My Collection.bib

@misc{Langley2014,
author = {Langley, Adam},
booktitle = {Imperial Violet},
title = {{No, don't enable revocation checking}},
url = {https://www.imperialviolet.org/2014/04/19/revchecking.html},
urldate = {2020-01-20},
year = {2014}
}
@phdthesis{Merkle1979,
author = {Merkle, Ralph Charles},
file = {:Users/tilman/Documents/Mendeley Desktop/Merkle - 1979 - Secrecy, Authentication, and Public Key Systems.pdf:pdf},
school = {Stanford University},
title = {{Secrecy, Authentication, and Public Key Systems}},
type = {Ph.D},
year = {1979}
}
@misc{Vaughan-Nichols2015,
author = {Vaughan-Nichols, Steven J.},
booktitle = {ZDNet},
title = {{Securing the web once and for all: The Let's Encrypt Project}},
url = {https://www.zdnet.com/article/securing-the-web-once-and-for-all-the-open-encryption-project/},
urldate = {2020-01-12},
year = {2015}
}
@article{RFC6844,
author = {Hallam-Baker, P. and Stradling, R.},
journal = {IETF RFC},
title = {{RFC6844: NS Certification Authority Authorization (CAA) Resource Record}},
url = {https://tools.ietf.org/html/rfc6844},
year = {2013}
}
@misc{Eckersley2011,
author = {Eckersley, Peter},
booktitle = {Electronic Frontier Foundation Deeplinks Blog},
title = {{How secure is HTTPS today? How often is it attacked?}},
url = {https://www.eff.org/deeplinks/2011/10/how-secure-https-today},
urldate = {2020-01-10},
year = {2011}
}
@inproceedings{Sunshine2009,
abstract = {Web users are shown an invalid certificate warning when their browser cannot validate the identity of the websites they are visiting. While these warn- ings often appear in benign situations, they can also signal a man-in-the-middle attack. We conducted a survey of over 400 Internet users to examine their reactions to and understanding of current SSL warn- ings. We then designed two new warnings using warn- ings science principles and lessons learned from the survey. We evaluated warnings used in three pop- ular web browsers and our two warnings in a 100- participant, between-subjects laboratory study. Our warnings performed significantly better than exist- ing warnings, but far too many participants exhibited dangerous behavior in all warning conditions. Our re- sults suggest that, while warnings can be improved, a better approach may be to minimize the use of SSL warnings altogether by blocking users from making unsafe connections and eliminating warnings in be- nign situations.},
address = {Montreal, Canada},
author = {Sunshine, Joshua and Egelman, Serge and Almuhimedi, Hazim and Atri, Neha and Cranor, Lorrie Faith},
booktitle = {18th USENIX Security Symposium},
file = {:Users/tilman/Documents/Mendeley Desktop/Sunshine et al. - 2009 - Crying Wolf An Empirical Study of SSL Warning Effectiveness Joshua.pdf:pdf},
pages = {399--416},
title = {{Crying Wolf: An Empirical Study of SSL Warning Effectiveness Joshua}},
year = {2009}
}
@inproceedings{Zimmermann2017,
abstract = {The simplicity of HTTP made it the default building block for desktop and mobile apps, yet it suffers from inherent inefficiencies in the modern web. HTTP/2 was designed to address these inefficiencies and its adoption remarks a major protocol shift in the Internet. Despite this relevance, its Internet-wide adoption remains unknown. Especially, the adoption and use of server push - advertised as a key feature to further reduce page load times - is completely unexplored. To answer both questions, we provide large-scale measurements of the HTTP/2 adoption and usage of server push in the wild, probing the entire IPv4 address space and the complete set of.com/.net/.org domains. We find 5.38M HTTP/2 enabled domains hosted by only few infrastructures driving this adoption. While we find the overall HTTP/2 adoption to increase, only few hundred domains utilize server push. We examine pushed content, push strategies and identify the use of currently undocumented push strategies. Moreover, we discover large sources of overheads through server push for reoccurring page visits. By measuring page load times, we show that while push can speed up webpages, it also can slow them down - motivating the need for optimized push strategies.},
author = {Zimmermann, Torsten and Ruth, Jan and Wolters, Benedikt and Hohlfeld, Oliver},
booktitle = {2017 IFIP Networking Conference, IFIP Networking 2017 and Workshops},
doi = {10.23919/IFIPNetworking.2017.8264830},
file = {:Users/tilman/Documents/Mendeley Desktop/Zimmermann et al. - 2017 - How HTTP2 pushes the web An empirical study of HTTP2 server push.pdf:pdf},
isbn = {9783901882944},
title = {{How HTTP/2 pushes the web: An empirical study of HTTP/2 server push}},
year = {2017}
}
@article{VanGoethem2014,
abstract = {As the web expands in size and adoption, so does the interest of attackers who seek to exploit web applications and exfiltrate user data. While there is a steady stream of news regarding major breaches and millions of user credentials compromised, it is logical to assume that, over time, the applications of the bigger players of the web are becoming more secure. However, as these applications become resistant to most prevalent attacks, adversaries may be tempted to move to easier, unprotected targets which still hold sensitive user data. In this paper, we report on the state of security for more than 22,000 websites that originate in 28 EU countries. We first explore the adoption of countermeasures that can be used to defend against common attacks and serve as indicators of "security consciousness". Moreover, we search for the presence of common vulnerabilities and weaknesses and, together with the adoption of defense mechanisms, use our findings to estimate the overall security of these websites. Among other results, we show how a website's popularity relates to the adoption of security defenses and we report on the discovery of three, previously unreported, attack variations that attackers could have used to attack millions of users. {\textcopyright} 2014 Springer International Publishing.},
author = {{Van Goethem}, Tom and Chen, Ping and Nikiforakis, Nick and Desmet, Lieven and Joosen, Wouter},
doi = {10.1007/978-3-319-08593-7_8},
file = {:Users/tilman/Documents/Mendeley Desktop/Van Goethem et al. - 2014 - Large-scale security analysis of the web Challenges and findings.pdf:pdf},
isbn = {9783319085920},
issn = {16113349},
journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
pages = {110--126},
title = {{Large-scale security analysis of the web: Challenges and findings}},
volume = {8564 LNCS},
year = {2014}
}
@misc{Wagner,
author = {Wagner, Jeremy},
booktitle = {Google Web Fundamentals},
title = {{Why Performance Matters}},
url = {https://developers.google.com/web/fundamentals/performance/why-performance-matters},
urldate = {2020-01-05}
}
@misc{StatCounter2019,
author = {StatCounter},
title = {{Browser Market Share Worldwide - December 2019}},
url = {https://gs.statcounter.com/browser-market-share{\#}monthly-201812-201912},
urldate = {2020-01-03},
year = {2019}
}
@article{Bocchi2016,
abstract = {Measuring quality of Web users experience (WebQoE) faces the following trade-off. On the one hand, current practice is to resort to metrics, such as the document completion time (onLoad), that are simple to measure though knowingly inaccurate. On the other hand, there are metrics, like Google's SpeedIndex, that are better correlated with the actual user experience, but are quite complex to evaluate and, as such, relegated to lab experiments. In this paper, we first provide a comprehensive state of the art on the metrics and tools available for WebQoE assessment. We then apply these metrics to a representative dataset (the Alexa top-100 webpages) to better illustrate their similarities, differences, advantages, and limitations. We next introduce novel metrics, inspired by Google's SpeedIndex, that offer significant advantages in terms of computational complexity, while maintaining a high correlation with the SpeedIndex. These properties make our proposed metrics highly relevant and of practical use.},
author = {Bocchi, Enrico and {De Cicco}, Luca and Rossi, Dario},
doi = {10.1145/3027947.3027949},
file = {:Users/tilman/Documents/Mendeley Desktop/Bocchi, De Cicco, Rossi - 2016 - Measuring the quality of experience of web users.pdf:pdf},
issn = {19435819},
journal = {Computer Communication Review},
keywords = {Above-the-fold,ByteIndex,DOM,MOS,ObjectIndex,OnLoad,Quality of experience,SpeedIndex,TTFB,TTFP,Web},
number = {4},
pages = {8--13},
title = {{Measuring the quality of experience of web users}},
volume = {46},
year = {2016}
}
@techreport{GomezInc2011,
abstract = {When you're doing business on the Web, every second counts More than ever, your Website's performance matters. The average online shopper expects your pages to load in two seconds or less, down from four seconds in 2006; after three seconds, up to 40{\%} will abandon your site. i And performance pressure just keeps growing. To drive more sales and boost brand image, today's Websites are increasingly dependent on sophisticated technologies such as shopping tools, interactive games, and videos that attract attention, hold interest or move visitors toward your virtual shopping cart. But if the technology behind the marketing vision for your Website creates delays or fails to work properly, watch out — your visitors may quickly abandon your site and run to the competition. Gomez' own studies reveal that lack of visitor loyalty. By analyzing page abandonment data across more than 150 websites and 150 million page views, Gomez found that an increase in page response time from 2 to10 seconds increased page abandonment rates by 38{\%}. ii Page Response Time Drives An Increase In Page Abandonment The causes of Web dysfunction may be complex, but the lesson is simple: so-called " IT " issues that slow down your site can impact revenue, customer satisfaction and your brand — if they're not identified, monitored and resolved. In the remainder of this white paper, you'll learn about the direct impact Web performance has on business results. And discover powerful tools for driving the superior customer expe-rience — and business revenues — you demand from your Website.},
author = {{Gomez Inc}},
file = {:Users/tilman/Documents/Mendeley Desktop/Gomez Inc - 2010 - Why Web Performance Matters Is Your Site Driving Customers Away.pdf:pdf},
title = {{Why Web Performance Matters: Is Your Site Driving Customers Away?}},
url = {http://www.mcrinc.com/Documents/Newsletters/201110{\_}why{\_}web{\_}performance{\_}matters.pdf},
year = {2010}
}
@article{Housley2017,
author = {Housley, R. and O'Donoghue, K.},
journal = {IETF Draft},
title = {{Improving the Public Key Infrastructure (PKI) for the World Wide Web}},
url = {https://tools.ietf.org/html/draft-iab-web-pki-problems-05},
year = {2017}
}
@article{Dahlberg2018a,
abstract = {Trust in publicly verifiable Certificate Transparency (CT) logs is reduced through cryptography, gossip, auditing, and monitoring. The role of a monitor is to observe each and every log entry, looking for suspicious certificates that interest the entity running the monitor. While anyone can run a monitor, it requires continuous operation and copies of the logs to be inspected. This has lead to the emergence of monitoring as-a-service: a trusted third-party runs the monitor and provides registered subjects with selective certificate notifications. We present a CT/bis extension for verifiable light-weight monitoring that enables subjects to verify the correctness of such certificate notifications, making it easier to distribute and reduce the trust which is otherwise placed in these monitors. Our extension supports verifiable monitoring of wild-card domains and piggybacks on CT's existing gossip-audit security model.},
archivePrefix = {arXiv},
arxivId = {1711.03952},
author = {Dahlberg, Rasmus and Pulls, Tobias},
doi = {10.1007/978-3-030-03638-6_11},
eprint = {1711.03952},
file = {:Users/tilman/Documents/Mendeley Desktop/Dahlberg, Pulls - 2018 - Verifiable Light-Weight Monitoring for Certificate Transparency Logs.pdf:pdf},
isbn = {9783030036379},
issn = {16113349},
journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
keywords = {Certificate Transparency,Monitoring,Security protocols},
pages = {171--183},
title = {{Verifiable Light-Weight Monitoring for Certificate Transparency Logs}},
volume = {11252 LNCS},
year = {2018}
}
@article{D.a2013,
abstract = {When browsers report TLS errors, they cannot distinguish between attacks and harmless server misconfigurations; hence they leave it to the user to decide whether continuing is safe. However, actual attacks remain rare. As a result, users quickly become used to "false positives" that deplete their attention span, making it unlikely that they will pay sufficient scrutiny when a real attack comes along. Consequently, browser vendors should aim to minimize the number of low-risk warnings they report. To guide that process, we perform a large-scale measurement study of common TLS warnings. Using a set of passive network monitors located at different sites, we identify the prevalence of warnings for a total population of about 300,000 users over a nine-month period. We identify low-risk scenarios that consume a large chunk of the user attention budget and make concrete recommendations to browser vendors that will help maintain user attention in high-risk situations. We study the impact on end users with a data set much larger in scale than the data sets used in previous TLS measurement studies. A key novelty of our approach involves the use of internal browser code instead of generic TLS libraries for analysis, providing more accurate and representative results. Copyright is held by the International World Wide Web Conference Committee (IW3C2).},
