| [1] | MILLER V S.Use of Elliptic curves in cryptography[C]//CRYPTO'85 Advances in Cryptology.Berlin:Springer-Verlag,1985:417-426.
|
| [2] | RIVESTR L.The MD5 Message-Digest Algorithm(IETF RFC 1321)[S/OL].[1992-04-30].http://www.ietf.org/rfc/rfc1321.txt.
|
| [3] | 中国互联网络信息中心.第41次《中国互联网络发展状况统计报告》[R/OL].[2018-05-03].http://www.cac.gov.cn/2018-01/31/c_1122347026.htm.China Internet Network Information Center.The 41st China Statistical Report on Internet Development[R/OL].[2018-05-03].http://www.cac.gov.cn/2018-01/31/c_1122347026.htm.
|
| [4] | DIERKS T,ALLEN C.The TLS Protocol Version1.0(IETF RFC 2246)[S/OL].[1999-01-30].http://www.rfc-editor.org/rfc/rfc2246.txt.
|
| [5] | DIERKS T,RESCORLA E.The Transport Layer Security(TLS)Protocol Version 1.1(IETF RFC 4346)[S/OL].[2006-04-30].http://www.rfc-editor.org/rfc/rfc4346.txt.
|
| [6] | DIERKS T,RESCORLA E.The Transport Layer Security(TLS)Protocol Version 1.2(IETF RFC 5246)[S/OL].[2008-12-30].http://www.rfc-editor.org/rfc/rfc5246.txt.DOI:10.1017/CBO9781107415324.004.
|
| [7] | Security Content Automation Chinese Protocol.CVE-2004-2770[R/OL].[2017-12-10].http://cve.scap.org.cn/CVE-2004-2770.html.
|
| [8] | Security Content Automation Chinese Protocol.CVE-2013-0169[R/OL].[2017-12-10].http://cve.scap.org.cn/CVE-2013-0169.html.
|
| [9] | RESCORLA E.The Transport Layer Security(TLS)Protocol Version 1.3-draft-ietf-tls-tls13-13[DB/OL].[2018-03-30].https://tools.ietf.org/html/draftietf-tls-tls13-13(2016).
|
| [10] | RESCORLA E.The Transport Layer Security(TLS)Protocol Version 1.3-draft-ietf-tls-tls13-18[DB/OL].[2018-03-30].htt ps://tools.ietf.org/html/draftietf-tls-tls13-18(2016).
|
| [11] | DOWLING B,FISCHLIN M,GüNTHER F,et al.A cryptographic analysis of the TLS 1.3 handshake protocol candidates[C]//Proceedings o f the 22nd ACM SIGSAC Conference on Computer and Communications Security,New York:ACM,2015:1197-1210.
|
| [12] | HOLZ R,AMANN J,MEHANI O,et al.TLS in the wild:An internet-wide analysis of TLS-based protocols for electronic communication[J].Com puter Science,2015,21(4):120-126.
|
| [13] | DOWLING B,FISCHLIN M,GüNTHER F,et al.A Cryptographic Analysis of the TLS 1.3 draft-10 Full and Pre-shared Key Handshake Protocol[EB/OL].[2018-02-02].http://eprint.iacr.org/2016/081.
|
| [14] | KRAWCZYK H,WEE H.The OPTLS protocol and TLS 1.3[C]//2016 IEEE European Symposium on Security and Privacy.Washington D C:IEEE Computer Society,2016:81-96.DOI:10.1109/EuroSP.2016.18.
|
| [15] | MOGHIMIFAR F,STEBILA D.Predicting TLS performance from key exchange performance:Short paper[C]//Proceedings of the Australasian Computer Science Week Multiconference.New York:ACM Press,2016:44-55.
|
| [16] | GIESEN F,KOHLAR F,STEBILA D,et al.On the security of TLS renegotiation[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer&Communications Security.New York:ACM Press,2013:387-398.DOI:10.1145/2508859.2516694.
|
| [17] | BOCK H,ZAUNER A,DEVLIN S,et al.Nonce-disrespecting adversaries:Practical forgery attacks on GCM in TLS[C]//WOOT'16 Proceedings of the10th USENIX Conference on Offensive Technologies.Berkeley:USENIX Association,2016:15-25.
|
| [18] | BELLARE M,TACKMANN B.The Multi-user Security of Authenticated Encryption:AES-GCM in TLS1.3[DB/OL].[2018-02-12].https://link.springer.com/chapter/10.1007%2F978-3-662-53018-4_10.
