - March 1, 2017},
|
||
year = {2017},
|
||
url = {https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/wireguard-next-generation-kernel-network-tunnel/},
|
||
bibsource = {dblp computer science bibliography, https://dblp.org},
|
||
biburl = {https://dblp.org/rec/bib/conf/ndss/Donenfeld17},
|
||
timestamp = {Tue, 16 Jan 2018 15:44:17 +0100},
|
||
}
|
||
|
||
@Book{book:debian,
|
||
author = {Raphaël Hertzog and Roland Mas},
|
||
title = {The Debian Administrator’s Handbook},
|
||
year = {2015},
|
||
isbn = {979-10-91414-04-3},
|
||
url = {https://debian-handbook.info/},
|
||
urldate = {2018-07-17},
|
||
}
|
||
|
||
@Manual{man:openvpn,
|
||
author = {James Yonan},
|
||
title = {openvpn(8) - System Manager's Manual},
|
||
year = {2018},
|
||
date = {2018-04-24},
|
||
edition = {OpenVPN Version 2.4},
|
||
note = {\url{{https://manpages.debian.org/stretch/openvpn/openvpn.8.en.html}}},
|
||
url = {https://manpages.debian.org/stretch/openvpn/openvpn.8.en.html},
|
||
urldate = {2018-07-17},
|
||
timestamp = {2018-07-17},
|
||
}
|
||
|
||
@TechReport{RFC4301,
|
||
author = {S. Kent and K. Seo},
|
||
title = {Security Architecture for the Internet Protocol},
|
||
institution = {Internet Engineering Task Force},
|
||
year = {2005},
|
||
type = {RFC},
|
||
number = {4301},
|
||
note = {\url{https://tools.ietf.org/html/rfc4301.txt}},
|
||
month = {December},
|
||
url = {https://tools.ietf.org/html/rfc4301.txt},
|
||
howpublished = {Internet Requests for Comments},
|
||
issn = {2070-1721},
|
||
publisher = {Internet Engineering Task Force},
|
||
}
|
||
|
||
@TechReport{RFC4302,
|
||
author = {S. Kent},
|
||
title = {IP Authentication Header},
|
||
institution = {Internet Engineering Task Force},
|
||
year = {2005},
|
||
type = {RFC},
|
||
number = {4302},
|
||
note = {\url{https://tools.ietf.org/html/rfc4302.txt}},
|
||
month = {December},
|
||
url = {https://tools.ietf.org/html/rfc4302.txt},
|
||
howpublished = {Internet Requests for Comments},
|
||
issn = {2070-1721},
|
||
publisher = {Internet Engineering Task Force},
|
||
}
|
||
|
||
@TechReport{RFC4303,
|
||
author = {S. Kent},
|
||
title = {IP Encapsulating Security Payload (ESP)},
|
||
institution = {Internet Engineering Task Force},
|
||
year = {2005},
|
||
type = {RFC},
|
||
number = {4303},
|
||
note = {\url{https://tools.ietf.org/html/rfc4303.txt}},
|
||
month = {December},
|
||
url = {https://tools.ietf.org/html/rfc4303.txt},
|
||
howpublished = {Internet Requests for Comments},
|
||
issn = {2070-1721},
|
||
publisher = {Internet Engineering Task Force},
|
||
}
|
||
|
||
@TechReport{RFC7296,
|
||
author = {C. Kaufman and P. Hoffman and Y. Nir and P. Eronen and T. Kivinen},
|
||
title = {Internet Key Exchange Protocol Version 2 (IKEv2)},
|
||
institution = {Internet Engineering Task Force},
|
||
year = {2014},
|
||
type = {RFC},
|
||
number = {7296},
|
||
note = {\url{https://tools.ietf.org/html/rfc7296.txt}},
|
||
month = {October},
|
||
url = {https://tools.ietf.org/html/rfc7296.txt},
|
||
howpublished = {Internet Requests for Comments},
|
||
issn = {2070-1721},
|
||
publisher = {Internet Engineering Task Force},
|
||
}
|
||
|
||
@TechReport{RFC7321,
|
||
author = {D. McGrew and P. Hoffman},
|
||
title = {Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)},
|
||
institution = {Internet Engineering Task Force},
|
||
year = {2014},
|
||
type = {RFC},
|
||
number = {7321},
|
||