author = {Akhawe, Devdatta and Amann, Bernhard and Vallentin, Matthias and Sommer, Robin},
doi = {10.1145/2488388.2488395},
file = {:Users/tilman/Documents/Mendeley Desktop/Akhawe et al. - 2013 - Here's my cert, so trust me, maybe Understanding TLS errors on the web.pdf:pdf},
isbn = {9781450320351},
journal = {WWW 2013 - Proceedings of the 22nd International Conference on World Wide Web},
keywords = {tls,usability,warnings},
pages = {59--69},
title = {{Here's my cert, so trust me, maybe? Understanding TLS errors on the web}},
url = {http://www.scopus.com/inward/record.url?eid=2-s2.0-84890107028{\&}partnerID=40{\&}md5=615fb7713bc0edb3860e6ff04680c486},
year = {2013}
}
@article{Oppliger2014,
abstract = {Several recent attacks against certification authorities (CAs) and fraudulently issued certificates have put the security and usefulness of the Internet public-key infrastructure (PKI) at stake. In this article, the author argues that such attacks are likely to occur repeatedly and that respective countermeasures must be designed, implemented, and put in place. In particular, he discusses two problem areas in which countermeasures are needed: certificate revocation and certificate authorization. Both areas are related and can be subsumed under the term 'certificate legitimation." The author introduces the notion of certificate legitimation, discusses some recent proposals, and outlines new areas of research and development. {\textcopyright} 2014 IEEE.},
author = {Oppliger, Rolf},
doi = {10.1109/MIC.2013.5},
file = {:Users/tilman/Documents/Mendeley Desktop/Oppliger - 2014 - Certification authorities under attack A plea for certificate legitimation.pdf:pdf},
issn = {10897801},
journal = {IEEE Internet Computing},
keywords = {Internet security,SSL,TLS,certificate authorization,certificate legitimation,certificate revocation,man-in-the-middle attack,public-key certificates,public-key infrastructure},
number = {1},
pages = {40--47},
publisher = {IEEE},
title = {{Certification authorities under attack: A plea for certificate legitimation}},
volume = {18},
year = {2014}
}
@inproceedings{Maurer1996,
address = {London},
author = {Maurer, Ueli},
booktitle = {Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security},
file = {:Users/tilman/Documents/Mendeley Desktop/Maurer - 1996 - Modelling a Public-Key Infrastructure.pdf:pdf},
keywords = {probablistic},
mendeley-tags = {probablistic},
pages = {325----350},
publisher = {Springer},
title = {{Modelling a Public-Key Infrastructure}},
year = {1996}
}
@techreport{Karl2003,
author = {Karl, Gareth},
file = {:Users/tilman/Documents/Mendeley Desktop/Karl - 2003 - A Probablistic Trust Model.pdf:pdf},
keywords = {probablistic},
mendeley-tags = {probablistic},
title = {{A Probablistic Trust Model}},
year = {2003}
}
@techreport{Guhring2006,
abstract = {A new threat is emerging that attacks browsers by means of trojan horses. The new breed of new trojan horses can modify the transactions on-the-fly, as they are formed in in browsers, and still display the user's intended transaction to her. Structurally they are a man-in-the-middle attack between the the user and the security mechanisms of the browser. Distinct from Phishing attacks which rely upon similar but fraudulent websites, these new attacks cannot be detected by the user at all, as they are use real services, the user is correctly logged-in as normal, and there is no difference to be seen.},
author = {G{\"{u}}hring, P.},
file = {:Users/tilman/Documents/Mendeley Desktop/G{\"{u}}hring - 2006 - Concepts against man-in-the-browser attacks.pdf:pdf},
title = {{Concepts against man-in-the-browser attacks}},
url = {http://www.futureware.at/svn/sourcerer/CAcert/SecureClient.pdf},
year = {2006}
}
@article{Bellovin1989,
abstract = {ABSTI)gACT The TCP/IP protocol suite, which is very widely useJ today, was developed under {\~{}}e sponsorship of the Department of Defense. Despite that, there are a number of serious secmqty flaws inherent in the protocols, mgardless of the correctness of any implementations. We describe a variety of attacks b{\~{}}sed on these flaws, including sequence number spoofing, routing arracks, source address spoofing, mad authentication attacks. We also present defenses against these attacks, and conclude with a discussion of broad-spectrum defe.nses such as encry?rion.},
author = {Bellovin, S. M.},
doi = {10.1145/378444.378449},
file = {:Users/tilman/Documents/Mendeley Desktop/Bellovin - 1989 - Security problems in the TCPIP protocol suite.pdf:pdf},
issn = {01464833},
journal = {ACM SIGCOMM Computer Communication Review},
number = {2},
pages = {32--48},
title = {{Security problems in the TCP/IP protocol suite}},
volume = {19},
year = {1989}
}
@article{Son2010,
abstract = {DNS cache poisoning is a serious threat to today's Internet. We develop a formal model of the semantics of DNS caches, including the bailiwick rule and trust-level logic, and use it to systematically investigate different types of cache poisoning and to generate templates for attack payloads. We explain the impact of the attacks on DNS resolvers such as BIND, MaraDNS, and Unbound and their implications for several defenses against DNS cache poisoning.{\textcopyright} Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering 2010.},
author = {Son, Sooel and Shmatikov, Vitaly},
doi = {10.1007/978-3-642-16161-2_27},
file = {:Users/tilman/Documents/Mendeley Desktop/Son, Shmatikov - 2010 - The hitchhiker's guide to DNS cache poisoning.pdf:pdf},
isbn = {364216160X},
issn = {18678211},
journal = {Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering},
keywords = {Cache poisoning,DNS,Formal model},
pages = {466--483},
title = {{The hitchhiker's guide to DNS cache poisoning}},
volume = {50 LNICST},
year = {2010}
}
@article{Gavrichenkov2015,
author = {Gavrichenkov, Artyom},
file = {:Users/tilman/Documents/Mendeley Desktop/Gavrichenkov - 2015 - Breaking HTTPS With BGP Hijacking.pdf:pdf},
journal = {Black Hat},
title = {{Breaking HTTPS With BGP Hijacking}},
year = {2015}
}
@inproceedings{Ramachandran2005,
abstract = {The Address Resolution Protocol (ARP) due to its statelessness and lack of an authentication mechanism for verifying the identity of the sender has a long history of being prone to spoofing attacks. ARP spoofing is sometimes the starting point for more sophisticated LAN attacks like denial of service, man in the middle and session hijacking. The current methods of detection use a passive approach, monitoring the ARP traffic and looking for inconsistencies in the Ethernet to IP address mapping. The main drawback of the passive approach is the time lag between learning and detecting spoofing. This sometimes leads to the attack being discovered long after it has been orchestrated. In this paper, we present an active technique to detect ARP spoofing. We inject ARP request and TCP SYN packets into the network to probe for inconsistencies. This technique is faster, intelligent, scalable and more reliable in detecting attacks than the passive methods. It can also additionally detect the real mapping of MAC to IP addresses to a fair degree of accuracy in the event of an actual attack. {\textcopyright} Springer-Verlag Berlin Heidolborg 2005.},
author = {Ramachandran, Vivek and Nandi, Sukumar},
booktitle = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
doi = {10.1007/11593980_18},
file = {:Users/tilman/Documents/Mendeley Desktop/Ramachandran, Nandi - 2005 - Detecting ARP spoofing An active technique.pdf:pdf},
isbn = {3540307060},
issn = {03029743},
pages = {239--250},
title = {{Detecting ARP spoofing: An active technique}},
volume = {3803 LNCS},
year = {2005}
}
@article{Hemminger2005,
abstract = {Many protocols and applications perform poorly when exposed to real life networks with delay and packet loss. Often, it is costly and difficult to reproduce Internet behavior in a controlled environment. There are tools avail- able for testing, but they are either expen- sive hardware solutions, proprietary software, or limited research projects. NetEm is a recent enhancement of the traffic control facilities of Linux that allows adding delay, packet loss and other scenario's. Documentation and discussion of NetEm is maintained at http://developer.osdl.org/ shemminger/netem. NetEm is built using the existing Quality Of Service (QOS) and Dif- ferentiated Services (diffserv) facilities in the Linux kernel.},
author = {Hemminger, Stephen},
file = {:Users/tilman/Documents/Mendeley Desktop/Hemminger - 2005 - Network Emulation with NetEm.pdf:pdf},
journal = {Proceedings of the 6th Australian National Linux Conference (LCA 2005)},
number = {April},
pages = {1--9},
title = {{Network Emulation with NetEm}},
year = {2005}
}
@techreport{Prins2011,
abstract = {The goal of this report is to share relevant information with DigiNotar$\backslash$nstakeholders (such as the Dutch $\backslash$n$\backslash$nGovernment and the Internet community), based on which they can make$\backslash$ntheir own risk analysis. $\backslash$n$\backslash$nBecause this is a public report, some investigation results and details$\backslash$ncannot be included for privacy and/$\backslash$n$\backslash$nor security reasons. $\backslash$n$\backslash$n$\backslash$nSince the investigation has been more of a fact finding mission thus$\backslash$nfar, we will not draw any conclusions$\backslash$n$\backslash$nwith regards to the network-setup and the security management system.$\backslash$nIn this report we will not give $\backslash$n$\backslash$nany advice to improve the technical infrastructure for the long term.$\backslash$nOur role is to investigate the inciden$\backslash$n$\backslash$nand give a summary of our findings until now. We leave it to the reader$\backslash$nin general and other responsible $\backslash$n$\backslash$nparties in the PKI- and internet community to draw conclusions, based$\backslash$non these findings. We make a $\backslash$n$\backslash$ngeneral reservation, as our investigations are still on going.},
address = {Delft},
author = {Prins, J.R.},
file = {:Users/tilman/Documents/Mendeley Desktop/Prins - 2011 - DigiNotar Certificate Authority breach “Operation Black Tulip”.pdf:pdf},
institution = {Fox-IT},
title = {{DigiNotar Certificate Authority breach “Operation Black Tulip”}},
year = {2011}
}
@misc{Kaya2019,
author = {Kaya, Volkan},
file = {:Users/tilman/Documents/Mendeley Desktop/Kaya - 2019 - Data Driven Public Key Ecosystem Backed by Blockchain {\&} Fault Tolerance.pdf:pdf},
institution = {LEIDEN UNIVERSITY},
keywords = {other approach,system model,transparency},
mendeley-tags = {other approach,system model,transparency},
title = {{Data Driven Public Key Ecosystem Backed by Blockchain {\&} Fault Tolerance}},
year = {2019}
}
@article{RFC2818,
author = {Rescorla, E.},
institution = {Internet Engineering Task Force},
journal = {IETF RFC},
title = {{RFC2818: HTTP Over TLS}},
url = {https://tools.ietf.org/html/rfc2818},
year = {2000}
}
@techreport{Allen2015,
address = {Vienna},
author = {Allen, Christopher and Brock, Arthur and Buterin, Vitalik and Callas, Jon and Dorje, Duke and Lundkvist, Christian and Kravchenko, Pavel and Nelson, Jude and Reed, Drummond and Sabadello, Markus and Slepak, Greg and Thorp, Noah and Wood, Harlan T},
file = {:Users/tilman/Documents/Mendeley Desktop/Allen et al. - 2015 - Decentralized Public Key Infrastructure – A White Paper from Rebooting the Web of Trust.pdf:pdf},
institution = {Danube Tech GmbH},
keywords = {other approach,transparency},
mendeley-tags = {other approach,transparency},
title = {{Decentralized Public Key Infrastructure – A White Paper from Rebooting the Web of Trust}},
url = {https://danubetech.com/download/dpki.pdf},
year = {2015}
}
@article{Oliver-Balsalobre2017,
abstract = {For cellular operators, estimating the end-user experience from network measurements is a challenging task. For video-streaming service, several analytical models have been proposed to estimate user opinion from buffering metrics. However, there remains the problem of estimating these buffering metrics from the limited set of measurements available on a per-connection basis for encrypted video services. In this paper, a system testbed is presented for automatically constructing a simple, albeit accurate, Quality-of-Experience (QoE) model for encrypted video-streaming services in a wireless network. The testbed consists of a terminal agent, a network-level emulator, and Probe software, which are used to compare end-user and network-level measurements. For illustration purposes, the testbed is used to derive the formulas to compute video performance metrics from TCP/IP metrics for encrypted YouTube traffic in a Wi-Fi network. The resulting formulas, which would be the core of a video-streaming QoE model, are also applicable to cellular networks, as the test campaign fully covers typical mobile network conditions and the formulas are partly validated in a real LTE network.},
