乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,8,24]],"date-time":"2024-08-24T10:55:40Z","timestamp":1724496940743},"reference-count":64,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers & Security"],"published-print":{"date-parts":[[2019,1]]},"DOI":"10.1016\/j.cose.2018.09.001","type":"journal-article","created":{"date-parts":[[2018,9,20]],"date-time":"2018-09-20T00:31:49Z","timestamp":1537403509000},"page":"1-13","update-policy":"http:\/\/dx.doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":11,"special_numbering":"C","title":["Another look at TLS ecosystems in networked devices vs. Web servers"],"prefix":"10.1016","volume":"80","author":[{"given":"Nayanamana","family":"Samarasinghe","sequence":"first","affiliation":[]},{"ORCID":"http:\/\/orcid.org\/0000-0002-9630-5858","authenticated-orcid":false,"given":"Mohammad","family":"Mannan","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2018.09.001_bib0001","series-title":"In: Proceedings of the CCS\u201915, Denver, CO, USA","article-title":"Imperfect forward secrecy: how Diffie-Hellman fails in practice","author":"Adrian","year":"2015"},{"key":"10.1016\/j.cose.2018.09.001_bib0002","series-title":"In: Proceedings of the ATSC\u201918, Singapore","article-title":"What\u2019s in a downgrade? A taxonomy of downgrade attacks in the TLS protocol and application protocols using TLS","author":"Alashwali","year":"2018"},{"key":"10.1016\/j.cose.2018.09.001_bib0003","series-title":"In: Proceedings of the ISCAIE\u201915, Langkawi, Malaysia","article-title":"Sieving technique to solve the discrete log hard problem in Diffie-Hellman key exchange","author":"Alias","year":"2015"},{"key":"10.1016\/j.cose.2018.09.001_bib0004","series-title":"In: Proceedings of the USENIX Security\u201917, Vancouver, BC, Canada","article-title":"Understanding the Mirai botnet","author":"Antonakakis","year":"2017"},{"key":"10.1016\/j.cose.2018.09.001_bib0005","series-title":"In: Proceedings of the SECUREWARE\u201916, Nice, France","article-title":"Modeling vulnerable Internet of Things on SHODAN and CENSYS: an ontology for cyber security","author":"Arnaert","year":"2016"},{"key":"10.1016\/j.cose.2018.09.001_bib0006","unstructured":"ArsTechnica.com. Using IPv6 with Linux? you\u2019ve likely been visited by Shodan and other scanners. News article (Feb. 1, 2016). http:\/\/arstechnica.com\/security\/2016\/02\/using-ipv6-with-linux-youve-likely-been-visited-by-shodan-and-other-scanners\/."},{"key":"10.1016\/j.cose.2018.09.001_bib0007","unstructured":"Australian Government, Department of Defense. Assessing security vulnerabilities and applying patches (Jan. 2018). https:\/\/www.asd.gov.au\/publications\/protect\/assessing_security_vulnerabilities_and_patches.htm."},{"key":"10.1016\/j.cose.2018.09.001_bib0008","series-title":"USENIX Security\u201916, Vancouver, BC, Canada","article-title":"DROWN: breaking TLS Using SSLv2","author":"Aviram","year":"2016"},{"key":"10.1016\/j.cose.2018.09.001_bib0009","series-title":"In: Proceedings of the IoT S&P\u201917, Dallas, TX, USA","article-title":"Sounding the bell for improving internet (of things) security","author":"Benson","year":"2017"},{"key":"10.1016\/j.cose.2018.09.001_bib0010","series-title":"In: Proceedings of the CCS\u201916","article-title":"On the practical (in-)security of 64-bit block ciphers: collision attacks on HTTP over TLS and OpenVPN","author":"Bhargavan","year":"2016"},{"key":"10.1016\/j.cose.2018.09.001_bib0011","series-title":"In: Proceedings of the workshop on future directions in cyber-physical systems security\u201909, Newark, NJ, USA","article-title":"Challenges for securing cyber physical systems","author":"Cardenas","year":"2009"},{"key":"10.1016\/j.cose.2018.09.001_bib0012","series-title":"In: Proceedings of the NDSS\u201916, San Diego, CA, USA","article-title":"Killed by proxy: analyzing client-end TLS interception software","author":"de Carnavalet","year":"2016"},{"key":"10.1016\/j.cose.2018.09.001_bib0013","unstructured":"CERT. Vulnerability note 566724, 2015. https:\/\/www.kb.cert.org\/vuls\/id\/566724."