note = {\url{https://tools.ietf.org/html/rfc7321.txt}},
|
||
month = {August},
|
||
url = {https://tools.ietf.org/html/rfc7321.txt},
|
||
howpublished = {Internet Requests for Comments},
|
||
issn = {2070-1721},
|
||
publisher = {Internet Engineering Task Force},
|
||
}
|
||
|
||
@TechReport{RFC8200,
|
||
author = {S. Deering and R. Hinden},
|
||
title = {Internet Protocol, Version 6 (IPv6) Specification},
|
||
institution = {Internet Engineering Task Force},
|
||
year = {2017},
|
||
type = {RFC},
|
||
number = {8200},
|
||
note = {\url{https://tools.ietf.org/html/rfc8200.txt}},
|
||
month = {July},
|
||
url = {https://tools.ietf.org/html/rfc8200.txt},
|
||
howpublished = {Internet Requests for Comments},
|
||
issn = {2070-1721},
|
||
publisher = {Internet Engineering Task Force},
|
||
}
|
||
|
||
@TechReport{RFC8247,
|
||
author = {Y. Nir and T. Kivinen and P. Wouters and D. Migault},
|
||
title = {Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2)},
|
||
institution = {Internet Engineering Task Force},
|
||
year = {2017},
|
||
type = {RFC},
|
||
number = {8247},
|
||
note = {\url{https://tools.ietf.org/html/rfc8247.txt}},
|
||
month = {September},
|
||
url = {https://tools.ietf.org/html/rfc8247.txt},
|
||
howpublished = {Internet Requests for Comments},
|
||
issn = {2070-1721},
|
||
publisher = {Internet Engineering Task Force},
|
||
}
|
||
|
||
@TechReport{RFC8221,
|
||
author = {P. Wouters and D. Migault and J. Mattsson and Y. Nir and T. Kivinen},
|
||
title = {Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)},
|
||
institution = {Internet Engineering Task Force},
|
||
year = {2017},
|
||
type = {RFC},
|
||
number = {8221},
|
||
note = {\url{https://tools.ietf.org/html/rfc8221.txt}},
|
||
month = {October},
|
||
url = {https://tools.ietf.org/html/rfc8221.txt},
|
||
howpublished = {Internet Requests for Comments},
|
||
issn = {2070-1721},
|
||
publisher = {Internet Engineering Task Force},
|
||
}
|
||
|
||
@WWW{strongswan:contributions,
|
||
title = {Contributions - strongSwan},
|
||
year = {2018},
|
||
date = {2018-09-04},
|
||
url = {https://wiki.strongswan.org/projects/strongswan/wiki/Contributions},
|
||
note = {\url{https://wiki.strongswan.org/projects/strongswan/wiki/Contributions}, zuletzt abgerufen am 04.09.2018},
|
||
}
|
||
|
||
@WWW{openvpn:easyrsa3howto,
|
||
title = {EasyRSA3-OpenVPN-Howto – OpenVPN Community},
|
||
year = {2018},
|
||
date = {2018-08-31},
|
||
url = {https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto},
|
||
note = {\url{https://community.openvpn.net/openvpn/wiki/EasyRSA3-OpenVPN-Howto}, zuletzt abgerufen am 31.08.2018},
|
||
}
|
||
|
||
@WWW{strongswan:introduction,
|
||
title = {Introduction to strongSwan},
|
||
year = {2018},
|
||
date = {2018-07-18},
|
||
url = {https://wiki.strongswan.org/projects/strongswan/wiki/IntroductionTostrongSwan},
|
||
note = {\url{https://wiki.strongswan.org/projects/strongswan/wiki/IntroductionTostrongSwan}, zuletzt abgerufen am 18.07.2018},
|
||
}
|
||
|
||
@WWW{openvpn:securityoverview,
|
||
title = {Security Overview},
|
||
year = {2018},
|
||
date = {2018-09-05},
|
||
url = {https://openvpn.net/index.php/open-source/documentation/security-overview.html},
|
||
note = {\url{https://openvpn.net/index.php/open-source/documentation/security-overview.html}, zuletzt abgerufen am 05.09.2018},
|
||
}
|
||
|
||
@WWW{strongswan:onwindows,
|
||
title = {strongSwan on Windows},