author = {Oliver-Balsalobre, Pablo and Toril, Mat{\'{i}}as and Luna-Ram{\'{i}}rez, Salvador and {Garc{\'{i}}a Garaluz}, Rafael},
doi = {10.1186/s13638-017-0999-8},
file = {:Users/tilman/Documents/Mendeley Desktop/Oliver-Balsalobre et al. - 2017 - A system testbed for modeling encrypted video-streaming service performance indicators based on TCPIP.pdf:pdf},
issn = {16871499},
journal = {Eurasip Journal on Wireless Communications and Networking},
keywords = {Estimation,Modeling,S-KPIs,Testbed,YouTube},
number = {1},
publisher = {EURASIP Journal on Wireless Communications and Networking},
title = {{A system testbed for modeling encrypted video-streaming service performance indicators based on TCP/IP metrics}},
volume = {2017},
year = {2017}
}
@article{Clark2013,
abstract = {Internet users today depend daily on HTTPS for secure communication with sites they intend to visit. Over the years, many attacks on HTTPS and the certificate trust model it uses have been hypothesized, executed, and/or evolved. Meanwhile the number of browser-trusted (and thus, de facto, user-trusted) certificate authorities has proliferated, while the due diligence in baseline certificate issuance has declined. We survey and categorize prominent security issues with HTTPS and provide a systematic treatment of the history and on-going challenges, intending to provide context for future directions. We also provide a comparative evaluation of current proposals for enhancing the certificate infrastructure used in practice. {\textcopyright} 2013 IEEE.},
author = {Clark, Jeremy and {Van Oorschot}, Paul C.},
doi = {10.1109/SP.2013.41},
file = {:Users/tilman/Documents/Mendeley Desktop/Clark, Van Oorschot - 2013 - SoK SSL and HTTPS Revisiting past challenges and evaluating certificate trust model enhancements.pdf:pdf},
isbn = {9780769549774},
issn = {10816011},
journal = {Proceedings - IEEE Symposium on Security and Privacy},
keywords = {SSL,badpki,browser trust model,certificates,system model,usability},
mendeley-tags = {badpki,system model},
pages = {511--525},
publisher = {IEEE},
title = {{SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements}},
year = {2013}
}
@article{Kubilay2019,
abstract = {In conventional PKI, CAs are assumed to be fully trusted. However, in practice, CAs' absolute responsibility for providing trustworthiness caused major security and privacy issues. To prevent such issues, Google introduced the concept of Certificate Transparency (CT) in 2013. Later, several new PKI models are proposed to reduce the level of trust to the CAs. However, all of these proposals are still vulnerable to split-world attacks if the adversary is capable of showing different views of the log to the targeted victims. In this paper, we propose a new PKI architecture with certificate transparency based on blockchain, what we called CertLedger, to eliminate the split-world attacks and to provide certificate/revocation transparency. All TLS certificates' validation, storage, and entire revocation process is conducted in CertLedger as well as Trusted CA certificate management. During a TLS connection, TLS clients get an efficient proof of existence of the certificate directly from its domain owners. Hence, privacy is now perfectly preserved by eliminating the traceability issue via OCSP servers. It also provides a unique, efficient, and trustworthy certificate validation process eliminating the conventional inadequate and incompatible certificate validation processes implemented by different software vendors. TLS clients in CertLedger also do not require to make certificate validation and store the trusted CA certificates anymore. We analyze the security and performance of CertLedger and provide a comparison with the previous proposals. Finally, we implement its protoype on Ethereum to demonstrate experimental results. The results show that the performance of the TLS handshake and certificate validation through CertLedger is significantly improved compared to the current TLS protocol.},
archivePrefix = {arXiv},
arxivId = {1806.03914},
author = {Kubilay, Murat Yasin and Kiraz, Mehmet Sabir and Mantar, Hacı Ali},
doi = {10.1016/j.cose.2019.05.013},
eprint = {1806.03914},
file = {:Users/tilman/Documents/Mendeley Desktop/Kubilay, Kiraz, Mantar - 2019 - CertLedger A new PKI model with Certificate Transparency based on blockchain.pdf:pdf},
issn = {01674048},
journal = {Computers and Security},
keywords = {Blockchain,Certificate Transparency,Certificate validation,PKI,Privacy,SSL/TLS,other approach},
mendeley-tags = {other approach},
pages = {333--352},
title = {{CertLedger: A new PKI model with Certificate Transparency based on blockchain}},
volume = {85},
year = {2019}
}
@article{Marlinspike2013,
author = {Marlinspike, M. and Perrin, T.},
journal = {IETF Draft},
keywords = {other approach,pinning,scope restriction},
mendeley-tags = {other approach,pinning,scope restriction},
title = {{Trust Assertions for Certificate Keys}},
url = {https://tools.ietf.org/html/draft-perrin-tls-tack-02},
year = {2013}
}
@techreport{Laurie2016,
author = {Laurie, Ben and Phaneuf, Pierre and Eijdenberg, Adam},
title = {{Certificate Transparency over DNS}},
url = {https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md},
year = {2016}
}
@article{RFC6698,
author = {Hoffman, P. and Schlyter, J.},
journal = {IETF RFC},
keywords = {other approach,scope restriction},
mendeley-tags = {other approach,scope restriction},
title = {{RFC6698: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA}},
url = {https://tools.ietf.org/html/rfc6698},
year = {2012}
}
@techreport{Eckersley2012,
author = {Eckersley, Peter},
keywords = {other approach,transparency},
mendeley-tags = {other approach,transparency},
title = {{Sovereign Key Cryptography for Internet Domains}},
url = {https://github.com/EFForg/sovereign-keys/blob/master/sovereign-key-design.txt},
year = {2012}
}
@article{Wendlandt2008,
abstract = {The popularity of “Trust-on-first-use” (Tofu) authentica- tion, used by SSH and HTTPS with self-signed certificates, demonstrates significant demand for host authentication that is low-cost and simple to deploy. While Tofu-based applications are a clear improvement over completely inse- cure protocols, they can leave users vulnerable to even simple network attacks. Our system, PERSPECTIVES, thwarts many of these attacks by using a collection of “no- tary” hosts that observes a server's public key via multiple network vantage points (detecting localized attacks) and keeps a record of the server's key over time (recognizing short-lived attacks). Clients can download these records on-demand and compare them against an unauthenticated key, detecting many common attacks. PERSPECTIVES ex- plores a promising part of the host authentication design space: Trust-on-first-use applications gain significant at- tack robustness without sacrificing their ease-of-use. We also analyze the security provided by PERSPECTIVES and describe our experience building and deploying a publicly available implementation.},
author = {Wendlandt, Dan and Andersen, David G. and Perrig, Adrian},
file = {:Users/tilman/Documents/Mendeley Desktop/Wendlandt, Andersen, Perrig - 2008 - Perspectives Improving SSH-style Host Authentication with Multi-Path Probing.pdf:pdf},
isbn = {978-1-931971-59-1},
journal = {USENIX Annual Technical Conference},
keywords = {difference observation,other approach,system model},
mendeley-tags = {difference observation,other approach,system model},
pages = {321--334},
title = {{Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing.}},
url = {http://static.usenix.org/event/usenix08/tech/full{\_}papers/wendlandt/wendlandt{\_}html/},
year = {2008}
}
@article{Aumann2010,
abstract = {In the setting of secure multiparty computation, a set of mutually distrustful parties wish to securely compute some joint function of their private inputs. The computation should be carried out in a secure way, meaning that no coalition of corrupted parties should be able to learn more than specified or somehow cause the result to be "incorrect." Typically, corrupted parties are either assumed to be semi-honest (meaning that they follow the protocol specification) or malicious (meaning that they may deviate arbitrarily from the protocol). However, in many settings, the assumption regarding semi-honest behavior does not suffice and security in the presence of malicious adversaries is excessive and expensive to achieve. In this paper, we introduce the notion of covert adversaries, which we believe faithfully models the adversarial behavior in many commercial, political, and social settings. Covert adversaries have the property that they may deviate arbitrarily from the protocol specification in an attempt to cheat, but do not wish to be "caught" doing so. We provide a definition of security for covert adversaries and show that it is possible to obtain highly efficient protocols that are secure against such adversaries. We stress that in our definition, we quantify over all (possibly malicious) adversaries and do not assume that the adversary behaves in any particular way. Rather, we guarantee that if an adversary deviates from the protocol in a way that would enable it to "cheat" (meaning that it can achieve something that is impossible in an ideal model where a trusted party is used to compute the function), then the honest parties are guaranteed to detect this cheating with good probability. We argue that this level of security is sufficient in many settings. {\textcopyright} 2009 International Association for Cryptologic Research.},
author = {Aumann, Yonatan and Lindell, Yehuda},
doi = {10.1007/s00145-009-9040-7},
file = {:Users/tilman/Documents/Mendeley Desktop/Aumann, Lindell - 2010 - Security against covert adversaries Efficient protocols for realistic adversaries.pdf:pdf},
issn = {09332790},
journal = {Journal of Cryptology},
keywords = {Covert adversaries,Efficient constructions,Secure two-party computation,Simulation paradigm,sys},
mendeley-tags = {sys},
number = {2},
pages = {281--343},
title = {{Security against covert adversaries: Efficient protocols for realistic adversaries}},
volume = {23},
year = {2010}
}
@article{RFC8555,
author = {Barnes, R. and Hoffman-Andrews, J. and McCarney, D. and Kasten, J.},
journal = {IETF RFC},
title = {{RFC8555: Automatic Certificate Management Environment (ACME)}},
url = {https://tools.ietf.org/html/rfc8555},
year = {2019}
}
@article{RFC675,
author = {Cerf, Vinton and Dalal, Yogen and Sunshine, Carl},
journal = {IETF RFC},
title = {{RFC675: SPECIFICATION OF INTERNET TRANSMISSION CONTROL PROGRAM}},
year = {1974}
}
@article{Josang2013,
abstract = {A PKI can be described as a set of technologies, procedures, and policies for propagating trust from where it initially exists to where it is needed for authentication in online environments. How the trust propagation takes place under a specific PKI depends on the PKI's syntactic trust structure, which is commonly known as a trust model. However, trust is primarily a semantic concept that cannot be expressed in syntactic terms alone. In order to define meaningful trust models for PKIs it is also necessary to consider the semantic assumptions and human cognition of trust relationships, as explicitly or implicitly expressed by certification policies, legal contractual agreements between participants in a PKI, and by how identity information is displayed and represented. Of the many different PKI trust models proposed in the literature, some have been implemented and are currently used in practical settings, from small personal networks to large-scale private and public networks such as the Internet. This chapter takes a closer look at the most prominent and widely used PKI trust models, and discusses related semantic issues.},
author = {J{\o}sang, Audun},
doi = {10.4018/978-1-4666-4030-6.ch012},
file = {:Users/tilman/Documents/Mendeley Desktop/J{\o}sang - 2013 - PKI trust models.pdf:pdf},
isbn = {9781466640313},
journal = {Theory and Practice of Cryptography Solutions for Secure Information Systems},
number = {May},
pages = {279--301},
title = {{PKI trust models}},
year = {2013}
}
@article{Soghoian2012,
abstract = {This paper introduces the compelled certificate creation attack, in which government agencies may compel a certificate authority to issue false SSL certificates that can be used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications. {\textcopyright} 2012 Springer-Verlag.},
author = {Soghoian, Christopher and Stamm, Sid},
doi = {10.1007/978-3-642-27576-0_20},
file = {:Users/tilman/Documents/Mendeley Desktop/Soghoian, Stamm - 2012 - Certified lies Detecting and defeating government interception attacks against SSL (short paper).pdf:pdf},