},{"key":"10.1016\/j.cose.2018.09.001_bib0014","doi-asserted-by":"crossref","unstructured":"Chung T, Liu Y, Choffnes D, Levin D, Maggs BM, Mislove A, Wilson C. Measuring and applying invalid SSL certificates: The silent majority. In: Proceedings of the IMC\u201916, 2016.","DOI":"10.1145\/2987443.2987454"},{"key":"10.1016\/j.cose.2018.09.001_bib0015","series-title":"In: Proceedings of the USENIX Security\u201914","article-title":"A large-scale analysis of the security of embedded firmwares","author":"Costin","year":"2014"},{"key":"10.1016\/j.cose.2018.09.001_bib0016","series-title":"In: Proceedings of the ASIACCS\u201916","article-title":"Automated dynamic firmware analysis at scale: a case study on embedded web interfaces","author":"Costin","year":"2016"},{"key":"10.1016\/j.cose.2018.09.001_bib0017","series-title":"In: Proceedings of the IEEE IAS PCIC\u201905, Denver, CO, USA","article-title":"Industrial cybersecurity for power system and SCADA networks","author":"Creery","year":"2005"},{"key":"10.1016\/j.cose.2018.09.001_bib0018","series-title":"In: Proceedings of the NDSS\u201913, San Diego, CA, USA","article-title":"When firmware modifications attack: a case study of embedded exploitation","author":"Cui","year":"2013"},{"key":"10.1016\/j.cose.2018.09.001_bib0019","series-title":"In: Proceedings of the ACSAC\u201910, Austin, TX, USA","article-title":"A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan","author":"Cui","year":"2010"},{"key":"10.1016\/j.cose.2018.09.001_bib0020","series-title":"In: Proceedings of the NDSS\u201916, San Diego, CA, USA","article-title":"Don\u2019t forget to lock the back door! A characterization of IPv6 network security policy","author":"Czyz","year":"2016"},{"key":"10.1016\/j.cose.2018.09.001_bib0021","unstructured":"Duong T, Rizzo J. Here come the \u2295 ninjas. Technical report (May 2011)."},{"key":"10.1016\/j.cose.2018.09.001_bib0022","series-title":"In: Proceedings of the CCS\u201915, Denver, CO, USA","article-title":"A search engine backed by internet-wide scanning","author":"Durumeric","year":"2015"},{"key":"10.1016\/j.cose.2018.09.001_bib0023","series-title":"IMC\u201914, Vancouver, BC, Canada","article-title":"The matter of Heartbleed","author":"Durumeric","year":"2014"},{"key":"10.1016\/j.cose.2018.09.001_bib0024","series-title":"In: Proceedings of the IMC\u201913, Barcelona, Spain","article-title":"Analysis of the HTTPS certificate ecosystem","author":"Durumeric","year":"2013"},{"key":"10.1016\/j.cose.2018.09.001_bib0025","series-title":"In: Proceedings of the USENIX Security\u201913, Washington, D.C., USA","article-title":"ZMap: fast internet-wide scanning and its security applications","author":"Durumeric","year":"2013"},{"key":"10.1016\/j.cose.2018.09.001_bib0026","unstructured":"Electronic Frontier Foundation. The EFF SSL observatory, 2010. https:\/\/www.eff.org\/observatory."},{"key":"10.1016\/j.cose.2018.09.001_bib0027","series-title":"Software failure investigation","first-page":"7","article-title":"Software failures: an overview","author":"Eloff","year":"2018"},{"key":"10.1016\/j.cose.2018.09.001_bib0028","series-title":"In: Proceedings of the NDSS\u201917, San Diego, CA, USA","article-title":"Internet-scale probing of CPS: inference, characterization and orchestration analysis","author":"Fachkha","year":"2017"},{"key":"10.1016\/j.cose.2018.09.001_bib0029","series-title":"In: Proceedings of the USENIX Security\u201918, Baltimore, MD, USA","article-title":"Acquisitional rule-based engine for discovering Internet-of-Things devices","author":"Feng","year":"2018"},{"key":"10.1016\/j.cose.2018.09.001_bib0030","series-title":"In: Proceedings of the tePIMRC\u201917, Montreal, QC, Canada","article-title":"A first empirical look on Internet-scale exploitations of IoT devices","author":"Galluscio","year":"2017"},{"key":"10.1016\/j.cose.2018.09.001_bib0031","series-title":"In: Proceedings of the USENIX Security\u201915","article-title":"Attacks only get better: password recovery attacks against RC4 in TLS","author":"Garman","year":"2015"},{"key":"10.1016\/j.cose.2018.09.001_bib0032","series-title":"In: Proceedings of the IMC\u201916, Santa Monica, CA, USA","article-title":"Weak keys remain widespread in network devices","author":"Hastings","year":"2016"},{"key":"10.1016\/j.cose.2018.09.001_bib0033","series-title":"In: Proceedings of the USENIX Security\u201912, Bellevue, WA, USA","article-title":"Mining your Ps and Qs: detection of widespread weak keys in network devices","author":"Heninger","year":"2012"},{"key":"10.1016\/j.cose.2018.09.001_bib0034","series-title":"In: Proceedings of the NDSS\u201916, San Diego, CA, USA","article-title":"TLS in the wild: an Internet-wide analysis of TLS-based protocols for electronic communication","author":"Holz","year":"2016"},{"key":"10.1016\/j.cose.2018.09.001_bib0035","unstructured":"IEEE Internet initiative. Internet of Things (IoT) security best practices - Feb. 2017. https:\/\/internetinitiative.ieee.org\/images\/files\/resources\/white_papers\/internet_of_things_feb2017.pdf."},{"key":"10.1016\/j.cose.2018.09.001_bib0036","unstructured":"Internet Engineering Task Force (IETF). Summarizing known attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). 2015. RFC 7457 (http:\/\/buildbot.tools.ietf.org\/html\/rfc7457)."},{"key":"10.1016\/j.cose.2018.09.001_bib0037","series-title":"In: Proceedings of the IMC\u201907, San Diego, CA, USA","article-title":"Cryptographic strength of SSL\/TLS servers","author":"Lee","year":"2007"},{"issue":"4","key":"10.1016\/j.cose.2018.09.001_bib0038","doi-asserted-by":"crossref","first-page":"981","DOI":"10.1109\/SURV.2011.122111.00145","article-title":"Cyber security and privacy issues in smart grids","volume":"14","author":"Liu","year":"2012","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"10.1016\/j.cose.2018.09.001_bib0039","series-title":"In: Proceedings of the IEEE S&P19, San Fansisco, CA, USA","article-title":"Resident evil: understanding residential ip proxy as a dark service","author":"Mi","year":"2019"},{"key":"10.1016\/j.cose.2018.09.001_bib0040","series-title":"In: Proceedings of the IEEE PST\u201916, Auckland, New Zealand","article-title":"An internet-wide view of ICS devices","author":"Mirian","year":"2016"},{"key":"10.1016\/j.cose.2018.09.001_bib0041","unstructured":"M\u00f6ller B, Duong T, Kotowicz K. This POODLE bites: exploiting the SSL 3.0 fallback. Techical report (Sept. 2014), 2014. https:\/\/www.openssl.org\/~bodo\/ssl-poodle.pdf."},{"key":"10.1016\/j.cose.2018.09.001_bib0042","unstructured":"Opto 22. Opto 22 Products, 2018. http:\/\/www.opto22.com\/site\/products.aspx."},{"key":"10.1016\/j.cose.2018.09.001_bib0043","series-title":"In: Proceedings of the USENIX Security\u201915, Washington, D.C., USA","article-title":"IoTPOT: analysing the rise of IoT compromises","author":"Pa","year":"2015"},{"key":"10.1016\/j.cose.2018.09.001_bib0044","unstructured":"Ronen E, O\u2019Flynn C, Shamir A, Weingarten AO. IoT goes nuclear: Creating a ZigBee chain reaction. Cryptology ePrint Archive, Report 2016\/1047. https:\/\/eprint.iacr.org\/2016\/1047; 2016."},{"key":"10.1016\/j.cose.2018.09.001_sbref0034","series-title":"Financial cryptography and data security (FC\u201917)","article-title":"Short paper: TLS ecosystems in networked devices vs. web servers","author":"Samarasinghe","year":"2017"},{"key":"10.1016\/j.cose.2018.09.001_bib0046","unstructured":"SEC-Consult.com. House of keys: industry-wide HTTPS certificates and SSH key reuse endangers millions of devices worldwide. https:\/\/www.sec-consult.com\/en\/blog\/2015\/11\/house-of-keys-industry-wide-https\/."},{"key":"10.1016\/j.cose.2018.09.001_bib0047","unstructured":"Shodan. Shodan search engine, 2018. https:\/\/www.shodan.io\/."},{"key":"10.1016\/j.cose.2018.09.001_bib0048","unstructured":"SSL Labs. SSL and TLS deployment best practices, 2017. https:\/\/github.com\/ssllabs\/research\/wiki\/SSL-and-TLS-Deployment-Best-Practices."