|
||
year = {2018},
|
||
date = {2018-08-07},
|
||
url = {https://wiki.strongswan.org/projects/strongswan/wiki/Windows},
|
||
note = {\url{https://wiki.strongswan.org/projects/strongswan/wiki/Windows}, zuletzt abgerufen am 07.08.2018},
|
||
}
|
||
|
||
@WWW{openvpn:topology,
|
||
title = {Topology – OpenVPN Community},
|
||
year = {2018},
|
||
date = {2018-09-05},
|
||
url = {https://community.openvpn.net/openvpn/wiki/Topology},
|
||
note = {\url{https://community.openvpn.net/openvpn/wiki/Topology}, zuletzt abgerufen am 05.09.2018},
|
||
}
|
||
|
||
@Report{bsi:tr-02102-1,
|
||
author = {BSI},
|
||
title = {BSI Technische Richtlinie TR-02102-1: Kryptographische Verfahren: Empfehlungen und Schlüssellängen},
|
||
type = {techreport},
|
||
institution = {Bundesamt für Sicherheit in der Informationstechnik},
|
||
year = {2018},
|
||
date = {29.05.2018},
|
||
subtitle = {TR-02102-1},
|
||
url = {https://www.bsi.bund.de/DE/Publikationen/TechnischeRichtlinien/tr02102/index_htm.html},
|
||
}
|
||
|
||
@Report{bsi:tr-02102-3,
|
||
author = {BSI},
|
||
title = {BSI Technische Richtlinie TR-02102-3: Kryptographische Verfahren: Empfehlungen und Schlüssellängen Teil 3 – Verwendung von Internet Protocol Security (IPsec) und Internet Key Exchange (IKEv2)},
|
||
type = {techreport},
|
||
institution = {Bundesamt für Sicherheit in der Informationstechnik},
|
||
year = {2018},
|
||
subtitle = {TR-02102-3 Teil 3},
|
||
url = {https://www.bsi.bund.de/DE/Publikationen/TechnischeRichtlinien/tr02102/index_htm.html},
|
||
}
|
||
|
||
@Report{bsi:tls-checkliste,
|
||
author = {BSI},
|
||
title = {TLS nach TR-03116-4 Checkliste für Diensteanbieter},
|
||
type = {techreport},
|
||
institution = {Bundesamt für Sicherheit in der Informationstechnik},
|
||
year = {2018},
|
||
date = {23.04.2018},
|
||
subtitle = {Checkliste für Diensteanbieter},
|
||
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/TLS-Checkliste.html},
|
||
}
|
||
|
||
@TechReport{RFC7525,
|
||
author = {Y. Sheffer and R. Holz and P. Saint-Andre},
|
||
title = {Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)},
|
||
institution = {Internet Engineering Task Force},
|
||
year = {2015},
|
||
type = {BCP},
|
||
number = {195},
|
||
note = {\url{https://tools.ietf.org/html/rfc7525.txt}},
|
||
month = {May},
|
||
url = {https://tools.ietf.org/html/rfc7525.txt},
|
||
howpublished = {Internet Requests for Comments},
|
||
issn = {2070-1721},
|
||
publisher = {Internet Engineering Task Force},
|
||
}
|
||
|
||
@WWW{strongswan:onmac,
|
||
title = {strongSwan on Mac OS X},
|
||
year = {2018},
|
||
date = {2018-08-07},
|
||
url = {https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX},
|
||
note = {\url{https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX}, zuletzt abgerufen am 27.09.2018},
|
||
}
|
||
|
||
@TechReport{RFC5280,
|
||
author = {D. Cooper and S. Santesson and S. Farrell and S. Boeyen and R. Housley and W. Polk},
|
||
title = {Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile},
|
||
institution = {Internet Engineering Task Force},
|
||
year = {2008},
|
||
type = {RFC},
|
||
number = {5280},
|
||
note = {\url{https://tools.ietf.org/html/rfc5280.txt}},
|
||
month = {May},
|
||
url = {https://tools.ietf.org/html/rfc5280.txt},
|
||
howpublished = {Internet Requests for Comments},
|
||
issn = {2070-1721},
|
||
publisher = {Internet Engineering Task Force},
|
||
}
|
||
|
||
