{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T03:15:41Z","timestamp":1773717341435,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":36,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642402029","type":"print"},{"value":"9783642402036","type":"electronic"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-40203-6_22","type":"book-chapter","created":{"date-parts":[[2013,8,14]],"date-time":"2013-08-14T02:48:53Z","timestamp":1376448533000},"page":"381-399","source":"Crossref","is-referenced-by-count":21,"title":["ASICS: Authenticated Key Exchange Security Incorporating Certification Systems"],"prefix":"10.1007","author":[{"given":"Colin","family":"Boyd","sequence":"first","affiliation":[]},{"given":"Cas","family":"Cremers","sequence":"additional","affiliation":[]},{"given":"Mich\u00e8le","family":"Feltz","sequence":"additional","affiliation":[]},{"given":"Kenneth G.","family":"Paterson","sequence":"additional","affiliation":[]},{"given":"Bertram","family":"Poettering","sequence":"additional","affiliation":[]},{"given":"Douglas","family":"Stebila","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"22_CR1","doi-asserted-by":"crossref","unstructured":"Adams, C., Farrell, S., Kause, T., Mononen, T.: Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP). RFC 4210 (Proposed Standard) (September 2005), \n                    \n                      http:\/\/www.ietf.org\/rfc\/rfc4210.txt\n                    \n                    \n                  , updated by RFC 6712","DOI":"10.17487\/rfc4210"},{"key":"22_CR2","unstructured":"Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management \u2014 Part 1: General. NIST Special Publication (March 2007), \n                    \n                      http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-57\/sp800-57-Part1-revised2_Mar08-2007.pdf"},{"key":"22_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-45539-6_11","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"M. Bellare","year":"2000","unstructured":"Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol.\u00a01807, pp. 139\u2013155. Springer, Heidelberg (2000)"},{"key":"22_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"Advances in Cryptology - CRYPTO \u201993","author":"M. Bellare","year":"1994","unstructured":"Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol.\u00a0773, pp. 232\u2013249. Springer, Heidelberg (1994)"},{"key":"22_CR5","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Provably secure session key distribution: The three party case. In: 27th ACM STOC, pp. 57\u201366. ACM Press (1995)","DOI":"10.1145\/225058.225084"},{"key":"22_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1007\/BFb0024447","volume-title":"Cryptography and Coding","author":"S. Blake-Wilson","year":"1997","unstructured":"Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol.\u00a01355, pp. 30\u201345. Springer, Heidelberg (1997)"},{"key":"22_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1007\/BFb0028166","volume-title":"Security Protocols","author":"S. Blake-Wilson","year":"1998","unstructured":"Blake-Wilson, S., Menezes, A.: Entity authentication and authenticated key transport protocols employing asymmetric techniques. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol.\u00a01361, pp. 137\u2013158. Springer, Heidelberg (1998)"},{"key":"22_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1007\/3-540-49162-7_12","volume-title":"Public Key Cryptography","author":"S. Blake-Wilson","year":"1999","unstructured":"Blake-Wilson, S., Menezes, A.: Unknown key-share attacks on the station-to-station (STS) protocol. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol.\u00a01560, pp. 154\u2013170. Springer, Heidelberg (1999)"},{"key":"22_CR9","doi-asserted-by":"crossref","unstructured":"Boyd, C., Cremers, C., Feltz, M., Paterson, K.G., Poettering, B., Stebila, D.: ASICS: Authenticated key exchange security incorporating certification sytems. Cryptology ePrint Archive, Report 2013\/398 (2013), \n                    \n                      http:\/\/eprint.iacr.org\/","DOI":"10.1007\/978-3-642-40203-6_22"},{"key":"22_CR10","unstructured":"CA\/Browser Forum: Baseline requirements for the issuance and management of publicly-trusted certificates, v1.1 (2011), \n                    \n                      https:\/\/cabforum.org\/Baseline_Requirements_V1_1.pdf"},{"key":"22_CR11","unstructured":"CA\/Browser Forum: Guidelines for the issuance and management of extended validation certificates, v1.4 (2012), \n                    \n                      https:\/\/cabforum.org\/Guidelines_v1_4.pdf"},{"key":"22_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1007\/3-540-44987-6_28","volume-title":"Advances in Cryptology - EUROCRYPT 2001","author":"R. Canetti","year":"2001","unstructured":"Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol.\u00a02045, pp. 453\u2013474. Springer, Heidelberg (2001)"},{"key":"22_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/978-3-540-78967-3_8","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"D. Cash","year":"2008","unstructured":"Cash, D., Kiltz, E., Shoup, V.: The twin Diffie-Hellman problem and applications. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol.\u00a04965, pp. 127\u2013145. Springer, Heidelberg (2008)"},{"key":"22_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1007\/978-3-642-17401-8_5","volume-title":"Progress in Cryptology - INDOCRYPT 2010","author":"S. Chatterjee","year":"2010","unstructured":"Chatterjee, S., Menezes, A., Ustaoglu, B.: Combined security analysis of the one- and three-pass Unified Model key agreement protocols. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol.\u00a06498, pp. 49\u201368. Springer, Heidelberg (2010)"},{"key":"22_CR15","doi-asserted-by":"crossref","unstructured":"Cremers, C.: Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK. In: Cheung, B.S.N., Hui, L.C.K., Sandhu, R.S., Wong, D.S. (eds.) ASIACCS 2011, pp. 80\u201391. ACM Press (2011)","DOI":"10.1145\/1966913.1966925"},{"key":"22_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"734","DOI":"10.1007\/978-3-642-33167-1_42","volume-title":"Computer Security \u2013 ESORICS 2012","author":"C. Cremers","year":"2012","unstructured":"Cremers, C., Feltz, M.: Beyond eCK: Perfect forward secrecy under actor compromise and ephemeral-key reveal. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol.\u00a07459, pp. 734\u2013751. Springer, Heidelberg (2012)"},{"key":"22_CR17","unstructured":"Ducklin, P.: The TURKTRUST SSL certificate fiasco \u2014 what really happened, and what happens next? (January 2013), \n                    \n                      http:\/\/nakedsecurity.sophos.com\/2013\/01\/08\/the-turktrust-ssl-certificate-fiasco-what-happened-and-what-happens-next\/"},{"key":"22_CR18","unstructured":"FOX IT: Black Tulip: Report of the investigation into the DigiNotar Certificate Authority breach (2012), \n                    \n                      http:\/\/www.rijksoverheid.nl\/bestanden\/documenten-en-publicaties\/rapporten\/2012\/08\/13\/black-tulip-update\/black-tulip-update.pdf"},{"key":"22_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/978-3-642-36362-7_17","volume-title":"Public-Key Cryptography \u2013 PKC 2013","author":"E.S.V. Freire","year":"2013","unstructured":"Freire, E.S.V., Hofheinz, D., Kiltz, E., Paterson, K.G.: Non-interactive key exchange. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol.\u00a07778, pp. 254\u2013271. Springer, Heidelberg (2013)"},{"issue":"2","key":"22_CR20","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1007\/s10623-011-9604-z","volume":"67","author":"I. Goldberg","year":"2013","unstructured":"Goldberg, I., Stebila, D., Ustaoglu, B.: Anonymity and one-way authentication in key exchange protocols. Designs, Codes and Cryptography\u00a067(2), 245\u2013269 (2013)","journal-title":"Designs, Codes and Cryptography"},{"key":"22_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1007\/978-3-540-24852-1_16","volume-title":"Applied Cryptography and Network Security","author":"I.R. Jeong","year":"2004","unstructured":"Jeong, I.R., Katz, J., Lee, D.-H.: One-round protocols for two-party authenticated key exchange. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol.\u00a03089, pp. 220\u2013232. Springer, Heidelberg (2004)"},{"key":"22_CR22","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1145\/501978.501981","volume":"4","author":"B.S. Kaliski","year":"2001","unstructured":"Kaliski, B.S.: An unknown key-share attack on the MQV key agreement protocol. ACM Transactions on Information and System Security (TISSEC)\u00a04, 275\u2013288 (2001)","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"22_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"546","DOI":"10.1007\/11535218_33","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"H. Krawczyk","year":"2005","unstructured":"Krawczyk, H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 546\u2013566. Springer, Heidelberg (2005)"},{"key":"22_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"549","DOI":"10.1007\/11593447_30","volume-title":"Advances in Cryptology - ASIACRYPT 2005","author":"C. Kudla","year":"2005","unstructured":"Kudla, C., Paterson, K.G.: Modular security proofs for key agreement protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol.\u00a03788, pp. 549\u2013565. Springer, Heidelberg (2005)"},{"key":"22_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-75670-5_1","volume-title":"Provable Security","author":"B.A. LaMacchia","year":"2007","unstructured":"LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol.\u00a04784, pp. 1\u201316. Springer, Heidelberg (2007)"},{"key":"22_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"378","DOI":"10.1007\/11745853_25","volume-title":"Public Key Cryptography - PKC 2006","author":"K. Lauter","year":"2006","unstructured":"Lauter, K., Mityagin, A.: Security analysis of KEA authenticated key exchange protocol. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol.\u00a03958, pp. 378\u2013394. Springer, Heidelberg (2006)"},{"key":"22_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1007\/BFb0052240","volume-title":"Advances in Cryptology - CRYPTO \u201997","author":"C.H. Lim","year":"1997","unstructured":"Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol.\u00a01294, pp. 249\u2013263. Springer, Heidelberg (1997)"},{"key":"22_CR28","unstructured":"Menezes, A.: Another look at HMQV. Cryptology ePrint Archive, Report 2005\/205 (2005), \n                    \n                      http:\/\/eprint.iacr.org\/"},{"key":"22_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1007\/11941378_11","volume-title":"Progress in Cryptology - INDOCRYPT 2006","author":"A. Menezes","year":"2006","unstructured":"Menezes, A., Ustaoglu, B.: On the importance of public-key validation in the MQV and HMQV key agreement protocols. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol.\u00a04329, pp. 133\u2013147. Springer, Heidelberg (2006)"},{"key":"22_CR30","doi-asserted-by":"crossref","unstructured":"Menezes, A., Ustaoglu, B.: Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard. In: Abe, M., Gligor, V. (eds.) ASIACCS 2008, pp. 261\u2013270. ACM Press (2008)","DOI":"10.1145\/1368310.1368348"},{"key":"22_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"228","DOI":"10.1007\/978-3-540-72540-4_13","volume-title":"Advances in Cryptology - EUROCRYPT 2007","author":"T. Ristenpart","year":"2007","unstructured":"Ristenpart, T., Yilek, S.: The power of proofs-of-possession: Securing multiparty signatures against rogue-key attacks. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol.\u00a04515, pp. 228\u2013245. Springer, Heidelberg (2007)"},{"key":"22_CR32","doi-asserted-by":"crossref","unstructured":"Schaad, J.: Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF). RFC 4211 (Proposed Standard) (September 2005), \n                    \n                      http:\/\/www.ietf.org\/rfc\/rfc4211.txt","DOI":"10.17487\/rfc4211"},{"key":"22_CR33","unstructured":"Shoup, V.: On formal methods for secure key exchange (version 4) (November 1999), revision of IBM Research Report RZ 3120 (April 1999), \n                    \n                      http:\/\/www.shoup.net\/papers\/skey.pdf"},{"key":"22_CR34","unstructured":"Turner, P., Polk, W., Barker, E.: ITL Bulletin for July 2012: Preparing for and responding to certification authority compromise and fraudulent certificate issuance (2012), \n                    \n                      http:\/\/csrc.nist.gov\/publications\/nistbul\/july-2012_itl-bulletin.pdf\n                    \n                    \n                   (accessed March 12, 2013)"},{"issue":"3","key":"22_CR35","doi-asserted-by":"publisher","first-page":"329","DOI":"10.1007\/s10623-007-9159-1","volume":"46","author":"B. Ustaoglu","year":"2008","unstructured":"Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS. Designs, Codes and Cryptography\u00a046(3), 329\u2013342 (2008)","journal-title":"Designs, Codes and Cryptography"},{"key":"22_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/978-3-642-04642-1_16","volume-title":"Provable Security","author":"B. Ustaoglu","year":"2009","unstructured":"Ustaoglu, B.: Comparing SessionStateReveal and EphemeralKeyReveal for Diffie-Hellman protocols. In: Pieprzyk, J., Zhang, F. (eds.) ProvSec 2009. LNCS, vol.\u00a05848, pp. 183\u2013197. Springer, Heidelberg (2009)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2013"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-40203-6_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,2]],"date-time":"2019-06-02T20:44:32Z","timestamp":1559508272000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-40203-6_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642402029","9783642402036"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-40203-6_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}