diff --git a/5-concept.tex b/5-concept.tex
index f18ffa5..bb48fd6 100644
--- a/5-concept.tex
+++ b/5-concept.tex
@@ -67,7 +67,7 @@ In addition to the two firmware ROMs, the flash provides room for the bootloader
 \subsection{Cryptographically securing the firmware update}
 
 To ensure only valid firmware is running on the devices, a cryptographic signature of the firmware images is calculated and checked as part of the update process.
-For the calculation of the signatures, the \textit{sha256} hashing algorithm \cite{sha256} and an elliptic curve cipher based on \textit{Curve25519} \cite{curve25519} are used, which are both considered modern and secure methods for software signing \cite{crypto-ftw}.
+For the calculation of the signatures, the \textit{sha256} hashing algorithm \cite{RFC6234} and an elliptic curve cipher based on \textit{Curve25519}  \cite{bernstein2006curve25519} are used, which are both considered modern and secure methods for software signing (see \cite{barker2016nist, bsi}).
 
 The cryptographic signature for each of the two firmware ROMs is created by the continuous integration system during build time and is provided as meta-information along with the firmware binaries.
 Therefore, the CI system must be equipped with the private key used to create the signatures.
diff --git a/esper-ota.bib b/esper-ota.bib
index 0a0b813..b2502c6 100755
--- a/esper-ota.bib
+++ b/esper-ota.bib
@@ -138,3 +138,46 @@ year = {2016},
 pages = {171--176},
 publisher = {IEEE}
 }
+
+@techreport{RFC6234,
+  author = {D. Eastlake and T. Hansen},
+  title = {US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)},
+  howpublished = {Internet Requests for Comments},
+  type = {RFC},
+  number = {6234},
+  year = {2011},
+  month = {May},
+  issn = {2070-1721},
+  publisher = {RFC Editor},
+  institution = {RFC Editor},
+  url = {http://www.rfc-editor.org/rfc/rfc6234.txt},
+  note = {\url{http://www.rfc-editor.org/rfc/rfc6234.txt}},
+}
+
+@misc{barker2016nist,
+  title={NIST Special Publication 800--57 Part 1, Revision 4},
+  author={Barker, Elaine and Dang, Quynh},
+  year={2016}
+}
+
+@techreport(bsi,
+  author = {{Federal Office for Information Security}},
+  title = {Cryptographic Mechanisms: Recommendations and Key Lengths},
+  howpublished = {Online},
+  type = {BSI – Technical Guideline},
+  number = {BSI TR-02102-1},
+  year = {2017},
+  month = {February},
+  publisher = {Federal Office for Information Security, P.O.B. 20 03 63, 53133 Bonn, Germany},
+  institution = {Federal Office for Information Security},
+  note={{URL: }\url{https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf}, 2017.05.22}
+)
+
+@inproceedings{bernstein2006curve25519,
+  title={Curve25519: new Diffie-Hellman speed records},
+  author={Bernstein, Daniel J},
+  booktitle={International Workshop on Public Key Cryptography},
+  pages={207--228},
+  year={2006},
+  organization={Springer}
+}
\ No newline at end of file