@Proceeding{analysis:tcpintcp,
|
||
author = {Osamu Honda and Hiroyuki Ohsaki and Makoto Imase and Mika Ishizuka and Junichi Murayama},
|
||
title = {Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency},
|
||
year = {2005},
|
||
doi = {10.1117/12.630496},
|
||
url = {https://doi.org/10.1117/12.630496},
|
||
journal = {Proc.SPIE},
|
||
pages = {6011 - 6011 - 9},
|
||
volume = {6011},
|
||
}
|
||
|
||
@TechReport{RFC5246,
|
||
author = {T. Dierks and E. Rescorla},
|
||
title = {The Transport Layer Security (TLS) Protocol Version 1.2},
|
||
institution = {Internet Engineering Task Force},
|
||
year = {2008},
|
||
type = {RFC},
|
||
number = {5246},
|
||
note = {\url{https://tools.ietf.org/html/rfc5246.txt}},
|
||
month = {August},
|
||
url = {https://tools.ietf.org/html/rfc5246.txt},
|
||
howpublished = {Internet Requests for Comments},
|
||
issn = {2070-1721},
|
||
publisher = {Internet Engineering Task Force},
|
||
}
|
||
|
||
@TechReport{RFC7539,
|
||
author = {Y. Nir and A. Langley},
|
||
title = {ChaCha20 and Poly1305 for IETF Protocols},
|
||
institution = {Internet Engineering Task Force},
|
||
year = {2015},
|
||
type = {RFC},
|
||
number = {7539},
|
||
note = {\url{https://tools.ietf.org/html/rfc7539.txt}},
|
||
month = {May},
|
||
url = {https://tools.ietf.org/html/rfc7539.txt},
|
||
howpublished = {Internet Requests for Comments},
|
||
issn = {2070-1721},
|
||
publisher = {Internet Engineering Task Force},
|
||
}
|
||
|
||
@InProceedings{blake2s:definition,
|
||
author = {Aumasson, Jean-Philippe and Neves, Samuel and Wilcox-O'Hearn, Zooko and Winnerlein, Christian},
|
||
title = {BLAKE2: Simpler, Smaller, Fast as MD5},
|
||
booktitle = {Applied Cryptography and Network Security},
|
||
year = {2013},
|
||
editor = {Jacobson, Michael and Locasto, Michael and Mohassel, Payman and Safavi-Naini, Reihaneh},
|
||
publisher = {Springer Berlin Heidelberg},
|
||
isbn = {978-3-642-38980-1},
|
||
pages = {119--135},
|
||
abstract = {We present the hash function BLAKE2, an improved version of the SHA-3 finalist BLAKE optimized for speed in software. Target applications include cloud storage, intrusion detection, or version control systems. BLAKE2 comes in two main flavors: BLAKE2b is optimized for 64-bit platforms, and BLAKE2s for smaller architectures. On 64-bit platforms, BLAKE2 is often faster than MD5, yet provides security similar to that of SHA-3: up to 256-bit collision resistance, immunity to length extension, indifferentiability from a random oracle, etc. We specify parallel versions BLAKE2bp and BLAKE2sp that are up to 4 and 8 times faster, by taking advantage of SIMD and/or multiple cores. BLAKE2 reduces the RAM requirements of BLAKE down to 168 bytes, making it smaller than any of the five SHA-3 finalists, and 32{\%} smaller than BLAKE. Finally, BLAKE2 provides a comprehensive support for tree-hashing as well as keyed hashing (be it in sequential or tree mode).},
|
||
address = {Berlin, Heidelberg},
|
||
}
|
||
|
||
@Report{enisa:algorithms,
|
||
author = {ENISA},
|
||
title = {Algorithms, key size and parameters report – 2014},
|
||
institution = {European Union Agency for Network and Information Security},
|
||
year = {2014},
|
||
date = {2014-11},
|
||
doi = {10.2824/36822},
|
||
url = {https://www.enisa.europa.eu/publications/algorithms-key-size-and-parameters-report-2014},
|
||
}
|
||
|
||
@Comment{jabref-meta: databaseType:biblatex;}
|