|
| [19] | WACHS M,SCHEITLE Q,CARLE G.Push away your privacy:Precise user tracking based on TLS client certificate authentication[C]//Proceedings of Network Traffic Measurement and Analysis Conference.Washington D C:IEEE Computer Society,2017:243-252.DOI:10.23919/TMA.2017.8002897.
|
| [20] | BAGARIA S,BALAJI R,BINDHUMADHAVA B S.Detecting Malignant TLS Servers Using Machine Learning Techniques[DB/OL].[2018-04-02].https://www.researchgate.net/publication/317164139_Detecting_Malignant_TLS_Servers_Using_Machine_Learning_Techniques.
|
| [21] | LEVILLAIN O,GOURDIN B,DEBAR H,et al.TLS record protocol:Security analysis and defense-indepth countermeasures for HTTPS[C]//Proceedings of the 10th ACM Symposium on Information,Computer and Communications Security.New York:ACM Press,2015:225-236.DOI:10.1145/2714576.2714592.
|
| [22] | BHARGAVAN K,DELIGNAT-LAVAUD A,FOURNET C,et al.Implementing and proving the TLS 1.3 record layer[C]//2017 IEEE Symposium on Security and Privacy.Washington D C:IEEE Computer Society,2017:362-379.DOI:10.1109/SP.2017.58.
|
| [23] | LANGLEY A,CHANG W,MAVROGIANNOPOULOS N,et al.IETF RFC 7905:ChaCha20-Poly1305Cipher Suites for Transport Layer Security(TLS)[S/OL].[2018-03-02].https://datatracker.ietf.org/doc/rfc7905/.
|
| [24] | FISCHLIN M,GUNTHER F.Replay attacks on zero round-trip time:The case of the TLS 1.3 handshake candidates[C]//2017 IEEE European Symposium on Security and Privacy.Washington D C:IEEE Computer Society,2017:82-113.DOI:10.1109/EuroSP.2017.18.
|
| [25] | GüNTHER F,HALE B,JAGER T,et al.0-RTT Key Exchange with Full Forward Secrecy[DB/OL].[2018-02-12].https://link.springer.com/chapter/10.1007/978-3-319-56617-7_18.
|
| [26] | BHARGAVAN K,BLANCHET B,KOBEISSI N.Verified models and reference implementations for the TLS 1.3 standard candidate[C]//2017 IEEE Symposium on Security and Privacy.Washington D C:IEEE Computer Society,2017:402-422.DOI:10.1109/SP.2017.26.
|
| [27] | BADERTSCHER C,MATT C,MAURER U,et al.Augmented Secure Channels and the Goal of the TLS1.3 Record Layer[DB/OL].[2018-02-12].https://link.springer.com/chapter/10.1007%2F978-3-319-26059-4-5.
|
| [28] | QüNTHER F.Modeling Advanced Security Aspects of Key Exchange and Secure Channel Protocols[D].Munich:Technische Universit(a|¨)t,2018.
|
| [29] | MOELLER B,BOCHUM R U.Elliptic Curve Cryptography(ECC)Cipher Suites for Transport Layer Security(TLS)(IETF RFC 4492)[S/OL].[2018-02-12].https://datatracker.ietf.org/doc/rfc4492/.
|
| [30] | BERGSMA F,DOWLING B,KOHLAR F,et al.Multi-ciphersuite security of the secure shell(SSH)protocol[C]//Proceedings of the 2014 ACM SIG-SAC Conference on Com puter and Communications Security.New York:ACM Press,2014:369-381.DOI:10.1145/2660267.2660286.
|
| [31] | LAN X,XU J,ZHANG Z,et al.Investigating the multi-ciphersuite and backwards-compatibility security of the upcoming TLS 1.3[J].IEEE Transactions on Dependable and Secure Computing,2017,99(2):1.
|
| [32] | BHARGAVAN K,BOUREANU I C,FOUQUE P A,et al.Content delivery over TLS:A cryptographic analysis of keyless SSL[C]//2017 IEEE European Symposium on Security and Privacy.Washington D C:IEEE Computer Society,2017:51-59.DOI:10.1109/EuroSP.2017.52.
|
| [33] | HALE B,JAGER T,LAUER S,et al.Simple Security Definitions for and Constructions of 0-RTT Key Exchange[DB/OL].[2018-02-12].https://link.springer.com/chapter/10.1007/978-3-319-61204-1_2.
|
| [34] | CREMERS C,HORVAT M,SCOTT S,et al.Automated Analysis and Verification of TLS 1.3:0-RTT,Resumption and Delayed Authentication[C]//2016IEEE Symposium on Security and Privacy,Washington D C:IEEE Computer Society,2016:470-485.DOI:10.1109/SP.2016.35.
