-
Notifications
You must be signed in to change notification settings - Fork 0
/
My Collection.bib
1417 lines (1417 loc) · 105 KB
/
My Collection.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
@misc{Langley2014,
author = {Langley, Adam},
booktitle = {Imperial Violet},
title = {{No, don't enable revocation checking}},
url = {https://www.imperialviolet.org/2014/04/19/revchecking.html},
urldate = {2020-01-20},
year = {2014}
}
@phdthesis{Merkle1979,
author = {Merkle, Ralph Charles},
file = {:Users/tilman/Documents/Mendeley Desktop/Merkle - 1979 - Secrecy, Authentication, and Public Key Systems.pdf:pdf},
school = {Stanford University},
title = {{Secrecy, Authentication, and Public Key Systems}},
type = {Ph.D},
year = {1979}
}
@misc{Vaughan-Nichols2015,
author = {Vaughan-Nichols, Steven J.},
booktitle = {ZDNet},
title = {{Securing the web once and for all: The Let's Encrypt Project}},
url = {https://www.zdnet.com/article/securing-the-web-once-and-for-all-the-open-encryption-project/},
urldate = {2020-01-12},
year = {2015}
}
@article{RFC6844,
author = {Hallam-Baker, P. and Stradling, R.},
journal = {IETF RFC},
title = {{RFC6844: NS Certification Authority Authorization (CAA) Resource Record}},
url = {https://tools.ietf.org/html/rfc6844},
year = {2013}
}
@misc{Eckersley2011,
author = {Eckersley, Peter},
booktitle = {Electronic Frontier Foundation Deeplinks Blog},
title = {{How secure is HTTPS today? How often is it attacked?}},
url = {https://www.eff.org/deeplinks/2011/10/how-secure-https-today},
urldate = {2020-01-10},
year = {2011}
}
@inproceedings{Sunshine2009,
abstract = {Web users are shown an invalid certificate warning when their browser cannot validate the identity of the websites they are visiting. While these warn- ings often appear in benign situations, they can also signal a man-in-the-middle attack. We conducted a survey of over 400 Internet users to examine their reactions to and understanding of current SSL warn- ings. We then designed two new warnings using warn- ings science principles and lessons learned from the survey. We evaluated warnings used in three pop- ular web browsers and our two warnings in a 100- participant, between-subjects laboratory study. Our warnings performed significantly better than exist- ing warnings, but far too many participants exhibited dangerous behavior in all warning conditions. Our re- sults suggest that, while warnings can be improved, a better approach may be to minimize the use of SSL warnings altogether by blocking users from making unsafe connections and eliminating warnings in be- nign situations.},
address = {Montreal, Canada},
author = {Sunshine, Joshua and Egelman, Serge and Almuhimedi, Hazim and Atri, Neha and Cranor, Lorrie Faith},
booktitle = {18th USENIX Security Symposium},
file = {:Users/tilman/Documents/Mendeley Desktop/Sunshine et al. - 2009 - Crying Wolf An Empirical Study of SSL Warning Effectiveness Joshua.pdf:pdf},
pages = {399--416},
title = {{Crying Wolf: An Empirical Study of SSL Warning Effectiveness Joshua}},
year = {2009}
}
@inproceedings{Zimmermann2017,
abstract = {The simplicity of HTTP made it the default building block for desktop and mobile apps, yet it suffers from inherent inefficiencies in the modern web. HTTP/2 was designed to address these inefficiencies and its adoption remarks a major protocol shift in the Internet. Despite this relevance, its Internet-wide adoption remains unknown. Especially, the adoption and use of server push - advertised as a key feature to further reduce page load times - is completely unexplored. To answer both questions, we provide large-scale measurements of the HTTP/2 adoption and usage of server push in the wild, probing the entire IPv4 address space and the complete set of.com/.net/.org domains. We find 5.38M HTTP/2 enabled domains hosted by only few infrastructures driving this adoption. While we find the overall HTTP/2 adoption to increase, only few hundred domains utilize server push. We examine pushed content, push strategies and identify the use of currently undocumented push strategies. Moreover, we discover large sources of overheads through server push for reoccurring page visits. By measuring page load times, we show that while push can speed up webpages, it also can slow them down - motivating the need for optimized push strategies.},
