@article{drown2016,
     title = "DROWN: Breaking TLS using SSLv2",
     author = "Nimrod Aviram, Sebastian Schinzel",
     year = "2016",
     institution = "Department of Electrical Engineering, Tel Aviv University, Münster University of Applied Sciences",
     month = "01",
     Date-Added = "2016-01-11 10:05:52",
     note = "\url{https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_aviram.pdf}"
}

@article{takahashi2018,
     title = "New Bleichenbacher Records: Fault Attacks on qDSA Signatures2",
     author = "Akira Takahashi, Mehdi Tibouchi and Masayuki Abe",
     year = "2018",
     institution = "Kyoto University, NTT Secure Platform Laboratories",
     note = "\url{https://eprint.iacr.org/2018/396.pdf}"
}

@inproceedings{morpheus2021,
    author = {Yahyazadeh, Moosa and Chau, Sze Yiu and Li, Li and Hue, Man Hong and Debnath, Joyanta and Ip, Sheung Chiu and Li, Chun Ngai and Hoque, Endadul and Chowdhury, Omar},
    title = {Morpheus: Bringing The (PKCS) One To Meet the Oracle},
    year = {2021},
    isbn = {9781450384544},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    url = {https://doi.org/10.1145/3460120.3485382},
    doi = {10.1145/3460120.3485382},
    abstract = {This paper focuses on developing an automatic, black-box testing approach called Morpheus to check the non-compliance of libraries implementing PKCS#1-v1.5 signature verification with the PKCS#1-v1.5 standard. Non-compliance can not only make implementations vulnerable to Bleichenbacher-style RSA signature forgery attacks but also can induce interoperability issues. For checking non-compliance, Morpheus adaptively generates interesting test cases and then takes advantage of an oracle, a formally proven correct implementation of PKCS#1-v1.5 signature standard, to detect non-compliance in an implementation under test. We have used Morpheus to test 45 implementations of PKCS#1-v1.5 signature verification and discovered that 6 of them are susceptible to variants of the Bleichenbacher-style low public exponent RSA signature forgery attack, 1 implementation has a buffer overflow, 33 implementations have incompatibility issues, and 8 implementations have minor leniencies. Our findings have been responsibly disclosed and positively acknowledged by the developers.},
    booktitle = {Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security},
    pages = {2474–2496},
    numpages = {23},
    keywords = {non-compliance checking, reference implementation, PKCS#1 signature verification, adaptive combinatorial testing},
    location = {Virtual Event, Republic of Korea},
    series = {CCS '21},
    note = "\url{https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8835216}"
}