isbn = {9783642275753},
issn = {03029743},
journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
keywords = {badpki,system model},
mendeley-tags = {badpki,system model},
pages = {250--259},
title = {{Certified lies: Detecting and defeating government interception attacks against SSL (short paper)}},
volume = {7035 LNCS},
year = {2012}
}
@article{Kales2019,
author = {Kales, Daniel and Omolola, Olamide and Ramacher, Sebastian},
doi = {10.1109/eurosp.2019.00039},
file = {:Users/tilman/Documents/Mendeley Desktop/Kales, Omolola, Ramacher - 2019 - Revisiting User Privacy for Certificate Transparency.pdf:pdf},
isbn = {9781728111476},
journal = {2019 IEEE European Symposium on Security and Privacy (EuroS{\&}P)},
keywords = {privacy},
mendeley-tags = {privacy},
pages = {432--447},
publisher = {IEEE},
title = {{Revisiting User Privacy for Certificate Transparency}},
year = {2019}
}
@article{RFC5280,
author = {Cooper, D. and Santesson, S. and Farrell, S. and Boeyen, S. and Housley, R. and Polk, W.},
journal = {IETF RFC},
title = {{RFC5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile}},
year = {2008}
}
@misc{ChromeCertificates,
author = {{The Chromium Projects}},
title = {{Root Certificate Policy}},
url = {https://www.chromium.org/Home/chromium-security/root-ca-policy}
}
@techreport{Laurie2012,
author = {Laurie, B and Kasper, Emilia},
booktitle = {Google Research, September},
file = {:Users/tilman/Documents/Mendeley Desktop/Laurie, Kasper - 2012 - Revocation transparency.pdf:pdf},
institution = {Google},
pages = {0--2},
title = {{Revocation transparency}},
url = {http://sump2.links.org/files/RevocationTransparency.pdf},
year = {2012}
}
@techreport{Nolte2018,
address = {Hamburg},
author = {Nolte, Theodor},
file = {:Users/tilman/Documents/Mendeley Desktop/Nolte - 2018 - Certificate Transparency Deployment Study.pdf:pdf},
institution = {Hochschule f{\"{u}}r Angewandte Wissenschaften Hamburg},
keywords = {adoption},
mendeley-tags = {adoption},
title = {{Certificate Transparency Deployment Study}},
year = {2018}
}
@article{Phan2019,
archivePrefix = {arXiv},
arxivId = {1905.09478},
author = {Phan, Vy An},
eprint = {1905.09478},
file = {:Users/tilman/Documents/Mendeley Desktop/Phan - 2019 - Private Queries on Public Certificate Transparency Data.pdf:pdf},
journal = {CoRR},
keywords = {privacy},
mendeley-tags = {privacy},
title = {{Private Queries on Public Certificate Transparency Data}},
year = {2019}
}
@inproceedings{Ryan2014,
abstract = {—The certificate authority model for authenticating public keys of websites has been attacked in recent years, and several proposals have been made to reinforce it. We develop and extend certificate transparency, a proposal in this direction, so that it efficiently handles certificate revocation. We show how this extension can be used to build a secure end-to-end email or messaging system using PKI with no requirement to trust certificate authorities, or to rely on complex peer-to-peer key-signing arrangements such as PGP. This makes end-to-end encrypted mail possible, with apparently few additional usability issues compared to unencrypted mail (specifically, users do not need to understand or concern themselves with keys or certificates). Underlying these ideas is a new attacker model appropriate for cloud computing, which we call " malicious-but-cautious " .},
author = {Ryan, Mark D.},
booktitle = {Proceedings 2014 Network and Distributed System Security Symposium},
doi = {10.14722/ndss.2014.23379},
file = {:Users/tilman/Documents/Mendeley Desktop/Ryan - 2014 - Enhanced Certificate Transparency and End-to-End Encrypted Mail.pdf:pdf},
isbn = {1891562355},
keywords = {other approach},
mendeley-tags = {other approach},
publisher = {Internet Society},
title = {{Enhanced Certificate Transparency and End-to-End Encrypted Mail}},
year = {2014}
}
@article{RFC2616,
author = {Fielding, Roy T. and Gettys, James and Mogul, Jeffrey C. and Nielsen, Henrik Frystyk and Masinter, Larry and Leach, Paul J. and Berners-Lee, Tim},
journal = {IETF RFC},
title = {{RFC2616: Hypertext Transfer Protocol – HTTP/1.1}},
url = {https://tools.ietf.org/html/rfc2616},
year = {1999}
}
@article{RFC6101,
author = {Freier, A. and Karlton, P. and Kocher, P.},
journal = {IETF RFC},
title = {{RFC6101: The Secure Sockets Layer (SSL) Protocol Version 3.0}},
url = {https://tools.ietf.org/html/rfc6101},
year = {2011}
}
@article{Yu2016,
abstract = {The security of public key validation protocols for web-based applications has recently attracted attention because of weaknesses in the certificate authority model, and consequent attacks. Recent proposals using public logs have succeeded in making certificate management more transparent and verifiable. However, those proposals involve a fixed set of authorities. This means an oligopoly is created. Another problem with current log-based system is their heavy reliance on trusted parties that monitor the logs. We propose a distributed transparent key infrastructure (DTKI), which greatly reduces the oligopoly of service providers and allows verification of the behaviour of trusted parties. In addition, this paper formalises the public log data structure and provides a formal analysis of the security that DTKI guarantees.},
archivePrefix = {arXiv},
arxivId = {1408.1023},
author = {Yu, Jiangshan and Cheval, Vincent and Ryan, Mark},
doi = {10.1093/comjnl/bxw039},
eprint = {1408.1023},
file = {:Users/tilman/Documents/Mendeley Desktop/Yu, Cheval, Ryan - 2016 - DTKI A new formalized PKI with verifiable trusted parties.pdf:pdf},
issn = {14602067},
journal = {Computer Journal},
keywords = {Certificate,Formal verification,Key distribution,PKI,SSL,TLS,Transparency,Trust,comparison,other approach,system model,transparency},
mendeley-tags = {comparison,other approach,system model,transparency},
number = {11},
pages = {1695--1713},
title = {{DTKI: A new formalized PKI with verifiable trusted parties}},
volume = {59},
year = {2016}
}
@book{Ristic2015,
address = {London},
author = {Risti{\'{c}}, Ivan},
editor = {Giri{\'{c}}-Risti{\'{c}}, Jelena and Rankin, Melinda},
file = {:Users/tilman/Documents/Mendeley Desktop/Risti{\'{c}} - 2015 - BULLETPROOF SSL AND TLS Understanding and Deploying SSLTLS and PKI to Secure Servers and Web Applications Free.pdf:pdf},
isbn = {9781907117046},
publisher = {Feisty Duck Limited},
title = {{BULLETPROOF SSL AND TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications Free}},
year = {2015}
}
@article{Amann2017,
abstract = {Driven by CA compromises and the risk of man-in-the-middle attacks, new security features have been added to TLS, HTTPS, and the web PKI over the past five years. These include Certificate Transparency (CT), for making the CA system auditable; HSTS and HPKP headers, to harden the HTTPS posture of a domain; the DNS-based extensions CAA and TLSA, for control over certificate issuance and pinning; and SCSV, for protocol downgrade protection. This paper presents the first large scale investigation of these improvements to the HTTPS ecosystem, explicitly accounting for their combined usage. In addition to collecting passive measurements at the Internet uplinks of large University networks on three continents, we perform the largest domain-based active Internet scan to date, covering 193M domains. Furthermore, we track the long-term deployment history of new TLS security features by leveraging passive observations dating back to 2012. We find that while deployment of new security features has picked up in general, only SCSV (49M domains) and CT (7M domains) have gained enough momentum to improve the overall security of HTTPS. Features with higher complexity, such as HPKP, are deployed scarcely and often incorrectly. Our empirical findings are placed in the context of risk, deployment effort, and benefit of these new technologies, and actionable steps for improvement are proposed. We cross-correlate use of features and find some techniques with significant correlation in deployment. We support reproducible research and publicly release data and code.},
author = {Amann, Johanna and Gasser, Oliver and Scheitle, Quirin and Brent, Lexi and Carle, Georg and Holz, Ralph},
doi = {10.1145/3131365.3131401},
file = {:Users/tilman/Documents/Mendeley Desktop/Amann et al. - 2017 - Mission accomplished HTTPS security after diginotar.pdf:pdf},
isbn = {9781450351188},
journal = {Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC},
keywords = {CAA,CT,HPKP,HSTS,HTTPS,PKI,SCSV,TLS,X.509},
pages = {325--340},
title = {{Mission accomplished? HTTPS security after diginotar}},
volume = {Part F1319},
year = {2017}
}
@article{Yu2017,
abstract = {Certificate authorities serve as trusted parties to help secure web communications. They are a vital component for ensuring the security of cloud infrastructures and big data repositories. Unfortunately, recent attacks using mis-issued cer-tificates show this model is severely broken. Much research has been done to enhance certificate man-agement in order to create more secure and reliable cloud architectures. However, none of it has been widely adopted yet, and it is hard to judge which one is the winner. This chapter provides a survey with critical analysis on the existing proposals for managing public key certificates. This evaluation framework would be helpful for future research on designing an alternative certificate management system to secure the internet.},
author = {Yu, Jiangshan and Ryan, Mark},
doi = {10.1016/b978-0-12-805467-3.00007-7},
file = {:Users/tilman/Documents/Mendeley Desktop/Yu, Ryan - 2017 - Evaluating Web PKIs.pdf:pdf},
journal = {Software Architecture for Big Data and the Cloud},
keywords = {comparison,other approach,system model},
mendeley-tags = {comparison,other approach,system model},
pages = {105--126},
title = {{Evaluating Web PKIs}},
year = {2017}
}
@article{Tomescu2019,
abstract = {Transparency logs allow users to audit a potentially malicious service , paving the way towards a more accountable Internet. For example, Certificate Transparency (CT) enables domain owners to audit Certificate Authorities (CAs) and detect impersonation attacks. Yet, to achieve their full potential, transparency logs must be bandwidth-efficient when queried by users. Specifically, everyone should be able to efficiently look up log entries by their key and efficiently verify that the log remains append-only. Unfortunately , without additional trust assumptions, current transparency logs cannot provide both small-sized lookup proofs and small-sized append-only proofs. In fact, one of the proofs always requires band-width linear in the size of the log, making it expensive for everyone to query the log. In this paper, we address this gap with a new primitive called an append-only authenticated dictionary (AAD). Our construction is the first to achieve (poly)logarithmic size for both proof types and helps reduce bandwidth consumption in transparency logs. This comes at the cost of increased append times and high memory usage, both of which remain to be improved to make practical deployment possible. CCS CONCEPTS • Security and privacy → Key management; • Theory of computation → Cryptographic primitives; Data structures design and analysis.},
author = {Tomescu, Alin and Bhupatiraju, Vivek and Papadopoulos, Dimitrios and Papamanthou, Charalampos and Triandopoulos, Nikos and Devadas, Srinivas},
doi = {10.1145/3319535.3345652},
file = {:Users/tilman/Documents/Mendeley Desktop/Tomescu et al. - 2019 - Transparency Logs via Append-Only Authenticated Dictionaries.pdf:pdf},
isbn = {9781450367479},
journal = {Ccs},
keywords = {Charalampos Papamanthou,Dimitrios Papadopoulos,Merkle trees,Nikos Triandopoulos,RSA accumulators,Vivek Bhupatiraju,and Srinivas Devadas 2019 Trans-parency Logs via A,append-only,authenticated dictionaries,bilinear accumulators,polynomials ACM Reference Format: Alin Tomescu,transparency logs},
pages = {18},
title = {{Transparency Logs via Append-Only Authenticated Dictionaries}},
year = {2019}
}
@article{Bernhard2019,
abstract = {HTTPS and TLS are the backbone of Internet security, however setting up web servers to run these protocols is a notoriously difficult process. In this paper, we perform two live subjects usability studies on the deployment of HTTPS in a real-world setting. Study 1 is a within subjects comparison between traditional HTTPS configuration (purchasing a certificate and installing it on a server) and Let's Encrypt, which automates much of the process. Study 2 is a between subjects study looking at the same two systems, examining why users encounter usability issues. Overall we confirm past results that HTTPS is difficult to deploy, and we find some evidence that suggests Let's Encrypt is an easier, more efficient method for deploying HTTPS.},
author = {Bernhard, Matthew and Sharman, Jonathan and Acemyan, Claudia Ziegler and Kortum, Philip and Wallach, Dan S. and {Alex Halderman}, J.},
doi = {10.1145/3290605.3300540},
file = {:Users/tilman/Documents/Mendeley Desktop/Bernhard et al. - 2019 - On the usability of HTTPS deployment.pdf:pdf},