author = {Zimmermann, Torsten and Ruth, Jan and Wolters, Benedikt and Hohlfeld, Oliver},
booktitle = {2017 IFIP Networking Conference, IFIP Networking 2017 and Workshops},
doi = {10.23919/IFIPNetworking.2017.8264830},
file = {:Users/tilman/Documents/Mendeley Desktop/Zimmermann et al. - 2017 - How HTTP2 pushes the web An empirical study of HTTP2 server push.pdf:pdf},
isbn = {9783901882944},
title = {{How HTTP/2 pushes the web: An empirical study of HTTP/2 server push}},
year = {2017}
}
@article{VanGoethem2014,
abstract = {As the web expands in size and adoption, so does the interest of attackers who seek to exploit web applications and exfiltrate user data. While there is a steady stream of news regarding major breaches and millions of user credentials compromised, it is logical to assume that, over time, the applications of the bigger players of the web are becoming more secure. However, as these applications become resistant to most prevalent attacks, adversaries may be tempted to move to easier, unprotected targets which still hold sensitive user data. In this paper, we report on the state of security for more than 22,000 websites that originate in 28 EU countries. We first explore the adoption of countermeasures that can be used to defend against common attacks and serve as indicators of "security consciousness". Moreover, we search for the presence of common vulnerabilities and weaknesses and, together with the adoption of defense mechanisms, use our findings to estimate the overall security of these websites. Among other results, we show how a website's popularity relates to the adoption of security defenses and we report on the discovery of three, previously unreported, attack variations that attackers could have used to attack millions of users. {\textcopyright} 2014 Springer International Publishing.},
author = {{Van Goethem}, Tom and Chen, Ping and Nikiforakis, Nick and Desmet, Lieven and Joosen, Wouter},
doi = {10.1007/978-3-319-08593-7_8},
file = {:Users/tilman/Documents/Mendeley Desktop/Van Goethem et al. - 2014 - Large-scale security analysis of the web Challenges and findings.pdf:pdf},
isbn = {9783319085920},
issn = {16113349},
journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
pages = {110--126},
title = {{Large-scale security analysis of the web: Challenges and findings}},
volume = {8564 LNCS},
year = {2014}
}
@misc{Wagner,
author = {Wagner, Jeremy},
booktitle = {Google Web Fundamentals},
title = {{Why Performance Matters}},
url = {https://developers.google.com/web/fundamentals/performance/why-performance-matters},
urldate = {2020-01-05}
}
@misc{StatCounter2019,
author = {StatCounter},
title = {{Browser Market Share Worldwide - December 2019}},
url = {https://gs.statcounter.com/browser-market-share{\#}monthly-201812-201912},
urldate = {2020-01-03},
year = {2019}
}
@article{Bocchi2016,
abstract = {Measuring quality of Web users experience (WebQoE) faces the following trade-off. On the one hand, current practice is to resort to metrics, such as the document completion time (onLoad), that are simple to measure though knowingly inaccurate. On the other hand, there are metrics, like Google's SpeedIndex, that are better correlated with the actual user experience, but are quite complex to evaluate and, as such, relegated to lab experiments. In this paper, we first provide a comprehensive state of the art on the metrics and tools available for WebQoE assessment. We then apply these metrics to a representative dataset (the Alexa top-100 webpages) to better illustrate their similarities, differences, advantages, and limitations. We next introduce novel metrics, inspired by Google's SpeedIndex, that offer significant advantages in terms of computational complexity, while maintaining a high correlation with the SpeedIndex. These properties make our proposed metrics highly relevant and of practical use.},
