{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T00:32:43Z","timestamp":1770337963216,"version":"3.49.0"},"publisher-location":"Cham","reference-count":26,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030688868","type":"print"},{"value":"9783030688875","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-68887-5_5","type":"book-chapter","created":{"date-parts":[[2021,2,11]],"date-time":"2021-02-11T15:22:40Z","timestamp":1613056960000},"page":"87-104","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Implementation Flaws in TLS Stacks: Lessons Learned and Study of TLS 1.3 Benefits"],"prefix":"10.1007","author":[{"given":"Olivier","family":"Levillain","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,2,12]]},"reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Adrian, D., et al.: Imperfect forward secrecy: how Diffie-Hellman fails in practice. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12\u201316 October 2015, pp. 5\u201317, October 2015","DOI":"10.1145\/2810103.2813707"},{"key":"5_CR2","unstructured":"Albrecht, M.R., Paterson, K.G.: Lucky microseconds: a timing attack on Amazon\u2019s s2n implementation of TLS. IACR Cryptology ePrint Archive (2015). http:\/\/eprint.iacr.org\/2015\/1129"},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"AlFardan, N.J., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, pp. 526\u2013540, May 2013","DOI":"10.1109\/SP.2013.42"},{"key":"5_CR4","unstructured":"Aviram, N., et al.: DROWN: breaking TLS with SSLv2. In: 25th USENIX Security Symposium, Austin, Texas, USA, August 2016"},{"key":"5_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/978-3-642-33481-8_9","volume-title":"Progress in Cryptology \u2013 LATINCRYPT 2012","author":"DJ Bernstein","year":"2012","unstructured":"Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 159\u2013176. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-33481-8_9"},{"key":"5_CR6","doi-asserted-by":"crossref","unstructured":"Beurdouche, B., et al.: A messy state of the union: taming the composite state machines of TLS. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, pp. 535\u2013552, May 2015","DOI":"10.1109\/SP.2015.39"},{"key":"5_CR7","doi-asserted-by":"crossref","unstructured":"Bhargavan, K., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.: Implementing TLS with verified cryptographic security. In: 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, pp. 445\u2013459, May 2013","DOI":"10.1109\/SP.2013.37"},{"key":"5_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/BFb0055716","volume-title":"Advances in Cryptology \u2014 CRYPTO 1998","author":"D Bleichenbacher","year":"1998","unstructured":"Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1\u201312. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0055716"},{"key":"5_CR9","unstructured":"Bleichenbacher, D.: Rump session at CRYPTO 2006: forging some RSA signatures with pencil and paper. Transposed by Hal Finney on the IETF Web mailing list, August 2006. https:\/\/www.ietf.org\/mail-archive\/web\/openpgp\/current\/msg00999.html"},{"key":"5_CR10","unstructured":"B\u00f6ck, H., Somorovsky, J., Young, C.: Return of bleichenbacher\u2019s oracle threat (ROBOT). In: 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, 15\u201317 August 2018, pp. 817\u2013849, August 2018"},{"key":"5_CR11","unstructured":"B\u00f6ck, H., Zauner, A., Devlin, S., Somorovsky, J., Jovanovic, P.: Nonce-disrespecting adversaries: practical forgery attacks on GCM in TLS. In: 10th USENIX Workshop on Offensive Technologies, WOOT 2016, Austin, USA, August 2016"},{"key":"5_CR12","unstructured":"Duong, T., Rizzo, J.: Here come the XOR ninjas. In: Ekoparty Security Conference, September 2011"},{"key":"5_CR13","doi-asserted-by":"crossref","unstructured":"Durumeric, Z., et al.: The matter of heartbleed. In: Proceedings of the 2014 Internet Measurement Conference, IMC 2014, Vancouver, BC, Canada, 5\u20137 November 2014, pp. 475\u2013488, November 2014","DOI":"10.1145\/2663716.2663755"},{"key":"5_CR14","unstructured":"Kikuchi, M.: How I discovered CCS injection vulnerability (CVE-2014-0224), June 2014. http:\/\/ccsinjection.lepidum.co.jp\/blog\/2014-06-05\/CCS-Injection-en\/index.html"},{"key":"5_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"310","DOI":"10.1007\/3-540-44647-8_19","volume-title":"Advances in Cryptology \u2014 CRYPTO 2001","author":"H Krawczyk","year":"2001","unstructured":"Krawczyk, H.: The order of encryption and authentication for protecting communications (or: how secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310\u2013331. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44647-8_19"},{"key":"5_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"631","DOI":"10.1007\/978-3-642-14623-7_34","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"H Krawczyk","year":"2010","unstructured":"Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631\u2013648. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14623-7_34"},{"key":"5_CR17","unstructured":"Amazon Web Services Labs: s2n: an implementation of the TLS\/SSL protocols (2015). https:\/\/github.com\/awslabs\/s2n"},{"key":"5_CR18","unstructured":"Langley, A.: Lucky thirteen attack on TLS CBC, February 2013. https:\/\/www.imperialviolet.org\/2013\/02\/04\/luckythirteen.html"},{"key":"5_CR19","unstructured":"Marlinspike, M.: Internet explorer SSL vulnerability (2002). http:\/\/www.thoughtcrime.org\/ie-ssl-chain.txt"},{"key":"5_CR20","unstructured":"Marlinspike, M.: More tricks for defeating SSL in practice, July 2009. http:\/\/www.blackhat.com\/presentations\/bh-usa-09\/MARLINSPIKE\/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf"},{"key":"5_CR21","unstructured":"Marlinspike, M.: BasicConstraints Back Then, July 2011. http:\/\/www.thoughtcrime.org\/blog\/sslsniff-anniversary-edition\/"},{"key":"5_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1007\/978-3-319-05149-9_12","volume-title":"Information Security Applications","author":"C Meyer","year":"2014","unstructured":"Meyer, C., Schwenk, J.: SoK: lessons learned from SSL\/TLS attacks. In: Kim, Y., Lee, H., Perrig, A. (eds.) WISA 2013. LNCS, vol. 8267, pp. 189\u2013209. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-05149-9_12"},{"key":"5_CR23","unstructured":"Meyer, C., Somorovsky, J., Weiss, E., Schwenk, J., Schinzel, S., Tews, E.: Revisiting SSL\/TLS implementations: new bleichenbacher side channels and attacks. In: Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, pp. 733\u2013748, August 2014"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Rescorla, E.: The transport layer security (TLS) protocol version 1.3. RFC 8446 (proposed standard), August 2018. https:\/\/doi.org\/10.17487\/RFC8446. https:\/\/www.rfc-editor.org\/rfc\/rfc8446.txt","DOI":"10.17487\/RFC8446"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Ronen, E., Gillham, R., Genkin, D., Shamir, A., Wong, D., Yarom, Y.: The 9 lives of bleichenbacher\u2019s CAT: new cache ATtacks on TLS implementations. In: 40th IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 2019","DOI":"10.1109\/SP.2019.00062"},{"key":"5_CR26","unstructured":"de Ruiter, J., Poll, E.: Protocol state fuzzing of TLS implementations. In: 24th USENIX Security Symposium, Washington, D.C., USA, pp. 193\u2013206, August 2015"}],"container-title":["Lecture Notes in Computer Science","Risks and Security of Internet and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-68887-5_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T22:47:16Z","timestamp":1619304436000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-68887-5_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030688868","9783030688875"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-68887-5_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"12 February 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRiSIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Risks and Security of Internet and Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Paris","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 November 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crisis2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.crisis-conference.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"44","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"16","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"36% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}