{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,11]],"date-time":"2025-04-11T04:57:52Z","timestamp":1744347472739,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540887324"},{"type":"electronic","value":"9783540887331"}],"license":[{"start":{"date-parts":[[2008,1,1]],"date-time":"2008-01-01T00:00:00Z","timestamp":1199145600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008]]},"DOI":"10.1007\/978-3-540-88733-1_22","type":"book-chapter","created":{"date-parts":[[2008,10,16]],"date-time":"2008-10-16T22:08:02Z","timestamp":1224194882000},"page":"313-327","source":"Crossref","is-referenced-by-count":36,"title":["Universally Composable Security Analysis of TLS"],"prefix":"10.1007","author":[{"given":"Sebastian","family":"Gajek","sequence":"first","affiliation":[]},{"given":"Mark","family":"Manulis","sequence":"additional","affiliation":[]},{"given":"Olivier","family":"Pereira","sequence":"additional","affiliation":[]},{"given":"Ahmad-Reza","family":"Sadeghi","sequence":"additional","affiliation":[]},{"given":"J\u00f6rg","family":"Schwenk","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"doi-asserted-by":"crossref","unstructured":"Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol, Version 1.1. RFC 4346, IETF (2006);","key":"#cr-split#-22_CR1.1","DOI":"10.17487\/rfc4346"},{"unstructured":"Proposed Standard","key":"#cr-split#-22_CR1.2"},{"key":"22_CR2","first-page":"136","volume-title":"FOCS","author":"R. Canetti","year":"2001","unstructured":"Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: FOCS, pp. 136\u2013145. IEEE Computer Society Press, Los Alamitos (2001)"},{"key":"22_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/3-540-44647-8_2","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"R. Canetti","year":"2001","unstructured":"Canetti, R., Fischlin, M.: Universally Composable Commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol.\u00a02139, pp. 19\u201340. Springer, Heidelberg (2001)"},{"key":"22_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1007\/11426639_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"R. Canetti","year":"2005","unstructured":"Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.D.: Universally Composable Password-Based Key Exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol.\u00a03494, pp. 404\u2013421. Springer, Heidelberg (2005)"},{"key":"22_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1007\/978-3-540-39650-5_4","volume-title":"Computer Security \u2013 ESORICS 2003","author":"D. Hofheinz","year":"2003","unstructured":"Hofheinz, D., M\u00fcller-Quade, J., Steinwandt, R.: Initiator-Resilient Universally Composable Key Exchange. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol.\u00a02808, pp. 61\u201384. Springer, Heidelberg (2003)"},{"key":"22_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/978-3-540-72540-4_7","volume-title":"Advances in Cryptology - EUROCRYPT 2007","author":"J. Katz","year":"2007","unstructured":"Katz, J.: Universally Composable Multi-Party Computation Using Tamper-Proof Hardware. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol.\u00a04515, pp. 115\u2013128. Springer, Heidelberg (2007)"},{"doi-asserted-by":"crossref","unstructured":"Canetti, R., Krawczyk, H., Nielsen, J.: Relaxing Chosen-Ciphertext Security. Cryptology ePrint Archive, Report 2003\/174 (2003)","key":"22_CR7","DOI":"10.1007\/978-3-540-45146-4_33"},{"key":"22_CR8","first-page":"494","volume-title":"STOC 2002","author":"R. Canetti","year":"2002","unstructured":"Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally Composable Two-Party and Multi-Party Secure Computation. In: STOC 2002, pp. 494\u2013503. ACM, New York (2002)"},{"unstructured":"Kidron, D., Lindell, Y.: Impossibility Results for Universal Composability in Public-Key Models and with Fixed Inputs. Cryptology ePrint Archive, Report 2007\/478 (2007)","key":"22_CR9"},{"key":"22_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-45708-9_10","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"R. Canetti","year":"2002","unstructured":"Canetti, R., Krawczyk, H.: Security Analysis of IKE\u2019s Signature-Based Key-Exchange Protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol.\u00a02442, pp. 143\u2013161. Springer, Heidelberg (2002)"},{"key":"22_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/3-540-46035-7_22","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"R. Canetti","year":"2002","unstructured":"Canetti, R., Krawczyk, H.: Universally Composable Notions of Key Exchange and Secure Channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol.\u00a02332, pp. 337\u2013351. Springer, Heidelberg (2002)"},{"unstructured":"Schneier, B., Wagner, D.: Analysis of the SSL 3.0 Protocol. In: Proceedings of the 2nd USENIX Workshop on Electronic Commerce (1996)","key":"22_CR12"},{"key":"22_CR13","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology - CRYPTO 1998","author":"D. Bleichenbacher","year":"1998","unstructured":"Bleichenbacher, D.: Chosen Ciphertext Attacks against Protocols based on the RSA Encryption Standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol.\u00a01462, pp. 1\u201312. Springer, Heidelberg (1998)"},{"key":"22_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/3-540-45708-9_9","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"J. Jonsson","year":"2002","unstructured":"Jonsson, J., Kaliski, B.: On the Security of RSA Encryption in TLS. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol.\u00a02442, pp. 127\u2013142. Springer, Heidelberg (2002)"},{"key":"22_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"310","DOI":"10.1007\/3-540-44647-8_19","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"H. Krawczyk","year":"2001","unstructured":"Krawczyk, H.: The Order of Encryption and Authentication for Protecting Communications (or: How Secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol.\u00a02139, pp. 310\u2013331. Springer, Heidelberg (2001)"},{"issue":"3","key":"22_CR16","doi-asserted-by":"publisher","first-page":"332","DOI":"10.1145\/322510.322530","volume":"2","author":"L.C. Paulson","year":"1999","unstructured":"Paulson, L.C.: Inductive Analysis of the Internet Protocol TLS. ACM Transactions on Computer and System Security\u00a02(3), 332\u2013351 (1999)","journal-title":"ACM Transactions on Computer and System Security"},{"unstructured":"Mitchell, J.C., Shmatikov, V., Stern, U.: Finite-State Analysis of SSL 3.0. In: Proceedings of the 7th Conference on USENIX Security Symposium, p. 16 (1998)","key":"22_CR17"},{"key":"22_CR18","first-page":"795","volume-title":"ICDCS 2005","author":"K. Ogata","year":"2005","unstructured":"Ogata, K., Futatsugi, K.: Equational Approach to Formal Analysis of TLS. In: ICDCS 2005, pp. 795\u2013804. IEEE Computer Society Press, Los Alamitos (2005)"},{"key":"22_CR19","first-page":"2","volume-title":"ACM Conference on Computer and Communications Security CCS 2005","author":"C. He","year":"2005","unstructured":"He, C., Sundararajan, M., Datta, A., Derek, A., Mitchell, J.C.: A Modular Correctness Proof of IEEE 802.11i and TLS. In: ACM Conference on Computer and Communications Security CCS 2005, pp. 2\u201315. ACM, New York (2005)"},{"issue":"2","key":"22_CR20","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","volume":"29","author":"D. Dolev","year":"1983","unstructured":"Dolev, D., Yao, A.C.C.: On the Security of Public Key Protocols. IEEE Transactions on Information Theory\u00a029(2), 198\u2013207 (1983)","journal-title":"IEEE Transactions on Information Theory"},{"doi-asserted-by":"crossref","unstructured":"Morrissey, P., Smart, N.P., Warinschi, B.: A Modular Security Analysis of the TLS Handshake Protocol. Cryptology ePrint Archive, Report 2008\/236 (2008)","key":"22_CR21","DOI":"10.1007\/978-3-540-89255-7_5"},{"unstructured":"Jonsson, J.: Security Proofs for the RSA-PSS Signature Scheme and Its Variants. Cryptology ePrint Archive, Report 2001\/053 (2001)","key":"22_CR22"},{"key":"22_CR23","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology - CRYPTO 1996","author":"M. Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol.\u00a01109, pp. 1\u201315. Springer, Heidelberg (1996)"},{"key":"22_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/3-540-44448-3_41","volume-title":"Advances in Cryptology - ASIACRYPT 2000","author":"M. Bellare","year":"2000","unstructured":"Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol.\u00a01976, pp. 531\u2013545. Springer, Heidelberg (2000)"},{"key":"22_CR25","first-page":"21","volume-title":"AsiaCCS 2008","author":"P.A. Fouque","year":"2008","unstructured":"Fouque, P.A., Pointcheval, D., Zimmer, S.: HMAC is a Randomness Extractor and Applications to TLS. In: AsiaCCS 2008, pp. 21\u201332. ACM Press, New York (2008)"},{"key":"22_CR26","first-page":"219","volume-title":"CSFW 2004","author":"R. Canetti","year":"2004","unstructured":"Canetti, R.: Universally Composable Signature, Certification, and Authentication. In: CSFW 2004, pp. 219\u2013233. IEEE CS, Los Alamitos (2004), http:\/\/eprint.iacr.org\/2003\/239"},{"key":"22_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"380","DOI":"10.1007\/11681878_20","volume-title":"Theory of Cryptography","author":"R. Canetti","year":"2006","unstructured":"Canetti, R., Herzog, J.: Universally Composable Symbolic Analysis of Mutual Authentication and Key-Exchange Protocols. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol.\u00a03876, pp. 380\u2013403. Springer, Heidelberg (2006)"},{"key":"22_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/978-3-540-45146-4_16","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"R. Canetti","year":"2003","unstructured":"Canetti, R., Rabin, T.: Universal Composition with Joint State. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol.\u00a02729, pp. 265\u2013281. Springer, Heidelberg (2003)"},{"doi-asserted-by":"crossref","unstructured":"Hansen, S., Skriver, J., Nielson, H.: Using Static Analysis to Validate the SAML Single Sign-On Protocol. In: Proceedings of the 2005 Workshop on Issues in the Theory of Security (2005)","key":"22_CR29","DOI":"10.1145\/1045405.1045409"},{"key":"22_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"489","DOI":"10.1007\/11555827_28","volume-title":"Computer Security \u2013 ESORICS 2005","author":"T. Gro\u00df","year":"2005","unstructured":"Gro\u00df, T., Pfitzmann, B., Sadeghi, A.R.: Browser Model for Security Analysis of Browser-Based Protocols. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol.\u00a03679, pp. 489\u2013508. Springer, Heidelberg (2005)"},{"key":"22_CR31","volume-title":"Workshop on Secure Web Services","author":"T. Gro\u00df","year":"2005","unstructured":"Gro\u00df, T., Pfitzmann, B., Sadeghi, A.R.: Proving a WS-Federation Passive Requestor Profile with a Browser Model. In: Workshop on Secure Web Services. ACM Press, New York (2005)"}],"container-title":["Lecture Notes in Computer Science","Provable Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-88733-1_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,14]],"date-time":"2019-05-14T14:45:09Z","timestamp":1557845109000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-88733-1_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008]]},"ISBN":["9783540887324","9783540887331"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-88733-1_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2008]]}}}