author = {Bocchi, Enrico and {De Cicco}, Luca and Rossi, Dario},
doi = {10.1145/3027947.3027949},
file = {:Users/tilman/Documents/Mendeley Desktop/Bocchi, De Cicco, Rossi - 2016 - Measuring the quality of experience of web users.pdf:pdf},
issn = {19435819},
journal = {Computer Communication Review},
keywords = {Above-the-fold,ByteIndex,DOM,MOS,ObjectIndex,OnLoad,Quality of experience,SpeedIndex,TTFB,TTFP,Web},
number = {4},
pages = {8--13},
title = {{Measuring the quality of experience of web users}},
volume = {46},
year = {2016}
}
@techreport{GomezInc2011,
abstract = {When you're doing business on the Web, every second counts More than ever, your Website's performance matters. The average online shopper expects your pages to load in two seconds or less, down from four seconds in 2006; after three seconds, up to 40{\%} will abandon your site. i And performance pressure just keeps growing. To drive more sales and boost brand image, today's Websites are increasingly dependent on sophisticated technologies such as shopping tools, interactive games, and videos that attract attention, hold interest or move visitors toward your virtual shopping cart. But if the technology behind the marketing vision for your Website creates delays or fails to work properly, watch out — your visitors may quickly abandon your site and run to the competition. Gomez' own studies reveal that lack of visitor loyalty. By analyzing page abandonment data across more than 150 websites and 150 million page views, Gomez found that an increase in page response time from 2 to10 seconds increased page abandonment rates by 38{\%}. ii Page Response Time Drives An Increase In Page Abandonment The causes of Web dysfunction may be complex, but the lesson is simple: so-called " IT " issues that slow down your site can impact revenue, customer satisfaction and your brand — if they're not identified, monitored and resolved. In the remainder of this white paper, you'll learn about the direct impact Web performance has on business results. And discover powerful tools for driving the superior customer expe-rience — and business revenues — you demand from your Website.},
author = {{Gomez Inc}},
file = {:Users/tilman/Documents/Mendeley Desktop/Gomez Inc - 2010 - Why Web Performance Matters Is Your Site Driving Customers Away.pdf:pdf},
title = {{Why Web Performance Matters: Is Your Site Driving Customers Away?}},
url = {http://www.mcrinc.com/Documents/Newsletters/201110{\_}why{\_}web{\_}performance{\_}matters.pdf},
year = {2010}
}
@article{Housley2017,
author = {Housley, R. and O'Donoghue, K.},
journal = {IETF Draft},
title = {{Improving the Public Key Infrastructure (PKI) for the World Wide Web}},
url = {https://tools.ietf.org/html/draft-iab-web-pki-problems-05},
year = {2017}
}
@article{Dahlberg2018a,
abstract = {Trust in publicly verifiable Certificate Transparency (CT) logs is reduced through cryptography, gossip, auditing, and monitoring. The role of a monitor is to observe each and every log entry, looking for suspicious certificates that interest the entity running the monitor. While anyone can run a monitor, it requires continuous operation and copies of the logs to be inspected. This has lead to the emergence of monitoring as-a-service: a trusted third-party runs the monitor and provides registered subjects with selective certificate notifications. We present a CT/bis extension for verifiable light-weight monitoring that enables subjects to verify the correctness of such certificate notifications, making it easier to distribute and reduce the trust which is otherwise placed in these monitors. Our extension supports verifiable monitoring of wild-card domains and piggybacks on CT's existing gossip-audit security model.},
archivePrefix = {arXiv},
arxivId = {1711.03952},
author = {Dahlberg, Rasmus and Pulls, Tobias},
doi = {10.1007/978-3-030-03638-6_11},
eprint = {1711.03952},
file = {:Users/tilman/Documents/Mendeley Desktop/Dahlberg, Pulls - 2018 - Verifiable Light-Weight Monitoring for Certificate Transparency Logs.pdf:pdf},
isbn = {9783030036379},
issn = {16113349},
journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