isbn = {9781450359702},
journal = {Conference on Human Factors in Computing Systems - Proceedings},
title = {{On the usability of HTTPS deployment}},
year = {2019}
}
@misc{Kaufman2018,
author = {Kaufman, Jeff T.},
title = {{History of HTTPS Usage}},
url = {https://www.jefftk.com/p/history-of-https-usage},
urldate = {2019-11-04},
year = {2018}
}
@article{Manousis2016,
abstract = {Let's Encrypt is a new entrant in the Certificate Authority ecosystem that offers free and automated certificate signing. It is visionary in its commitment to Certificate Transparency. In this paper, we shed light on the adoption patterns of Let's Encrypt "in the wild" and inform the future design and deployment of this exciting development in the security landscape. We analyze acquisition patterns of certificates as well as their usage and deployment trends in the real world. To this end, we analyze data from Certificate Transparency Logs containing records of more then 18 million certificates. We also leverage other sources like Censys, Alexa's historic records, Geolocation databases, and VirusTotal. We also perform active HTTPS measurements on the domains owning Let's Encrypt certificates. Our analysis of certificate acquisition shows that (1) the impact of Let's Encrypt is particularly visible in Western Europe; (2) Let's Encrypt has the potential to democratize HTTPS adoption in countries that are recent entrants to Internet adoption; (3) there is anecdotal evidence of popular domains quitting their previously untrustworthy or expensive CAs in order to transition to Let's Encrypt; and (4) there is a "heavy tailed" behavior where a small number of domains acquire a large number of certificates. With respect to usage, we find that: (1) only 54{\%} of domains actually use the Let's Encrypt certificates they have procured; (2) there are many non-trivial incidents of server misconfigurations; and (3) there is early evidence of use of Let's Encrypt certificates for typosquatting and for malware-laden sites.},
archivePrefix = {arXiv},
arxivId = {1611.00469},
author = {Manousis, Antonis and Ragsdale, Roy and Draffin, Ben and Agrawal, Adwiteeya and Sekar, Vyas},
eprint = {1611.00469},
file = {:Users/tilman/Documents/Mendeley Desktop/Manousis et al. - 2016 - Shedding Light on the Adoption of Let's Encrypt.pdf:pdf},
journal = {Computing Research Repository},
title = {{Shedding Light on the Adoption of Let's Encrypt}},
url = {http://arxiv.org/abs/1611.00469},
volume = {abs/1611.0},
year = {2016}
}
@inproceedings{Zadegan2016,
address = {Paris},
author = {Zadegan, Bryant and Lester, Ryan},
booktitle = {DEF CON 24},
file = {:Users/tilman/Documents/Mendeley Desktop/Zadegan, Lester - 2016 - Abusing Bleeding Edge Web Standards for AppSec Glory.pdf:pdf},
title = {{Abusing Bleeding Edge Web Standards for AppSec Glory}},
year = {2016}
}
@article{RFC7469,
author = {Evans, C. and Palmer, C. and Sleevi, R.},
doi = {10.17487/RFC7469},
journal = {IETF RFC},
title = {{RFC7469: Public Key Pinning Extension for HTTP}},
url = {https://tools.ietf.org/html/rfc7469},
year = {2015}
}
@article{Roosa2013,
abstract = {For more than a decade, Internet users have relied on digital certificates issued by certificate authorities to encrypt and authenticate their most valuable communications. Computer security experts have lambasted weaknesses in the system since its inception. Recent exploits have brought several problems back into stark focus. The authors describe some proposed technologybased improvements, as well as some legal, economic, and organizational shortcomings of the trust model. They also propose first steps toward fixes and next steps for study. {\textcopyright} 1997-2012 IEEE.},
author = {Roosa, Steven B. and Schultze, Stephen},
doi = {10.1109/MIC.2013.27},
file = {:Users/tilman/Documents/Mendeley Desktop/Roosa, Schultze - 2013 - Trust darknet Control and compromise in the internet's certificate authority model.pdf:pdf},
issn = {10897801},
journal = {IEEE Internet Computing},
keywords = {badpki,legal implications,public policy,public-key cryptosystems},
mendeley-tags = {badpki},
number = {3},
pages = {18--25},
publisher = {IEEE},
title = {{Trust darknet: Control and compromise in the internet's certificate authority model}},
volume = {17},
year = {2013}
}
@article{Maxwell2019,
abstract = {We describe a new Schnorr-based multi-signature scheme (i.e., a protocol which allows a group of signers to produce a short, joint signature on a common message) called MuSig, provably secure under the Discrete Logarithm assumption and in the plain public-key model (meaning that signers are only required to have a public key, but do not have to prove knowledge of the private key corresponding to their public key to some certification authority or to other signers before engaging the protocol). MuSig improves over the state-of-art scheme of Bellare and Neven (ACM Conference on Computer and Communications Security-CCS 2006) and its variants by Bagherzandi et al. (ACM Conference on Computer and Communications Security-CCS 2008) and Ma et al. (Des Codes Cryptogr 54(2):121–133, 2010) in two respects: (i) it is simple and efficient, having the same key and signature size as standard Schnorr signatures; (ii) it allows key aggregation, which informally means that the joint signature can be verified exactly as a standard Schnorr signature with respect to a single “aggregated” public key which can be computed from the individual public keys of the signers. To the best of our knowledge, this is the first multi-signature scheme provably secure under the Discrete Logarithm assumption in the plain public-key model which allows key aggregation. As an application, we explain how our new multi-signature scheme could improve both performance and user privacy in Bitcoin.},
author = {Maxwell, Gregory and Poelstra, Andrew and Seurin, Yannick and Wuille, Pieter},
doi = {10.1007/s10623-019-00608-x},
file = {:Users/tilman/Documents/Mendeley Desktop/Maxwell et al. - 2019 - Simple Schnorr multi-signatures with applications to Bitcoin.pdf:pdf},
issn = {15737586},
journal = {Designs, Codes, and Cryptography},
keywords = {Bitcoin,Discrete logarithm problem,Forking lemma,Key aggregation,Multi-signatures,Schnorr signatures},
pages = {1--34},
title = {{Simple Schnorr multi-signatures with applications to Bitcoin}},
year = {2019}
}
@misc{Merkle1982,
author = {Merkle, Ralph C.},
file = {:Users/tilman/Documents/Mendeley Desktop/Merkle - 1982 - US Patent 4309569 Method of providing digital signatures.pdf:pdf},
publisher = {United States Patent Office},
title = {{US Patent 4309569: Method of providing digital signatures}},
year = {1982}
}
@techreport{Varvello2015,
author = {Varvello, Matteo and Schomp, Kyle and Naylor, David and Blackburn, Jeremy and Papagiannaki, Konstantina},
file = {:Users/tilman/Documents/Mendeley Desktop/Varvello et al. - 2015 - Is The Web HTTP 2 Yet.pdf:pdf},
institution = {isthewebhttp2yet.com},
title = {{Is The Web HTTP / 2 Yet ?}},
url = {http://isthewebhttp2yet.com/files/http2-pam16.pdf},
year = {2015}
}
@book{Wattenhofer2016,
author = {Wattenhofer, Roger},
file = {:Users/tilman/Documents/Mendeley Desktop/Wattenhofer - 2016 - The science of blokchain.pdf:pdf},
isbn = {9781522751830},
publisher = {Inverted Forest Publishing},
title = {{The science of blokchain}},
year = {2016}
}
@inproceedings{Syta2017,
abstract = {Bias-resistant public randomness is a critical com- ponent in many (distributed) protocols. Generating public ran- domness is hard, however, because active adversaries may behave dishonestly to bias public random choices toward their advan- tage. Existing solutions do not scale to hundreds or thousands of participants, as is needed in many decentralized systems. We propose two large-scale distributed protocols, RandHound and RandHerd, which provide publicly-verifiable, unpredictable, and unbiasable randomness against Byzantine adversaries. Rand- Hound relies on an untrusted client to divide a set of randomness servers into groups for scalability, and it depends on the pigeon- hole principle to ensure output integrity, even for non-random, adversarial group choices. RandHerd implements an efficient, decentralized randomness beacon. RandHerd is structurally similar to a BFT protocol, but uses RandHound in a one-time setup to arrange participants into verifiably unbiased random secret-sharing groups, which then repeatedly produce random output at predefined intervals. Our prototype demonstrates that RandHound and RandHerd achieve good performance across hundreds of participants while retaining a low failure probability by properly selecting protocol parameters, such as a group size and secret-sharing threshold. For example, when sharding 512 nodes into groups of 32, our experiments show that RandHound can produce fresh random output after 240 seconds. RandHerd, after a setup phase of 260 seconds, is able to generate fresh random output in intervals of approximately 6 seconds. For this configuration, both protocols operate at a failure probability of at},
address = {San Jose},
author = {Syta, Ewa and Jovanovic, Philipp and Kogias, Eleftherios Kokoris and Gailly, Nicolas},
booktitle = {2017 IEEE Symposium on Security and Privacy},
doi = {10.1109/SP.2017.45},
file = {:Users/tilman/Documents/Mendeley Desktop/Syta et al. - 2017 - Scalable Bias-Resistant Distributed Randomness.pdf:pdf},
pages = {444--460},
publisher = {IEEE Computer Society},
title = {{Scalable Bias-Resistant Distributed Randomness}},
year = {2017}
}
@inproceedings{Stubs2019,
address = {Bonn},
author = {Mueller, Tobias and St{\"{u}}bs, Marius and Federrath, Hannes},
booktitle = {Open Identity Summit 2019},
editor = {Ro{\ss}nagel, Heiko and Wagner, Sven and H{\"{u}}hnlein, Detlef},
file = {:Users/tilman/Documents/Mendeley Desktop/Mueller, St{\"{u}}bs, Federrath - 2019 - Let's Revoke! Mitigating Revocation Equivocation by re-purposing the Certificate Transparency Log.pdf:pdf},
keywords = {asynchronous decentralised messaging,email,key revocation,openpgp,pki,revocation,trust},
mendeley-tags = {revocation},
pages = {143--154},
publisher = {Gesellschaft f{\"{u}}r Informatik},
title = {{Let's Revoke! Mitigating Revocation Equivocation by re-purposing the Certificate Transparency Log}},
year = {2019}
}
@article{Stark2019,
abstract = {Certificate Transparency (CT) is an emerging system for enabling the rapid discovery of malicious or misissued certificates. Initially standardized in 2013, CT is now finally beginning to see widespread support. Although CT provides desirable security benefits, web browsers cannot begin requiring all websites to support CT at once, due to the risk of breaking large numbers of websites. We discuss challenges for deployment, analyze the adoption of CT on the web, and measure the error rates experienced by users of the Google Chrome web browser. We find that CT has so far been widely adopted with minimal breakage and warnings. Security researchers often struggle with the tradeoff between security and user frustration: rolling out new security requirements often causes breakage. We view CT as a case study for deploying ecosystem-wide change while trying to minimize end user impact. We discuss the design properties of CT that made its success possible, as well as draw lessons from its risks and pitfalls that could be avoided in future large-scale security deployments.},
author = {Stark, Emily and Sleevi, Ryan and Muminovi{\'{c}}, Rijad and O'Brien, Devon and Messeri, Eran and Felt, Adrienne Porter and Mcmillion, Brendan and Tabriz, Parisa},
doi = {10.1109/SP.2019.00027},
file = {:Users/tilman/Documents/Mendeley Desktop/Stark et al. - 2019 - Does Certificate Transparency Break the Web Measuring Adoption and Error Rate.pdf:pdf},
journal = {Proceedings of the IEEE Symposium on Security {\&} Privacy (2019)},
keywords = {Certificate Transparency,HTTPS,Index Terms-Web PKI,gossip,usable security},
mendeley-tags = {gossip},
title = {{Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate}},
url = {https://ai.google/research/pubs/pub47551},
year = {2019}
}
@misc{Slepak2014,
author = {Slepak, Greg},
booktitle = {okTurtles Blog},
title = {{The Trouble with Certificate Transparency}},
url = {https://blog.okturtles.org/2014/09/the-trouble-with-certificate-transparency/},
year = {2014}
}
@phdthesis{Magnusson2019,
author = {Magnusson, Jonathan},
file = {:Users/tilman/Documents/Mendeley Desktop/Magnusson - 2019 - Designing DNS Cache Aggregation to Detect Misbehaving Certificate Transparency Logs.pdf:pdf},
keywords = {gossip},
mendeley-tags = {gossip},
school = {Karlstad University},
title = {{Designing DNS Cache Aggregation to Detect Misbehaving Certificate Transparency Logs}},
year = {2019}
}
@misc{Ritter2016,
author = {Ritter, Tom},
booktitle = {ritter.vg},
keywords = {gossip},
mendeley-tags = {gossip},
title = {a bit on certificate transparency gossip},
url = {https://ritter.vg/blog-a{\_}bit{\_}on{\_}certificate{\_}transparency{\_}gossip.html},
urldate = {2019-07-01},
year = {2016}
}
@inproceedings{Boneh2003a,