},{"key":"10.1016\/j.cose.2018.09.001_bib0049","series-title":"In: Proceedings of the Crypto\u201917, Santa Barbara, CA, USA","article-title":"The first collision for full SHA-1","author":"Stevens","year":"2017"},{"key":"10.1016\/j.cose.2018.09.001_bib0050","series-title":"In: Proceedings of the Eurocrypt\u201916, Vienna, Austria","article-title":"Freestart collision for full SHA-1","author":"Stevens","year":"2016"},{"key":"10.1016\/j.cose.2018.09.001_bib0051","series-title":"In: Proceedings of the CRYPTO\u201909, Santa Barbara, CA, USA","article-title":"Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate","author":"Stevens","year":"2009"},{"key":"10.1016\/j.cose.2018.09.001_bib0052","series-title":"In: Proceedings of the NDSS\u201918, San Diego, CA, USA","article-title":"Didn\u2019t you hear me? - Towards more successful web vulnerability notifications","author":"Stock","year":"2018"},{"key":"10.1016\/j.cose.2018.09.001_bib0053","unstructured":"TechRepublic.com. Mirai variant botnet launches IoT DDoS attacks on financial sector. a. News article (Apr. 5, 2018). https:\/\/www.techrepublic.com\/article\/mirai-variant-botnet-launches-iot-ddos-attacks-on-financial-sector\/."},{"key":"10.1016\/j.cose.2018.09.001_bib0054","unstructured":"TechRepublic.com. More than 800K DrayTek routers vulnerable to DNS reprogramming attack. b. News article (May 22, 2018). https:\/\/www.techrepublic.com\/article\/more-than-800k-draytek-routers-vulnerable-to-dns-reprogramming-attack\/."},{"key":"10.1016\/j.cose.2018.09.001_bib0055","unstructured":"TheRegister.co.uk. Internet of Sins: Million more devices sharing known private keys for HTTPS, SSH admin, 2016. https:\/\/www.theregister.co.uk\/2016\/09\/07\/bad_key_security_holes_getting_worse\/."},{"key":"10.1016\/j.cose.2018.09.001_bib0056","series-title":"In: Proceedings of the DSN\u201918, Luxembourg","article-title":"Inferring, characterizing, and investigating Internet-scale malicious IoT device activities: A network telescope perspective","author":"Torabi","year":"2018"},{"key":"10.1016\/j.cose.2018.09.001_bib0057","unstructured":"US-CERT. Alert (ta16-250a) - The increasing threat to network infrastructure devices and recommended mitigations, 2016. https:\/\/www.us-cert.gov\/ncas\/alerts\/TA16-250A."},{"key":"10.1016\/j.cose.2018.09.001_bib0058","series-title":"In: Proceedings of the FC\u201916, Barbados","article-title":"Factoring as a service","author":"Valenta","year":"2016"},{"key":"10.1016\/j.cose.2018.09.001_bib0059","unstructured":"Viehb\u00f6ck, Stefan and Durumeric, Zakir. Fingerprints for certificates with know private keys, 2016. https:\/\/github.com\/zmap\/ztag\/blob\/master\/ztag\/annotations\/tlskeyknown.py."},{"key":"10.1016\/j.cose.2018.09.001_bib0060","series-title":"In: Proceedings of the WEIS\u201911, Fairfax, VA, USA","article-title":"The inconvenient truth about web certificates","author":"Vratonjic","year":"2011"},{"key":"10.1016\/j.cose.2018.09.001_bib0061","series-title":"In: Proceedings of the Eurocrypt\u201905, Aarhus, Denmark","article-title":"How to break MD5 and other hash functions","author":"Wang","year":"2005"},{"key":"10.1016\/j.cose.2018.09.001_bib0062","unstructured":"Wired.com. The Reaper IoT botnet has already infected a million networks. News article (Oct. 20, 2017), 2017. https:\/\/www.wired.com\/story\/reaper-iot-botnet-infected-million-networks\/."},{"key":"10.1016\/j.cose.2018.09.001_bib0063","series-title":"In: Proceedings of the PAM\u201918, Berlin, Germany","article-title":"Internet protocol cameras with no password protection: an empirical investigation","author":"Xu","year":"2018"},{"key":"10.1016\/j.cose.2018.09.001_bib0064","unstructured":"ZMap. Blacklisting, 2017. https:\/\/github.com\/zmap\/zmap\/wiki\/Blacklisting."}],"container-title":["Computers & Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404818306916?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404818306916?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2018,12,7]],"date-time":"2018-12-07T17:05:01Z","timestamp":1544202301000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404818306916"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,1]]},"references-count":64,"alternative-id":["S0167404818306916"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2018.09.001","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2019,1]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Another look at TLS ecosystems in networked devices vs. Web servers","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2018.09.001","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2018 Elsevier Ltd. All rights reserved.","name":"copyright","label":"Copyright"}]}}