keywords = {Certificate Transparency,Monitoring,Security protocols},
pages = {171--183},
title = {{Verifiable Light-Weight Monitoring for Certificate Transparency Logs}},
volume = {11252 LNCS},
year = {2018}
}
@article{D.a2013,
abstract = {When browsers report TLS errors, they cannot distinguish between attacks and harmless server misconfigurations; hence they leave it to the user to decide whether continuing is safe. However, actual attacks remain rare. As a result, users quickly become used to "false positives" that deplete their attention span, making it unlikely that they will pay sufficient scrutiny when a real attack comes along. Consequently, browser vendors should aim to minimize the number of low-risk warnings they report. To guide that process, we perform a large-scale measurement study of common TLS warnings. Using a set of passive network monitors located at different sites, we identify the prevalence of warnings for a total population of about 300,000 users over a nine-month period. We identify low-risk scenarios that consume a large chunk of the user attention budget and make concrete recommendations to browser vendors that will help maintain user attention in high-risk situations. We study the impact on end users with a data set much larger in scale than the data sets used in previous TLS measurement studies. A key novelty of our approach involves the use of internal browser code instead of generic TLS libraries for analysis, providing more accurate and representative results. Copyright is held by the International World Wide Web Conference Committee (IW3C2).},
author = {Akhawe, Devdatta and Amann, Bernhard and Vallentin, Matthias and Sommer, Robin},
doi = {10.1145/2488388.2488395},
file = {:Users/tilman/Documents/Mendeley Desktop/Akhawe et al. - 2013 - Here's my cert, so trust me, maybe Understanding TLS errors on the web.pdf:pdf},
isbn = {9781450320351},
journal = {WWW 2013 - Proceedings of the 22nd International Conference on World Wide Web},
keywords = {tls,usability,warnings},
pages = {59--69},
title = {{Here's my cert, so trust me, maybe? Understanding TLS errors on the web}},
url = {http://www.scopus.com/inward/record.url?eid=2-s2.0-84890107028{\&}partnerID=40{\&}md5=615fb7713bc0edb3860e6ff04680c486},
year = {2013}
}
@article{Oppliger2014,
abstract = {Several recent attacks against certification authorities (CAs) and fraudulently issued certificates have put the security and usefulness of the Internet public-key infrastructure (PKI) at stake. In this article, the author argues that such attacks are likely to occur repeatedly and that respective countermeasures must be designed, implemented, and put in place. In particular, he discusses two problem areas in which countermeasures are needed: certificate revocation and certificate authorization. Both areas are related and can be subsumed under the term 'certificate legitimation." The author introduces the notion of certificate legitimation, discusses some recent proposals, and outlines new areas of research and development. {\textcopyright} 2014 IEEE.},
author = {Oppliger, Rolf},
doi = {10.1109/MIC.2013.5},
file = {:Users/tilman/Documents/Mendeley Desktop/Oppliger - 2014 - Certification authorities under attack A plea for certificate legitimation.pdf:pdf},
issn = {10897801},
journal = {IEEE Internet Computing},
keywords = {Internet security,SSL,TLS,certificate authorization,certificate legitimation,certificate revocation,man-in-the-middle attack,public-key certificates,public-key infrastructure},
number = {1},
pages = {40--47},
publisher = {IEEE},
title = {{Certification authorities under attack: A plea for certificate legitimation}},
volume = {18},
year = {2014}
}
@inproceedings{Maurer1996,
address = {London},
author = {Maurer, Ueli},
booktitle = {Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security},
file = {:Users/tilman/Documents/Mendeley Desktop/Maurer - 1996 - Modelling a Public-Key Infrastructure.pdf:pdf},
keywords = {probablistic},
mendeley-tags = {probablistic},
pages = {325----350},
publisher = {Springer},
title = {{Modelling a Public-Key Infrastructure}},