abstract = {An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verifier that the n users did indeed sign the n original messages (i.e., user i signed message M i for i = 1,..., n). In this paper we introduce the concept of an aggregate signature, present security models for such signatures, and give several applications for aggregate signatures. We construct an efficient aggregate signature from a recent short signature scheme based on bilinear maps due to Boneh, Lynn, and Shacham. Aggregate signatures are useful for reducing the size of certificate chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols such as SBGP. We also show that aggregate signatures give rise to verifiably encrypted signatures. Such signatures enable the verifier to test that a given ciphertext C is the encryption of a signature on a given message M. Verifiably encrypted signatures are used in contract-signing protocols. Finally, we show that similar ideas can be used to extend the short signature scheme to give simple ring signatures.},
address = {Warsaw},
author = {Boneh, Dan and Gentry, Craig and Lynn, Ben and Shacham, Hovav},
booktitle = {Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques},
doi = {10.1007/3-540-39200-9_26},
editor = {Biham, Eli},
file = {:Users/tilman/Documents/Mendeley Desktop/Boneh et al. - 2003 - Aggregate and Verifiably Encrypted Signatures from Bilinear Maps.pdf:pdf},
isbn = {3-540-14039-5},
pages = {416--432},
publisher = {Springer-Verlag},
title = {{Aggregate and Verifiably Encrypted Signatures from Bilinear Maps}},
url = {http://link.springer.com/10.1007/3-540-39200-9{\_}26},
year = {2003}
}
@misc{Smith2018,
author = {Smith, Martin},
booktitle = {certificate-transparency},
title = {{Google CT Log Outage Postmortem For Oct 24 2018}},
url = {https://groups.google.com/d/msg/certificate-transparency/mm5Dqmxce3M/JGKwCLp9AgAJ},
urldate = {2019-05-06},
year = {2018}
}
@techreport{Stehr2019,
address = {Braunschweig},
author = {Stehr, Tilman},
file = {:Users/tilman/Documents/Mendeley Desktop/Stehr - 2019 - How do Browsers Handle Misbehaving Certificate Transparency Logs.pdf:pdf},
institution = {Technische Universit{\"{a}}t Braunschweig},
title = {{How do Browsers Handle Misbehaving Certificate Transparency Logs ?}},
year = {2019}
}
@article{Kent2018,
author = {Kent, Stephen},
file = {:Users/tilman/Documents/Mendeley Desktop/Kent - 2018 - Attack and Threat Model for Certificate Transparency.pdf:pdf},
institution = {Internet Engineering Task Force},
journal = {IETF Draft},
keywords = {system model},
mendeley-tags = {system model},
title = {{Attack and Threat Model for Certificate Transparency}},
url = {https://tools.ietf.org/html/draft-ietf-trans-threat-analysis-16},
year = {2018}
}
@article{Dowling2016,
abstract = {Since hundreds of certificate authorities (CAs) can issue browser-trusted certificates, it can be difficult for domain owners to detect certificates that have been fraudulently issued for their domain. Certificate Transparency (CT) is a recent standard by the Internet Engineering Task Force (IETF) that aims to construct public logs of all certificates issued by CAs, making it easier for domain owners to monitor for fraudulently issued certificates. To avoid relying on trusted log servers, CT includes mechanisms by which monitors and auditors can check whether logs are behaving honestly or not; these mechanisms are primarily based on Merkle tree hashing and authentication proofs. Given that CT is now being deployed, it is important to verify that it achieves its security goals. In this work, we define four security properties of logging schemes such as CT that can be assured via cryptographic means, and show that CT does achieve these security properties. We consider two classes of security goals: those involving security against a malicious logger attempting to present different views of the log to different parties or at different points in time, and those involving security against malicious monitors who attempt to frame an honest log for failing to include a certificate in the log. We show that Certificate Transparency satisfies these security properties under various assumptions on Merkle trees all of which reduce to collision resistance of the underlying hash function (and in one case with the additional assumption of unforgeable signatures).},
author = {Dowling, Benjamin and G{\"{u}}nther, Felix and Herath, Udyani and Stebila, Douglas},
doi = {10.1007/978-3-319-45744-4},
file = {:Users/tilman/Documents/Mendeley Desktop/Dowling et al. - 2016 - Secure Logging Schemes and Certificate Transparency.pdf:pdf},
isbn = {978-3-319-45743-7},
journal = {Computer Security – ESORICS 2016. ESORICS 2016. Lecture Notes in Computer Science},
keywords = {system model},
mendeley-tags = {system model},
pages = {1--27},
title = {{Secure Logging Schemes and Certificate Transparency}},
url = {http://link.springer.com/10.1007/978-3-319-45744-4},
volume = {9879},
year = {2016}
}
@article{Nykvist2018,
abstract = {Certificate Transparency (CT) was developed to mitigate shortcomings in the TLS/SSL landscape and to assess the trustworthi- ness of Certificate Authorities (CAs) and the certificates they create. With CT, certificates should be logged in public, audible, append-only CT logs and servers should provide clients (browsers) evidence, in the form of Signed Certificate Timestamps (SCTs), that the certificates that they present have been logged in credible CT logs. These SCTs can be delivered using three different methods: (i) X.509v3 extension, (ii) TLS extension, and (iii) OSCP stapling. In this paper, we develop a client-side measurement tool that implements all three methods and use the tool to analyze the SCT adoption among the one-million most popular web domains. Using two snapshots (from May and Oct. 2017), we answer a wide range of questions related to the delivery choices made by different domains, identify differences in the certificates used by these domains, the CT logs they use, and characterize the overheads and potential per- formance impact of the SCT delivery methods. By highlighting some of the tradeoffs between the methods and differences in the websites select- ing them, we provide insights into the current SCT adoption status and differences in how domains have gone upon adopting this new technology. 1},
author = {Nykvist, Carl and Sj{\"{o}}str{\"{o}}m, Linus and Gustafsson, Josef and Carlsson, Niklas},
doi = {10.1007/978-3-319-76481-8_14},
file = {:Users/tilman/Documents/Mendeley Desktop/Nykvist et al. - 2018 - Server-Side Adoption of Certificate Transparency.pdf:pdf},
isbn = {9783319764801},
journal = {Passive and Active Measurement. PAM 2018. Lecture Notes in Computer Science},
pages = {186--199},
title = {{Server-Side Adoption of Certificate Transparency}},
volume = {10771},
year = {2018}
}
@article{Basin2014,
abstract = {We present ARPKI, a public-key infrastructure that ensures that certificate-related operations, such as certificate issuance, update, revocation, and validation, are transparent and ac-countable. ARPKI is the first such infrastructure that sys-tematically takes into account requirements identified by previous research. Moreover, ARPKI is co-designed with a formal model, and we verify its core security property using the Tamarin prover. We present a proof-of-concept imple-mentation providing all features required for deployment. ARPKI efficiently handles the certification process with low overhead and without incurring additional latency to TLS. ARPKI offers extremely strong security guarantees, where compromising n − 1 trusted signing and verifying entities is insufficient to launch an impersonation attack. Moreover, it deters misbehavior as all its operations are publicly visible.},
author = {Basin, David and Cremers, Cas and Kim, Tiffany Hyun-Jin and Perrig, Adrian and Sasse, Ralf and Szalachowski, Pawel},
doi = {10.1145/2660267.2660298},
file = {:Users/tilman/Documents/Mendeley Desktop/Basin et al. - 2014 - ARPKI Attack Resilient Public-Key Infrastructure.pdf:pdf},
isbn = {9781450329576},
issn = {15437221},
journal = {Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14},
keywords = {a single compro-,attack resilience,certificate validation,formal validation,in the current trust,log servers,model of tls pki,other approach,public,public-key infrastructure,tls,to review},
mendeley-tags = {other approach,to review},
title = {{ARPKI: Attack Resilient Public-Key Infrastructure}},
url = {https://netsec.ethz.ch/publications/papers/ccsfp200s-cremersA.pdf},
year = {2014}
}
@article{Dahlberg2018,
abstract = {Certificate Transparency (CT) is a project that mandates public logging of TLS certificates issued by certificate authorities. While a CT log is designed to be trustless, it relies on the assumption that every client sees and cryptographically verifies the same log. The solution to this problem is a gossip mechanism that ensures that clients share the same view of the logs. Despite CT being added to Google Chrome, no gossip mechanism is pending wide deployment. We suggest an aggregation-based gossip mechanism that passively observes cryptographic material that CT logs emit in plaintext, aggregating at packet processors and periodically verifying log consistency off-path. Based on 20 days of RIPE Atlas measurements that represents clients from 3500 autonomous systems and 40{\%} of the IPv4 space, our proposal can be deployed incrementally for a realistic threat model with significant protection against undetected log misbehavior. We also discuss how to instantiate aggregation-based gossip on a variety of packet processors, and show that our P4 and XDP proof-of-concepts implementations run at line-speed.},
archivePrefix = {arXiv},
arxivId = {1806.08817},
author = {Dahlberg, Rasmus and Pulls, Tobias and Vestin, Jonathan and H{\o}iland-J{\o}rgensen, Toke and Kassler, Andreas},
eprint = {1806.08817},
file = {:Users/tilman/Documents/Mendeley Desktop/Dahlberg et al. - 2018 - Aggregation-Based Gossip for Certificate Transparency.pdf:pdf},
journal = {CoRR},
keywords = {gossip},
mendeley-tags = {gossip},
pages = {1--20},
title = {{Aggregation-Based Gossip for Certificate Transparency}},
volume = {abs/1806.0},
year = {2018}
}
@inproceedings{Syta2016,
abstract = {The secret keys of critical network authorities - such as time, name, certificate, and software update services - represent high-value targets for hackers, criminals, and spy agencies wishing to use these keys secretly to compromise other hosts. To protect authorities and their clients proactively from undetected exploits and misuse, we introduce CoSi, a scalable witness cosigning protocol ensuring that every authoritative statement is validated and publicly logged by a diverse group of witnesses before any client will accept it. A statement S collectively signed by W witnesses assures clients that S has been seen, and not immediately found erroneous, by those W observers. Even if S is compromised in a fashion not readily detectable by the witnesses, CoSi still guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to risk that the compromise will soon be detected by one of the W witnesses. Because clients can verify collective signatures efficiently without communication, CoSi protects clients' privacy, and offers the first transparency mechanism effective against persistent man-in-the-middle attackers who control a victim's Internet access, the authority's secret key, and several witnesses' secret keys. CoSi builds on existing cryptographic multisignature methods, scaling them to support thousands of witnesses via signature aggregation over efficient communication trees. A working prototype demonstrates CoSi in the context of timestamping and logging authorities, enabling groups of over 8,000 distributed witnesses to cosign authoritative statements in under two seconds.},
address = {San Jose},
author = {Syta, Ewa and Tamas, Iulia and Visher, Dylan and Wolinsky, David Isaac and Jovanovic, Philipp and Gasser, Linus and Gailly, Nicolas and Khoffi, Ismail and Ford, Bryan},
booktitle = {2016 IEEE Symposium on Security and Privacy},
doi = {10.1109/SP.2016.38},
file = {:Users/tilman/Documents/Mendeley Desktop/Syta et al. - 2016 - Keeping Authorities ‘Honest or Bust' with Decentralized Witness Cosigning.pdf:pdf},
isbn = {9781509008247},
keywords = {cryptography,distributed protocols,multisignatures,scalability,signatures,transparency},
pages = {526--545},
publisher = {IEEE},
title = {{Keeping Authorities ‘Honest or Bust' with Decentralized Witness Cosigning}},
year = {2016}
}
@inproceedings{Kim2013,
abstract = {Recent trends in public-key infrastructure research explore the trade-off between decreased trust in Certificate Authorities (CAs), re-silience against attacks, communication overhead (bandwidth and latency) for setting up an SSL/TLS connection, and availability with respect to verifiability of public key information. In this pa-per, we propose AKI as a new public-key validation infrastructure, to reduce the level of trust in CAs. AKI integrates an architec-ture for key revocation of all entities (e.g., CAs, domains) with an architecture for accountability of all infrastructure parties through checks-and-balances. AKI efficiently handles common certifica-tion operations, and gracefully handles catastrophic events such as domain key loss or compromise. We propose AKI to make progress towards a public-key validation infrastructure with key revocation that reduces trust in any single entity.},
