{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T02:04:59Z","timestamp":1742954699389,"version":"3.40.3"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030643560"},{"type":"electronic","value":"9783030643577"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-64357-7_1","type":"book-chapter","created":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T11:47:35Z","timestamp":1606218455000},"page":"1-22","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["On the Memory Fault Resilience of TLS 1.3"],"prefix":"10.1007","author":[{"given":"Lukas","family":"Brandstetter","sequence":"first","affiliation":[]},{"given":"Marc","family":"Fischlin","sequence":"additional","affiliation":[]},{"given":"Robin Leander","family":"Schr\u00f6der","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Yonli","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,11,24]]},"reference":[{"key":"1_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"644","DOI":"10.1007\/978-3-030-45721-1_23","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"DF Aranha","year":"2020","unstructured":"Aranha, D.F., Orlandi, C., Takahashi, A., Zaverucha, G.: Security of hedged fiat\u2013shamir signatures under fault attacks. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 644\u2013674. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45721-1_23"},{"key":"1_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/978-3-642-10366-7_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"M Bellare","year":"2009","unstructured":"Bellare, M., et al.: Hedged public-key encryption: how to protect against bad randomness. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 232\u2013249. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_14"},{"key":"1_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"491","DOI":"10.1007\/3-540-39200-9_31","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2003","author":"M Bellare","year":"2003","unstructured":"Bellare, M., Kohno, T.: A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491\u2013506. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-39200-9_31"},{"key":"1_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1007\/BFb0052259","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201997","author":"E Biham","year":"1997","unstructured":"Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513\u2013525. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/BFb0052259"},{"key":"1_CR5","unstructured":"B\u00f6ck, H., Zauner, A., Devlin, S., Somorovsky, J., Jovanovic, P.: Nonce-disrespecting adversaries: practical forgery attacks on GCM in TLS. In: 10th USENIX Workshop on Offensive Technologies (WOOT 2016) (2016)"},{"key":"1_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/3-540-69053-0_4","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201997","author":"D Boneh","year":"1997","unstructured":"Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37\u201351. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_4"},{"key":"1_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/11935230_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"S Contini","year":"2006","unstructured":"Contini, S., Yin, Y.L.: Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 37\u201353. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11935230_3"},{"issue":"1","key":"1_CR8","doi-asserted-by":"publisher","first-page":"80","DOI":"10.46586\/tosc.v2017.i1.80-105","volume":"2017","author":"C Dobraunig","year":"2017","unstructured":"Dobraunig, C., Eichlseder, M., Mangard, S., Mendel, F., Unterluggauer, T.: ISAP - towards side-channel secure authenticated encryption. IACR Trans. Symmetric Cryptol. 2017(1), 80\u2013105 (2017)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Dowling, B., Fischlin, M., G\u00fcnther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12\u201316 October 2015, pp. 1197\u20131210. ACM (2015)","DOI":"10.1145\/2810103.2813653"},{"key":"1_CR10","unstructured":"Dowling, B., Fischlin, M., G\u00fcnther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol. IACR Cryptol. ePrint Arch. 2020, 1044 (2020). https:\/\/eprint.iacr.org\/2020\/1044"},{"key":"1_CR11","doi-asserted-by":"publisher","unstructured":"Dworkin, M.: Recommendation for block cipher modes of operation: The CCM mode for authentication and confidentiality. NIST Special Publication 800\u201338C (2004). https:\/\/doi.org\/10.6028\/NIST.SP.800-38C","DOI":"10.6028\/NIST.SP.800-38C"},{"key":"1_CR12","doi-asserted-by":"publisher","unstructured":"Dworkin, M.: Recommendation for block cipher modes of operation: Galois\/counter mode (GCM) and gmac. NIST Special Publication 800\u201338D (2007). https:\/\/doi.org\/10.6028\/NIST.SP.800-38D","DOI":"10.6028\/NIST.SP.800-38D"},{"key":"1_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-030-40186-3_4","volume-title":"Topics in Cryptology \u2013 CT-RSA 2020","author":"M Fischlin","year":"2020","unstructured":"Fischlin, M., G\u00fcnther, F.: Modeling memory faults in signature and authenticated encryption schemes. In: Jarecki, S. (ed.) CT-RSA 2020. LNCS, vol. 12006, pp. 56\u201384. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-40186-3_4"},{"key":"1_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/978-3-540-74143-5_2","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"P-A Fouque","year":"2007","unstructured":"Fouque, P.-A., Leurent, G., Nguyen, P.Q.: Full key-recovery attacks on HMAC\/NMAC-MD4 and NMAC-MD5. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 13\u201330. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74143-5_2"},{"key":"1_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"258","DOI":"10.1007\/978-3-540-24638-1_15","volume-title":"Theory of Cryptography","author":"R Gennaro","year":"2004","unstructured":"Gennaro, R., Lysyanskaya, A., Malkin, T., Micali, S., Rabin, T.: Algorithmic Tamper-Proof (ATP) security: theoretical foundations for security against hardware tampering. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 258\u2013277. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-24638-1_15"},{"key":"1_CR16","doi-asserted-by":"publisher","unstructured":"Gueron, S., Langley, A., Lindell, Y.: AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption. RFC 8452 (2019). https:\/\/doi.org\/10.17487\/RFC8452, https:\/\/rfc-editor.org\/rfc\/rfc8452.txt","DOI":"10.17487\/RFC8452"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Gueron, S., Lindell, Y.: GCM-SIV: full nonce misuse-resistant authenticated encryption at under one cycle per byte. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12\u201316 October 2015, pp. 109\u2013119. ACM (2015)","DOI":"10.1145\/2810103.2813613"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Gueron, S., Lindell, Y.: Better bounds for block cipher modes of operation via nonce-based key derivation. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 30 October\u201303 November 2017, pp. 1019\u20131036. ACM (2017)","DOI":"10.1145\/3133956.3133992"},{"key":"1_CR19","unstructured":"Joux, A.: Authentication failures in NIST version of GCM. NIST Comment, p. 3 (2006)"},{"issue":"4","key":"1_CR20","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1007\/s001459900055","volume":"12","author":"M Joye","year":"1999","unstructured":"Joye, M., Lenstra, A.K., Quisquater, J.: Chinese remaindering based cryptosystems in the presence of faults. J. Cryptol. 12(4), 241\u2013245 (1999)","journal-title":"J. Cryptol."},{"key":"1_CR21","doi-asserted-by":"crossref","unstructured":"Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: Proceeding of the 41st Annual International Symposium on Computer Architecuture, ISCA 2014, pp. 361\u2013372. IEEE Press (2014)","DOI":"10.1109\/ISCA.2014.6853210"},{"key":"1_CR22","doi-asserted-by":"publisher","unstructured":"McGrew, D.: An Interface and Algorithms for Authenticated Encryption. RFC 5116 (2008). https:\/\/doi.org\/10.17487\/RFC5116, https:\/\/rfc-editor.org\/rfc\/rfc5116.txt","DOI":"10.17487\/RFC5116"},{"key":"1_CR23","doi-asserted-by":"publisher","unstructured":"Patton, C., Shrimpton, T.: Partially specified channels: the TLS 1.3 record layer without elision. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, 15\u201319 October 2018, pp. 1415\u20131428. ACM (2018). https:\/\/doi.org\/10.1145\/3243734.3243789","DOI":"10.1145\/3243734.3243789"},{"key":"1_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"580","DOI":"10.1007\/978-3-642-34961-4_35","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"T Peyrin","year":"2012","unstructured":"Peyrin, T., Sasaki, Yu., Wang, L.: Generic related-key attacks for HMAC. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 580\u2013597. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34961-4_35"},{"key":"1_CR25","doi-asserted-by":"crossref","unstructured":"Poddebniak, D., Somorovsky, J., Schinzel, S., Lochter, M., R\u00f6sler, P.: Attacking deterministic signature schemes using fault attacks. In: 2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018, London, United Kingdom, 24\u201326 April 2018, pp. 338\u2013352. IEEE (2018)","DOI":"10.1109\/EuroSP.2018.00031"},{"key":"1_CR26","unstructured":"Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., Bos, H.: Flip Feng Shui: Hammering a needle in the software stack. In: Holz, T., Savage, S. (eds.) 25th USENIX Security Symposium, USENIX Security 2016, Austin, TX, USA, 10\u201312 August 2016, pp. 1\u201318. USENIX Association (2016)"},{"issue":"3","key":"1_CR27","first-page":"347","volume":"14","author":"C Rechberger","year":"2008","unstructured":"Rechberger, C., Rijmen, V.: New results on NMAC\/HMAC when instantiated with popular hash functions. J. UCS 14(3), 347\u2013376 (2008)","journal-title":"J. UCS"},{"key":"1_CR28","doi-asserted-by":"publisher","unstructured":"Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446 (2018). https:\/\/doi.org\/10.17487\/RFC8446, https:\/\/rfc-editor.org\/rfc\/rfc8446.txt","DOI":"10.17487\/RFC8446"},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"Rogaway, P.: Authenticated-encryption with associated-data. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, Washington, DC, USA, 18\u201322 November 2002, pp. 98\u2013107. ACM (2002)","DOI":"10.1145\/586110.586125"},{"key":"1_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/11761679_23","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"P Rogaway","year":"2006","unstructured":"Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373\u2013390. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_23"},{"key":"1_CR31","doi-asserted-by":"crossref","unstructured":"Romailler, Y., Pelissier, S.: Practical fault attack against the Ed25519 and EdDSA signature schemes. In: 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2017, Taipei, Taiwan, 25 September 2017, pp. 17\u201324. IEEE Computer Society (2017)","DOI":"10.1109\/FDTC.2017.12"},{"key":"1_CR32","doi-asserted-by":"crossref","unstructured":"van der Veen, V., et al.: Drammer: deterministic rowhammer attacks on mobile platforms. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24\u201328 October 2016, pp. 1675\u20131689. ACM (2016)","DOI":"10.1145\/2976749.2978406"},{"key":"1_CR33","doi-asserted-by":"publisher","unstructured":"Yoav Nir, A.L.: ChaCha20 and Poly1305 for IETF Protocols. RFC 8439 (2018). https:\/\/doi.org\/10.17487\/RFC8439, https:\/\/rfc-editor.org\/rfc\/rfc8439.txt","DOI":"10.17487\/RFC8439"}],"container-title":["Lecture Notes in Computer Science","Security Standardisation Research"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-64357-7_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T12:43:15Z","timestamp":1619268195000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-64357-7_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030643560","9783030643577"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-64357-7_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"24 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SSR","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Research in Security Standardisation","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"London","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ssr2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ssr2020.mozilla.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}