year = {1996}
}
@techreport{Karl2003,
author = {Karl, Gareth},
file = {:Users/tilman/Documents/Mendeley Desktop/Karl - 2003 - A Probablistic Trust Model.pdf:pdf},
keywords = {probablistic},
mendeley-tags = {probablistic},
title = {{A Probablistic Trust Model}},
year = {2003}
}
@techreport{Guhring2006,
abstract = {A new threat is emerging that attacks browsers by means of trojan horses. The new breed of new trojan horses can modify the transactions on-the-fly, as they are formed in in browsers, and still display the user's intended transaction to her. Structurally they are a man-in-the-middle attack between the the user and the security mechanisms of the browser. Distinct from Phishing attacks which rely upon similar but fraudulent websites, these new attacks cannot be detected by the user at all, as they are use real services, the user is correctly logged-in as normal, and there is no difference to be seen.},
author = {G{\"{u}}hring, P.},
file = {:Users/tilman/Documents/Mendeley Desktop/G{\"{u}}hring - 2006 - Concepts against man-in-the-browser attacks.pdf:pdf},
title = {{Concepts against man-in-the-browser attacks}},
url = {http://www.futureware.at/svn/sourcerer/CAcert/SecureClient.pdf},
year = {2006}
}
@article{Bellovin1989,
abstract = {ABSTI)gACT The TCP/IP protocol suite, which is very widely useJ today, was developed under {\~{}}e sponsorship of the Department of Defense. Despite that, there are a number of serious secmqty flaws inherent in the protocols, mgardless of the correctness of any implementations. We describe a variety of attacks b{\~{}}sed on these flaws, including sequence number spoofing, routing arracks, source address spoofing, mad authentication attacks. We also present defenses against these attacks, and conclude with a discussion of broad-spectrum defe.nses such as encry?rion.},
author = {Bellovin, S. M.},
doi = {10.1145/378444.378449},
file = {:Users/tilman/Documents/Mendeley Desktop/Bellovin - 1989 - Security problems in the TCPIP protocol suite.pdf:pdf},
issn = {01464833},
journal = {ACM SIGCOMM Computer Communication Review},
number = {2},
pages = {32--48},
title = {{Security problems in the TCP/IP protocol suite}},
volume = {19},
year = {1989}
}
@article{Son2010,
abstract = {DNS cache poisoning is a serious threat to today's Internet. We develop a formal model of the semantics of DNS caches, including the bailiwick rule and trust-level logic, and use it to systematically investigate different types of cache poisoning and to generate templates for attack payloads. We explain the impact of the attacks on DNS resolvers such as BIND, MaraDNS, and Unbound and their implications for several defenses against DNS cache poisoning.{\textcopyright} Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering 2010.},
author = {Son, Sooel and Shmatikov, Vitaly},
doi = {10.1007/978-3-642-16161-2_27},
file = {:Users/tilman/Documents/Mendeley Desktop/Son, Shmatikov - 2010 - The hitchhiker's guide to DNS cache poisoning.pdf:pdf},
isbn = {364216160X},
issn = {18678211},
journal = {Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering},
keywords = {Cache poisoning,DNS,Formal model},
pages = {466--483},
title = {{The hitchhiker's guide to DNS cache poisoning}},
volume = {50 LNICST},
year = {2010}
}
@article{Gavrichenkov2015,
author = {Gavrichenkov, Artyom},
file = {:Users/tilman/Documents/Mendeley Desktop/Gavrichenkov - 2015 - Breaking HTTPS With BGP Hijacking.pdf:pdf},
journal = {Black Hat},
title = {{Breaking HTTPS With BGP Hijacking}},
year = {2015}
}
@inproceedings{Ramachandran2005,