author = {Kim, Tiffany Hyun-Jin and Huang, Lin-Shung and Perrig, Adrian and Jackson, Collin and Gligor, Virgil},
booktitle = {WWW '13 - Proceedings of the 22nd international conference on World Wide Web},
doi = {10.1145/2488388.2488448},
file = {:Users/tilman/Documents/Mendeley Desktop/Kim et al. - 2013 - Accountable Key Infrastructure (AKI) A Proposal for a Public-Key Validation Infrastructure.pdf:pdf},
isbn = {9781450320351},
keywords = {accountability,certificate validation,log servers,other approach,public,public-key infrastructure,ssl,tls,to review},
mendeley-tags = {other approach,to review},
pages = {679--690},
title = {{Accountable Key Infrastructure (AKI): A Proposal for a Public-Key Validation Infrastructure}},
year = {2013}
}
@article{Gustafsson2017,
abstract = {Many of today's web-based services rely heavily on secure end-to-end connections. The “trust” that these services require builds upon TLS/SSL. Unfortunately, TLS/SSL is highly vulnerable to com- promised Certificate Authorities (CAs) and the certificates they gener- ate. Certificate Transparency (CT) provides a way to monitor and audit certificates and certificate chains, to help improve the overall network security. Using an open standard, anybody can setup CT logs, monitors, and auditors. CT is already used by Google's Chrome browser for vali- dation of Extended Validation (EV) certificates, Mozilla is drafting their own CT policies to be enforced, and public CT logs have proven valu- able in identifying rogue certificates. In this paper we present the first large-scale characterization of the CT landscape. Our characterization uses both active and passive measurements and highlights similarities and differences in public CT logs, their usage, and the certificates they include. We also provide insights into how the certificates in these logs relate to the certificates and keys observed in regular web traffic. 1},
author = {Gustafsson, Josef and Overier, Gustaf and Arlitt, Martin and Carlsson, Niklas},
doi = {10.1007/978-3-319-54328-4_7},
file = {:Users/tilman/Documents/Mendeley Desktop/Gustafsson et al. - 2017 - A first look at the CT landscape Certificate transparency logs in practice.pdf:pdf},
isbn = {9783319543277},
issn = {16113349},
journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
keywords = {adoption},
mendeley-tags = {adoption},
pages = {87--99},
title = {{A first look at the CT landscape: Certificate transparency logs in practice}},
volume = {10176 LNCS},
year = {2017}
}
@misc{OBrien2018c,
author = {O'Brien, Devon},
booktitle = {Certificate Transparency Policy},
title = {{Certificate Transparency Enforcement in Chrome and CT Day in London}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/Qqr59r6yn1A/2t0bWblZBgAJ},
urldate = {2019-01-30},
year = {2018}
}
@article{RFC6962-bis,
author = {Laurie, B. and Langley, A. and Kasper, E. and Messeri, E. and Stradling, R.},
journal = {IETF Draft},
title = {{Certificate Transparency Version 2.0}},
url = {https://www.ietf.org/id/draft-ietf-trans-rfc6962-bis-30.txt},
year = {2018}
}
@misc{Markham2016,
author = {Markham, Gervase and Rowley, Jeremy and Stradling, Rob and Beattie, Doug and Barreira, I{\~{n}}igo and Aas, Josh and Salz, Richard and Ayer, Andrew and Fige, Patrick and Palmer, Matt and Sleevi, Ryan and Ritter, Tom},
booktitle = {Certificate Transparency Policy},
title = {{Discussion Thread “Mozilla CT Policy - significantly updated draft”}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/Xx1bv8r33ZE/G92XHS6gAAAJ},
urldate = {2019-01-30},
year = {2016}
}
@misc{Sleevi2016a,
author = {Sleevi, Ryan},
booktitle = {mozilla.dev.security.policy},
title = {{Comment on “Mozilla CT Policy”}},
url = {https://groups.google.com/d/msg/mozilla.dev.security.policy/VJYX1Wnnhiw/7NbhdhHHBgAJ},
urldate = {2019-01-30},
year = {2016}
}
@misc{Ayer2018b,
author = {Ayer, Andrew},
booktitle = {Andrew's Blog},
title = {{How will Certificate Transparency Logs be Audited in Practice?}},
url = {https://www.agwa.name/blog/post/how{\_}will{\_}certificate{\_}transparency{\_}logs{\_}be{\_}audited{\_}in{\_}practice},
urldate = {2019-01-30},
year = {2018}
}
@techreport{Sleevi2017,
author = {Sleevi, Ryan and Messeri, Eran},
file = {:Users/tilman/Documents/Mendeley Desktop/Sleevi, Messeri - 2017 - Certificate Transparency in Chrome Monitoring CT logs consistency.pdf:pdf},
institution = {Google},
title = {{Certificate Transparency in Chrome: Monitoring CT logs consistency}},
url = {https://docs.google.com/document/d/1FP5J5Sfsg0OR9P4YT0q1dM02iavhi8ix1mZlZe{\_}z-ls/edit},
year = {2017}
}
@misc{TheChromiumAuthors,
author = {{The Chromium Authors}},
title = {chromium / chromium / src.git / master / . / components / certificate{\_}transparency / features.cc},
url = {https://chromium.googlesource.com/chromium/src.git/+/master/components/certificate{\_}transparency/features.cc},
urldate = {2019-01-30}
}
@misc{Kalinnikov2018,
author = {Kalinnikov, Pavel},
booktitle = {Certificate Transparency Policy},
title = {{Mirrors for Symantec logs are now running}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/Nu13xFn6dcA/GEvL8y7nCAAJ},
urldate = {2019-01-30},
year = {2018}
}
@misc{Sullivan2018,
author = {Sullivan, Nick},
booktitle = {Cloudflare Blog},
title = {{Introducing Certificate Transparency and Nimbus}},
url = {https://blog.cloudflare.com/introducing-certificate-transparency-and-nimbus/},
urldate = {2019-01-30},
year = {2018}
}
@misc{Colon2018,
author = {Colon, David},
booktitle = {Certificate Transparency Policy},
title = {{Comment on “Sabre uptime below 99{\%}”}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/XOmpEaEBaJM/ub{\_}Tx9FDBAAJ},
urldate = {2019-01-30},
year = {2018}
}
@misc{Nair2018,
author = {Nair, Hari},
booktitle = {Certificate Transparency Policy},
title = {{[Inform] Announcing sunset of Venafi CT log server (ctlog-gen2.api.venafi.com)}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/zupHFW6JhiE/rKdB4eKpCwAJ},
urldate = {2019-01-30},
year = {2018}
}
@misc{OBrien2018a,
author = {O'Brien, Devon},
booktitle = {Chromium Bug Tracker},
title = {{Comment on “Issue 801624: DigiCert High Performance Log 2”}},
url = {https://crbug.com/801624{\#}c19},
urldate = {2019-01-30},
year = {2018}
}
@misc{Ayer2018,
author = {Ayer, Andrew},
booktitle = {Certificate Transparency Policy},
title = {{Comment on “Technical Enforcement of Certificate Expiry Range”}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/FNj7S4mbmi0/zLpA1C01AQAJ},
urldate = {2019-01-30},
year = {2018}
}
@misc{Ayer2018a,
author = {Ayer, Andrew},
booktitle = {Andrew's Blog},
title = {{These Three Companies Are Doing the Internet a Solid By Running Certificate Transparency Logs}},
url = {https://www.agwa.name/blog/post/these{\_}three{\_}companies{\_}are{\_}doing{\_}the{\_}internet{\_}a{\_}solid},
urldate = {2019-01-30},
year = {2018}
}
@misc{Bowen2018,
author = {Bowen, Peter},
booktitle = {Certificate Transparency Policy},
title = {{Comment on “Some question on the policy”}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/I07{\_}gHba6wQ/KVLSDtmgAQAJ},
urldate = {2019-01-30},
year = {2018}
}
@misc{CTEcosystem,
author = {{SSL Mate Cert Spotter}},
title = {{Certificate Transparency Ecosystem}},
url = {https://sslmate.com/labs/ct{\_}ecosystem/ecosystem.html},
urldate = {2019-01-30}
}
@misc{Martin21122018,
author = {Martin2112},
title = {{C++ Log Server Deprecation Notice}},
url = {https://github.com/google/certificate-transparency/blob/master/DEPRECATED.md},
urldate = {2019-01-30},
year = {2018}
}
@misc{Aas2015,
author = {Aas, Josh},
booktitle = {Let's Encrypt Blog},
title = {{Why ninety-day lifetimes for certificates?}},
url = {https://letsencrypt.org/2015/11/09/why-90-days.html},
urldate = {2019-01-30},
year = {2015}
}
@misc{GoogleSuperDuper,
author = {Google},
title = {{certificate-transparency: Auditing for TLS certificates}},
url = {https://github.com/google/certificate-transparency},
urldate = {2019-01-30}
}
@misc{Hoffman-Andrews2018,
author = {Hoffman-Andrews, Jacob},
booktitle = {Let's Encrypt API Announcements},
title = {{Signed Certificate Timestamps embedded in certificates}},
url = {https://community.letsencrypt.org/t/signed-certificate-timestamps-embedded-in-certificates/57187},
urldate = {2019-01-30},
year = {2018}
}
@misc{MerkleTown,
author = {Cloudflare},
title = {{Merkle Town}},
url = {https://ct.cloudflare.com},
urldate = {2019-01-30}
}
@misc{LogGrowth,
author = {{SSL Mate Cert Spotter}},
title = {{Certificate Transparency Log Growth}},
url = {https://sslmate.com/labs/ct{\_}growth/},
urldate = {2019-01-30}
}
@misc{McMillion2018,
author = {McMillion, Brendan},
booktitle = {Certificate Transparency Policy},
title = {{Un-incorporated SCTs from CNNIC}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/52uigUBvXfQ/dyoW-Fd3CQAJ},
urldate = {2019-01-30},
year = {2018}
}
@misc{EdgecombeCNNIC,
author = {Edgecombe, Graham},
title = {{Certificate Transparency Monitor / CNNIC}},
url = {https://ct.grahamedgecombe.com/logs/16},
urldate = {2019-01-30}
}
@misc{CTPolicy,
title = {{Certificate Transparency Policy}},
url = {https://groups.google.com/a/chromium.org/forum/{\#}!forum/ct-policy},
urldate = {2019-01-30}
}
@misc{AppleCTLogList,
author = {Apple},
title = {{Apple's Trusted CT Log List}},
url = {https://valid.apple.com/ct/log{\_}list/current{\_}log{\_}list.json},
urldate = {2019-01-30}
}
@misc{GoogleCTLogList,
author = {Google},
title = {{Google's Trusted CT Log List}},
url = {https://www.gstatic.com/ct/log{\_}list/log{\_}list.json},
urldate = {2019-01-30}
}
@article{Bloom1970,
address = {New York, NY, USA},
author = {Bloom, Burton H},
doi = {10.1145/362686.362692},
issn = {0001-0782},
journal = {Commun. ACM},
keywords = {hash addressing,hash coding,retrieval efficiency,retrieval trade-offs,scatter storage,searching,storage efficiency,storage layout},
month = {jul},
number = {7},
pages = {422--426},
publisher = {ACM},
title = {{Space/Time Trade-offs in Hash Coding with Allowable Errors}},
url = {http://doi.acm.org/10.1145/362686.362692},
volume = {13},
year = {1970}
}
@misc{Belvin2018,
author = {Belvin, Gary},
booktitle = {Certificate Transparency Policy},
title = {{Comment on “Temporary outage of Google CT Logs”}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/fJwd8x7LFlA/hct3mVI1DwAJ},
urldate = {2019-01-30},
year = {2018}
}
@misc{CloudflareNimbus2017,
booktitle = {Chromium Bug Tracker},
title = {{Issue 780653: Certificate Transparency - Cloudflare "nimbus2017" Log Server Inclusion Request}},
url = {https://crbug.com/780653},
urldate = {2019-01-30},
year = {2017}
}
@misc{OBrien2018b,
author = {O'Brien, Devon},
booktitle = {Certificate Transparency Policy},
title = {{Deprecating a CT Log implementation}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/5lD4ppVZLLY/QIF-EIcmDAAJ},
urldate = {2019-01-30},
year = {2018}
}
@misc{GoogleTrillian,
author = {Google},
title = {{Trillian: General Transparency}},
url = {https://github.com/google/trillian},
urldate = {2019-01-30}
}
@misc{CNNIC2016,
author = {CNNIC},
booktitle = {Chromium Bug Tracker},
title = {{Issue 583208: CNNIC CT server inclusion request.}},
url = {https://crbug.com/583208},
urldate = {2019-01-30},
year = {2016}
}
@misc{Smith2017,
author = {Smith, Martin},
booktitle = {Chromium Bug Tracker},
title = {{Issue 756813: Certificate Transparency - Google "argon2017" Log Server Inclusion Request}},
url = {https://crbug.com/756813},
urldate = {2019-01-30},
year = {2017}
}
@misc{Hadfield2018,
author = {Hadfield, Paul},
booktitle = {Chromium Bug Tracker},
title = {{Comment on “Issue 833350: Certificate Transparency - Google ‘xenon20XX' Log Server Inclusion Requests”}},
url = {https://crbug.com/833350{\#}c6},
urldate = {2019-01-30},
year = {2018}
}
@misc{OBrien2018,
author = {O'Brien, Devon},
booktitle = {Certificate Transparency Policy},
title = {{Comment on “Operating Redundant CT Logs”}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/UxHHWGjrr3k/aVSGrm6bBgAJ},
urldate = {2019-01-30},
year = {2018}
}
@techreport{Messeri2017,
author = {Messeri, Eran},
file = {:Users/tilman/Documents/Mendeley Desktop/Messeri - 2017 - Privacy implications of Certificate Transparency's DNS-based protocol.pdf:pdf},
institution = {Google},
title = {{Privacy implications of Certificate Transparency's DNS-based protocol}},
url = {https://docs.google.com/document/d/1DY2OsrSJDzlRHY68EX1OwQ3sBIbvMrapQxvANrOE8zM/edit},
year = {2017}
}
@misc{Huang2018,
author = {Huang, David and Niemczura, Bartosz and Xu, Amy},
institution = {Facebook Inc.},
title = {{Detecting phishing domains using Certificate Transparency}},
url = {https://www.facebook.com/notes/protect-the-graph/detecting-phishing-domains-using-certificate-transparency/2037453483161459/},
urldate = {2019-01-30},
year = {2018}
}
@misc{Sleevi2016,
author = {Sleevi, Ryan},
booktitle = {mozilla.dev.security.policy},
title = {{Comment on “Mozilla CT Policy”}},