|
| [35] | RESCORLA E.The Transport Layer Security(TLS)Protocol Version 1.3-draft-ietf-tls-tls13-05[DB/OL].[2017-12-30].https://tools.iet f.org/html/dra ftietf-tls-tls13-05(2015).
|
| [36] | BHARGAVAN K,LEURENT G.Transcript Collision Attacks:Breaking Authentication in TLS,IKEand SSH[DB/OL].[2018-02-03].http://www.mitls.org/down/oads/transeript-collisons.pdf.
|
| [37] | LI X Y,XU J,ZHANG Z F,et al.Multiple Handshakes Security of TLS 1.3 Candidates[C]//2016IEEE Symposium on Security and Privacy.Washington D C:IEEE Computer Society,2016:486-505.DOI:10.1109/SP.2016.36.
|
| [38] | JAGER T,SCHWENK J,SOMOROVSKY J,et al.On the Security of TLS 1.3 and QUIC against Weaknesses in PKCS#1 v1.5 Encryption[C]//ACM Conference on Computer and Communicatinons Security.New York:ACM Press,2015:1185-1196.DOI:10.1145/2810103.2813657.
|
| [39] | KRAWCZYK H.A Unilateral-to-Mutual Authentication Compiler for Key Exchange(with Applications to Client Authentication in TLS 1.3)[DB/OL].[2018-02-12].http://eprint.iacr.org/2016/711.
|
| [40] | SOMOROVSKY J.Systematic fuzzing and testing of TLS libraries[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.New York:ACM Press,2016:1492-1504.
|
| [41] | BERNSTEIN D J,DUIF N,LANGE T,et al.HighSpeed High-Security Signatures[C]//CHES'11 Proceedings of the 13th International Conference on Cryptographic Hardware and Embedded Systems.Berlin:Springer-Verlag,2011:124-142.
|
| [42] | Security Content Automation Chinese Protocol.CVE-2016-0701[R/OL].[2017-12-10].http://cve.scap.org.cn/CVE-2016-0701.html.
|
| [43] | FAN S Q,WANG W B,CHENG Q F.Attacking OpenSSL implementation of ECDSA with a few signatures[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.New York:ACM Press,2016:1505-1515.DOI:10.1145/2976749.2978400.
|
| [44] | RESCORLA E.The Transport Layer Security(TLS)Protocol Version 1.3-draft-ietf-tls-tls13-10[DB/OL].[2018-03-30].htt ps://tools.ietf.org/html/draftietf-tls-tls13-10(2015).
|
| [45] | RESCORLA E.Cleaning up flaws in TLS implementations:technical perspective[J].Communications of the ACM,2017,60(2):98-98.
|
| [46] | RESCORLA E.The Transport Layer Security(TLS)Protocol Version 1.3-draft-ietf-tls-tls13-26[DB/OL].[2018-03-20].https://tools.ietf.org/html/draftietf-tls-tls13-26.
|
| [47] | DOBRAUNIG C,EICHLSEDER M,MENDEL F,et al.Analysis of SHA-512/224 and SHA-512/256[C]//Proceedings of International Conference on the Theory and Application of Cryptology and Information Security.Berlin:Springer-Verlag,2015:612-630.
|
| [48] | RIVEST R L,SHAMIR A,ADLEMEN L.A method for obtaining digital signatures and public-key cryptosystems[J].Communications of the ACM,1978,21(4):120-126.
|
| [49] | 项川,潘无穷,黎火荣,等.支持商密算法TLS浏览器的设计与实现[J].信息网络安全,2017(4):26-33.XIANG C,PAN W Q,LI H R,et al.Research and implementation of TLS browser supporting commercial cryptographic algorithm[J].Netinfo Security,2017(4):26-33(Ch).
|
| [50] | ZHANG Z F,YANG K,HU X X,et al.Practical anonymous password authentication and TLS with anonymous client authentication[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.New York:ACM Press,2016:1179-1191.DOI:10.1145/2976749.2978354.
|
| [51] | FISCHLIN M,GüNTHER F,SCHMIDT B,et al.Key confirmation in key exchange:A formal treatment and implications for TLS 1.3[C]//2016 IEEE Symposium on Security and Privacy.Washington D C:IEEE Press,2016:452-469.
|
| [52] | 徐震,陈路,于爱民.可信增强TLS协议的设计与实现[J].华中科技大学学报(自然科学版),2016,44(3):44-48.XU Z,CHEN L,YU A M.Design and implementation of trusted enhanced TLS protocol[J].Journal of Huazhong University of Science and Technology(Natural Science Edition),2016,44(3):44-48(Ch).
|