abstract = {The Address Resolution Protocol (ARP) due to its statelessness and lack of an authentication mechanism for verifying the identity of the sender has a long history of being prone to spoofing attacks. ARP spoofing is sometimes the starting point for more sophisticated LAN attacks like denial of service, man in the middle and session hijacking. The current methods of detection use a passive approach, monitoring the ARP traffic and looking for inconsistencies in the Ethernet to IP address mapping. The main drawback of the passive approach is the time lag between learning and detecting spoofing. This sometimes leads to the attack being discovered long after it has been orchestrated. In this paper, we present an active technique to detect ARP spoofing. We inject ARP request and TCP SYN packets into the network to probe for inconsistencies. This technique is faster, intelligent, scalable and more reliable in detecting attacks than the passive methods. It can also additionally detect the real mapping of MAC to IP addresses to a fair degree of accuracy in the event of an actual attack. {\textcopyright} Springer-Verlag Berlin Heidolborg 2005.},
author = {Ramachandran, Vivek and Nandi, Sukumar},
booktitle = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
doi = {10.1007/11593980_18},
file = {:Users/tilman/Documents/Mendeley Desktop/Ramachandran, Nandi - 2005 - Detecting ARP spoofing An active technique.pdf:pdf},
isbn = {3540307060},
issn = {03029743},
pages = {239--250},
title = {{Detecting ARP spoofing: An active technique}},
volume = {3803 LNCS},
year = {2005}
}
@article{Hemminger2005,
abstract = {Many protocols and applications perform poorly when exposed to real life networks with delay and packet loss. Often, it is costly and difficult to reproduce Internet behavior in a controlled environment. There are tools avail- able for testing, but they are either expen- sive hardware solutions, proprietary software, or limited research projects. NetEm is a recent enhancement of the traffic control facilities of Linux that allows adding delay, packet loss and other scenario's. Documentation and discussion of NetEm is maintained at http://developer.osdl.org/ shemminger/netem. NetEm is built using the existing Quality Of Service (QOS) and Dif- ferentiated Services (diffserv) facilities in the Linux kernel.},
author = {Hemminger, Stephen},
file = {:Users/tilman/Documents/Mendeley Desktop/Hemminger - 2005 - Network Emulation with NetEm.pdf:pdf},
journal = {Proceedings of the 6th Australian National Linux Conference (LCA 2005)},
number = {April},
pages = {1--9},
title = {{Network Emulation with NetEm}},
year = {2005}
}
@techreport{Prins2011,
abstract = {The goal of this report is to share relevant information with DigiNotar$\backslash$nstakeholders (such as the Dutch $\backslash$n$\backslash$nGovernment and the Internet community), based on which they can make$\backslash$ntheir own risk analysis. $\backslash$n$\backslash$nBecause this is a public report, some investigation results and details$\backslash$ncannot be included for privacy and/$\backslash$n$\backslash$nor security reasons. $\backslash$n$\backslash$n$\backslash$nSince the investigation has been more of a fact finding mission thus$\backslash$nfar, we will not draw any conclusions$\backslash$n$\backslash$nwith regards to the network-setup and the security management system.$\backslash$nIn this report we will not give $\backslash$n$\backslash$nany advice to improve the technical infrastructure for the long term.$\backslash$nOur role is to investigate the inciden$\backslash$n$\backslash$nand give a summary of our findings until now. We leave it to the reader$\backslash$nin general and other responsible $\backslash$n$\backslash$nparties in the PKI- and internet community to draw conclusions, based$\backslash$non these findings. We make a $\backslash$n$\backslash$ngeneral reservation, as our investigations are still on going.},
address = {Delft},
author = {Prins, J.R.},
file = {:Users/tilman/Documents/Mendeley Desktop/Prins - 2011 - DigiNotar Certificate Authority breach “Operation Black Tulip”.pdf:pdf},
institution = {Fox-IT},
title = {{DigiNotar Certificate Authority breach “Operation Black Tulip”}},
year = {2011}
}
@misc{Kaya2019,
author = {Kaya, Volkan},
file = {:Users/tilman/Documents/Mendeley Desktop/Kaya - 2019 - Data Driven Public Key Ecosystem Backed by Blockchain {\&} Fault Tolerance.pdf:pdf},
institution = {LEIDEN UNIVERSITY},
keywords = {other approach,system model,transparency},
mendeley-tags = {other approach,system model,transparency},
title = {{Data Driven Public Key Ecosystem Backed by Blockchain {\&} Fault Tolerance}},