url = {https://groups.google.com/d/msg/mozilla.dev.security.policy/VJYX1Wnnhiw/ecenP98wBgAJ},
urldate = {2019-01-30},
year = {2016}
}
@article{RFC6962,
author = {Laurie, B. and Langley, A. and Kasper, E.},
institution = {Internet Engineering Task Force},
journal = {IETF RFC},
title = {{RFC6962: Certificate Transparency}},
year = {2013}
}
@misc{MozillaCTPolicyDiscussion,
booktitle = {mozilla.dev.security.policy},
title = {{Mozilla CT Policy}},
url = {https://groups.google.com/d/topic/mozilla.dev.security.policy/VJYX1Wnnhiw/discussion},
urldate = {2019-01-30},
year = {2016}
}
@misc{Topletz2017,
author = {Topletz, Steve},
booktitle = {Certificate Transparency Policy},
title = {{Comment on “Venafi has produced inconsistent STHs”}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/ohtZ64gLN3I/namq{\_}NDmAQAJ},
urldate = {2019-01-30},
year = {2017}
}
@misc{MozillaCTPolicy,
author = {Mozilla},
title = {{Mozilla CT Policy – Draft 0.1.0}},
url = {https://docs.google.com/document/d/1rnqYYwscAx8WhS-MCdTiNzYQus9e37HuVyafQvEeNro/edit{\#}},
urldate = {2019-01-30}
}
@misc{BugzillaCTPref,
author = {Lequertier, Vincent},
title = {{Bug 1313511: Certificate Transparency UI for network monitor security tab}},
url = {https://bugzilla.mozilla.org/show{\_}bug.cgi?id=1313511{\#}c6},
urldate = {2019-01-30},
year = {2018}
}
@inproceedings{Gasser2018,
author = {Gasser, Oliver and Hof, Benjamin and Helm, Max and Korczynski, Maciej and Holz, Ralph and Carle, Georg},
booktitle = {Passive and Active Measurement. PAM 2018. Lecture Notes in Computer Science},
doi = {10.1007/978-3-319-76481-8},
editor = {Beverly, R. and Smaragdakis, G. and Feldmann, A.},
file = {:Users/tilman/Documents/Mendeley Desktop/Gasser et al. - 2018 - In Log We Trust Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements.pdf:pdf},
isbn = {9783319764818},
keywords = {Baseline Requirements,Certificate Transparency,TLS,baseline requirements,certificate transparency,tls},
pages = {173--185},
publisher = {Springer, Cham},
title = {{In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements}},
url = {http://dx.doi.org/10.1007/978-3-319-76481-8{\_}13},
volume = {10771},
year = {2018}
}
@misc{MozillaWikiCT,
author = {Barnes, Richard and van Kesteren, Anne},
institution = {Mozilla},
title = {{Mozilla Wiki: PKI:CT}},
url = {https://wiki.mozilla.org/PKI:CT},
urldate = {2019-01-30},
year = {2014}
}
@inproceedings{Scheitle2018,
abstract = {In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen exponential growth. Website support for CT has also constantly increased, with now 33{\%} of established connections supporting CT. With the increasing deployment of CT, there are also concerns of information leakage due to all certificates being visible in CT logs. To understand this threat, we introduce a CT honeypot and show that data from CT logs is being used to identify targets for scanning campaigns only minutes after certificate issuance. We present and evaluate a methodology to learn and validate new subdomains from the vast number of domains extracted from CT logged certificates.},
archivePrefix = {arXiv},
arxivId = {1809.08325},
author = {Scheitle, Quirin and Gasser, Oliver and Nolte, Theodor and Amann, Johanna and Brent, Lexi and Carle, Georg and Holz, Ralph and Schmidt, Thomas C. and W{\"{a}}hlisch, Matthias},
booktitle = {ACMSIGCOMM Internet Measurement Conference},
doi = {10.1145/3278532.3278562},
eprint = {1809.08325},
file = {:Users/tilman/Documents/Mendeley Desktop/Scheitle et al. - 2018 - The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem.pdf:pdf},
isbn = {9781450356190},
keywords = {acm reference format,certificate transparency,honeypot,johanna amann,lexi brent,oliver gasser,phishing,quirin scheitle,theodor nolte},
title = {{The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem}},
url = {http://arxiv.org/abs/1809.08325{\%}0Ahttp://dx.doi.org/10.1145/3278532.3278562},
year = {2018}
}
@misc{ChromeCTLog,
author = {Sleevi, Ryan and O'Brien, Devon},
institution = {Google LLC},
title = {{Certificate Transparency Log Policy}},
url = {https://github.com/chromium/ct-policy/blob/master/log{\_}policy.md},
urldate = {2019-01-30},
year = {2017}
}
@misc{AppleCTLog,
author = {Apple},
institution = {Apple Inc.},
title = {{Apple's Certificate Transparency log program}},
url = {https://support.apple.com/en-us/HT209255},
urldate = {2019-01-30}
}
@misc{ChromeCTPolicy,
author = {Sleevi, Ryan},
institution = {Google LLC},
title = {{Certificate Transparency in Chrome}},
url = {https://github.com/chromium/ct-policy/blob/master/ct{\_}policy.md},
urldate = {2019-01-30},
year = {2018}
}
@misc{AppleCTPolicy,
author = {Apple},
institution = {Apple Inc.},
title = {{Apple's Certificate Transparency policy}},
url = {https://support.apple.com/en-us/HT205280},
urldate = {2019-01-30}
}
@techreport{Simari2002,
abstract = {It is a common weakness among traditional communication protocols to be vulnerable to impersonation attacks. Every time this sort of protocol is executed, the system degradates because of the threat of an eavesdropper listening in on the communication. Zero Knowl-edge Protocols, presented by Goldwasser, Micali, and Rackoff, are an improvement on these situations. The objective is to obtain a system in which it is possible for a prover to convince a verifier of his knowledge of a certain secret without disclosing any information except the validity of his claim. This article will cover the basics of zero knowledge systems, explaining the main properties and characteristics. A series of examples, in growing level of difficulty, will also be presented, to see the main areas of application of such protocols.},
author = {Simari, Gerardo I},
file = {:Users/tilman/Documents/Mendeley Desktop/Simari - 2002 - A Primer on Zero Knowledge Protocols.pdf:pdf},
institution = {Universidad Nacional del Sur},
pages = {1--12},
title = {{A Primer on Zero Knowledge Protocols}},
url = {http://www.cs.ox.ac.uk/people/gerardo.simari/personal/publications/zkp-simari2002.pdf},
year = {2002}
}
@article{RFC6125,
author = {Saint-Andre, P. and Hodges, J.},
institution = {Internet Engineering Task Force},
journal = {IETF RFC},
title = {{RFC6125: Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)}},
url = {https://tools.ietf.org/html/rfc6125},
year = {2011}
}
@article{Felt2017,
abstract = {HTTPS ensures that the Web has a base level of pri-vacy and integrity. Security engineers, researchers, and browser vendors have long worked to spread HTTPS to as much of the Web as possible via outreach efforts, de-veloper tools, and browser changes. How much progress have we made toward this goal of widespread HTTPS adoption? We gather metrics to benchmark the status and progress of HTTPS adoption on the Web in 2017. To evaluate HTTPS adoption from a user perspective, we collect large-scale, aggregate user metrics from two major browsers (Google Chrome and Mozilla Firefox). To measure HTTPS adoption from a Web developer per-spective, we survey server support for HTTPS among top and long-tail websites. We draw on these metrics to gain insight into the current state of the HTTPS ecosystem.},
author = {Felt, Adrienne Porter and Barnes, Richard and King, April and Palmer, Chris and Bentzel, Chris and Tabriz, Parisa and {Porter Felt}, Adrienne and Barnes, Richard and King, April and Palmer, Chris and Bentzel, Chris and Tabriz, Parisa},
doi = {10.1249/01.MSS.0000078924.61453.FB},
file = {:Users/tilman/Documents/Mendeley Desktop/Felt et al. - 2017 - Measuring HTTPS adoption on the web.pdf:pdf},
isbn = {978-1-931971-40-9},
issn = {0195-9131},
journal = {26th USENIX Security Symposium},
pages = {1323--1338},
title = {{Measuring HTTPS adoption on the web}},
url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/felt},
year = {2017}
}
@misc{GoogleHTTPS,
author = {Google},
title = {{Transparency Report: HTTPS encryption on the web}},
url = {https://transparencyreport.google.com/https/overview?hl=en},
urldate = {2019-01-30}
}
@article{IETFRedaction,
author = {Stradling, R. and Messeri, E.},
institution = {Internet Engineering Task Force},
journal = {IETF Draft},
title = {{Certificate Transparency: Domain Label Redaction}},
url = {https://tools.ietf.org/html/draft-strad-trans-redaction-01},
year = {2017}
}
@article{Meulen2013,
author = {Meulen, Nicole Van Der},
file = {:Users/tilman/Documents/Mendeley Desktop/Meulen - 2013 - DigiNotar Dissecting the First Dutch Digital Disaster.pdf:pdf},
journal = {Journal of Strategic Security Article},
keywords = {badpki},
mendeley-tags = {badpki},
number = {2},
pages = {46--58},
title = {{DigiNotar: Dissecting the First Dutch Digital Disaster}},
volume = {6},
year = {2013}
}
@article{RFC8446,
author = {Rescorla, E.},
institution = {Internet Engineering Task Force},
journal = {IETF RFC},
title = {{RFC8446: The Transport Layer Security (TLS) Protocol Version 1.3}},
url = {https://tools.ietf.org/html/rfc8446},
year = {2018}
}
@misc{MozillaCertificates,
author = {Project, Mozilla},
title = {{Mozilla Included CA Certificate List}},
url = {https://wiki.mozilla.org/CA/Included{\_}Certificates},
urldate = {2019-01-30}
}
@article{RFC6960,
author = {Santesson, S. and Myers, M. and Ankney, R. and Malpani, A. and Galperin, S. and Adams, C.},
institution = {Internet Engineering Task Force},
journal = {IETF RFC},
title = {{RFC6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP}},
url = {https://tools.ietf.org/html/rfc6960},
year = {2013}
}
@techreport{CA/BrowserForum2018,
author = {{CA/Browser Forum}},
file = {:Users/tilman/Documents/Mendeley Desktop/CABrowser Forum - 2018 - Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates.pdf:pdf},
institution = {CA/Browser Forum},
title = {{Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates}},
url = {https://cabforum.org/baseline-requirements-documents/},
year = {2018}
}
@article{IETFGossip,
author = {Nordberg, L. and Gillmor, D. and Ritter, T.},
file = {:Users/tilman/Documents/Mendeley Desktop/Nordberg, Gillmor, Ritter - 2018 - Gossiping in CT.pdf:pdf},
institution = {Internet Engineering Task Force},
journal = {IETF Draft},
keywords = {gossip},
mendeley-tags = {gossip},
title = {{Gossiping in CT}},
url = {https://tools.ietf.org/html/draft-ietf-trans-gossip-05},
year = {2018}
}
@article{Chuat2015,
abstract = {The level of trust accorded to certification author-ities has been decreasing over the last few years as several cases of misbehavior and compromise have been observed. Log-based approaches, such as Certificate Transparency, ensure that fraudulent TLS certificates become publicly visible. However, a key element that log-based approaches still lack is a way for clients to verify that the log behaves in a consistent and honest manner. This task is challenging due to privacy, efficiency, and deployability reasons. In this paper, we propose the first (to the best of our knowledge) gossip protocols that enable the detection of log inconsistencies. We analyze these protocols and present the results of a simulation based on real Internet traffic traces. We also give a deployment plan, discuss technical issues, and present an implementation.},
archivePrefix = {arXiv},
arxivId = {1511.01514},
author = {Chuat, Laurent and Szalachowski, Pawel and Perrig, Adrian and Laurie, Ben and Messeri, Eran},
doi = {10.1109/CNS.2015.7346853},
eprint = {1511.01514},
file = {:Users/tilman/Documents/Mendeley Desktop/Chuat et al. - 2015 - Efficient gossip protocols for verifying the consistency of Certificate logs.pdf:pdf},
isbn = {9781467378765},
journal = {2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015},
keywords = {gossip},
mendeley-tags = {gossip},
pages = {415--423},
title = {{Efficient gossip protocols for verifying the consistency of Certificate logs}},
year = {2015}
}
@article{Eskandarian2017,
abstract = {Certificate transparency (CT) is an elegant mechanism designed to detect when a certificate authority (CA) has issued a certificate incorrectly. Many CAs now support CT and it is being actively deployed in browsers. However, a number of privacy-related challenges remain. In this paper we propose practical solutions to two issues. First, we develop a mechanism that enables web browsers to audit a CT log without violating user privacy. Second, we extend CT to support non-public subdomains.},
author = {Eskandarian, Saba and Messeri, Eran and Bonneau, Joseph and Boneh, Dan},
doi = {10.1515/popets-2017-0052},
file = {:Users/tilman/Documents/Mendeley Desktop/Eskandarian et al. - 2017 - Certificate Transparency with Privacy.pdf:pdf},
issn = {2299-0984},
journal = {Proceedings on Privacy Enhancing Technologies},
keywords = {privacy},
mendeley-tags = {privacy},
month = {oct},
number = {4},
pages = {329--344},
title = {{Certificate Transparency with Privacy}},
url = {http://content.sciendo.com/view/journals/popets/2017/4/article-p329.xml},
volume = {2017},
year = {2017}
}
@article{Laurie2014,
author = {Laurie, Ben},
file = {:Users/tilman/Documents/Mendeley Desktop/Laurie - 2014 - Certificate Transparency.pdf:pdf},
journal = {ACM Queue},
keywords = {system model},
mendeley-tags = {system model},
number = {8},
title = {{Certificate Transparency}},
volume = {12},
year = {2014}
}