year = {2019}
}
@article{RFC2818,
author = {Rescorla, E.},
institution = {Internet Engineering Task Force},
journal = {IETF RFC},
title = {{RFC2818: HTTP Over TLS}},
url = {https://tools.ietf.org/html/rfc2818},
year = {2000}
}
@techreport{Allen2015,
address = {Vienna},
author = {Allen, Christopher and Brock, Arthur and Buterin, Vitalik and Callas, Jon and Dorje, Duke and Lundkvist, Christian and Kravchenko, Pavel and Nelson, Jude and Reed, Drummond and Sabadello, Markus and Slepak, Greg and Thorp, Noah and Wood, Harlan T},
file = {:Users/tilman/Documents/Mendeley Desktop/Allen et al. - 2015 - Decentralized Public Key Infrastructure – A White Paper from Rebooting the Web of Trust.pdf:pdf},
institution = {Danube Tech GmbH},
keywords = {other approach,transparency},
mendeley-tags = {other approach,transparency},
title = {{Decentralized Public Key Infrastructure – A White Paper from Rebooting the Web of Trust}},
url = {https://danubetech.com/download/dpki.pdf},
year = {2015}
}
@article{Oliver-Balsalobre2017,
abstract = {For cellular operators, estimating the end-user experience from network measurements is a challenging task. For video-streaming service, several analytical models have been proposed to estimate user opinion from buffering metrics. However, there remains the problem of estimating these buffering metrics from the limited set of measurements available on a per-connection basis for encrypted video services. In this paper, a system testbed is presented for automatically constructing a simple, albeit accurate, Quality-of-Experience (QoE) model for encrypted video-streaming services in a wireless network. The testbed consists of a terminal agent, a network-level emulator, and Probe software, which are used to compare end-user and network-level measurements. For illustration purposes, the testbed is used to derive the formulas to compute video performance metrics from TCP/IP metrics for encrypted YouTube traffic in a Wi-Fi network. The resulting formulas, which would be the core of a video-streaming QoE model, are also applicable to cellular networks, as the test campaign fully covers typical mobile network conditions and the formulas are partly validated in a real LTE network.},
author = {Oliver-Balsalobre, Pablo and Toril, Mat{\'{i}}as and Luna-Ram{\'{i}}rez, Salvador and {Garc{\'{i}}a Garaluz}, Rafael},
doi = {10.1186/s13638-017-0999-8},
file = {:Users/tilman/Documents/Mendeley Desktop/Oliver-Balsalobre et al. - 2017 - A system testbed for modeling encrypted video-streaming service performance indicators based on TCPIP.pdf:pdf},
issn = {16871499},
journal = {Eurasip Journal on Wireless Communications and Networking},
keywords = {Estimation,Modeling,S-KPIs,Testbed,YouTube},
number = {1},
publisher = {EURASIP Journal on Wireless Communications and Networking},
title = {{A system testbed for modeling encrypted video-streaming service performance indicators based on TCP/IP metrics}},
volume = {2017},
year = {2017}
}
@article{Clark2013,
abstract = {Internet users today depend daily on HTTPS for secure communication with sites they intend to visit. Over the years, many attacks on HTTPS and the certificate trust model it uses have been hypothesized, executed, and/or evolved. Meanwhile the number of browser-trusted (and thus, de facto, user-trusted) certificate authorities has proliferated, while the due diligence in baseline certificate issuance has declined. We survey and categorize prominent security issues with HTTPS and provide a systematic treatment of the history and on-going challenges, intending to provide context for future directions. We also provide a comparative evaluation of current proposals for enhancing the certificate infrastructure used in practice. {\textcopyright} 2013 IEEE.},
author = {Clark, Jeremy and {Van Oorschot}, Paul C.},
doi = {10.1109/SP.2013.41},
file = {:Users/tilman/Documents/Mendeley Desktop/Clark, Van Oorschot - 2013 - SoK SSL and HTTPS Revisiting past challenges and evaluating certificate trust model enhancements.pdf:pdf},
isbn = {9780769549774},
issn = {10816011},
journal = {Proceedings - IEEE Symposium on Security and Privacy},
keywords = {SSL,badpki,browser trust model,certificates,system model,usability},
mendeley-tags = {badpki,system model},
pages = {511--525},
publisher = {IEEE},
title = {{SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements}},
year = {2013}
}
@article{Kubilay2019,
abstract = {In conventional PKI, CAs are assumed to be fully trusted. However, in practice, CAs' absolute responsibility for providing trustworthiness caused major security and privacy issues. To prevent such issues, Google introduced the concept of Certificate Transparency (CT) in 2013. Later, several new PKI models are proposed to reduce the level of trust to the CAs. However, all of these proposals are still vulnerable to split-world attacks if the adversary is capable of showing different views of the log to the targeted victims. In this paper, we propose a new PKI architecture with certificate transparency based on blockchain, what we called CertLedger, to eliminate the split-world attacks and to provide certificate/revocation transparency. All TLS certificates' validation, storage, and entire revocation process is conducted in CertLedger as well as Trusted CA certificate management. During a TLS connection, TLS clients get an efficient proof of existence of the certificate directly from its domain owners. Hence, privacy is now perfectly preserved by eliminating the traceability issue via OCSP servers. It also provides a unique, efficient, and trustworthy certificate validation process eliminating the conventional inadequate and incompatible certificate validation processes implemented by different software vendors. TLS clients in CertLedger also do not require to make certificate validation and store the trusted CA certificates anymore. We analyze the security and performance of CertLedger and provide a comparison with the previous proposals. Finally, we implement its protoype on Ethereum to demonstrate experimental results. The results show that the performance of the TLS handshake and certificate validation through CertLedger is significantly improved compared to the current TLS protocol.},
archivePrefix = {arXiv},
arxivId = {1806.03914},
author = {Kubilay, Murat Yasin and Kiraz, Mehmet Sabir and Mantar, Hacı Ali},
doi = {10.1016/j.cose.2019.05.013},
eprint = {1806.03914},
file = {:Users/tilman/Documents/Mendeley Desktop/Kubilay, Kiraz, Mantar - 2019 - CertLedger A new PKI model with Certificate Transparency based on blockchain.pdf:pdf},
issn = {01674048},
journal = {Computers and Security},
keywords = {Blockchain,Certificate Transparency,Certificate validation,PKI,Privacy,SSL/TLS,other approach},
mendeley-tags = {other approach},
pages = {333--352},
title = {{CertLedger: A new PKI model with Certificate Transparency based on blockchain}},
volume = {85},
year = {2019}
}
@article{Marlinspike2013,
author = {Marlinspike, M. and Perrin, T.},
journal = {IETF Draft},
keywords = {other approach,pinning,scope restriction},
mendeley-tags = {other approach,pinning,scope restriction},
title = {{Trust Assertions for Certificate Keys}},
url = {https://tools.ietf.org/html/draft-perrin-tls-tack-02},
year = {2013}
}
@techreport{Laurie2016,
author = {Laurie, Ben and Phaneuf, Pierre and Eijdenberg, Adam},
title = {{Certificate Transparency over DNS}},
url = {https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md},
year = {2016}
}
@article{RFC6698,
author = {Hoffman, P. and Schlyter, J.},
journal = {IETF RFC},
keywords = {other approach,scope restriction},
mendeley-tags = {other approach,scope restriction},
title = {{RFC6698: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA}},
url = {https://tools.ietf.org/html/rfc6698},
year = {2012}
}
@techreport{Eckersley2012,
author = {Eckersley, Peter},
keywords = {other approach,transparency},
mendeley-tags = {other approach,transparency},
title = {{Sovereign Key Cryptography for Internet Domains}},
url = {https://github.com/EFForg/sovereign-keys/blob/master/sovereign-key-design.txt},
year = {2012}
}
@article{Wendlandt2008,
abstract = {The popularity of “Trust-on-first-use” (Tofu) authentica- tion, used by SSH and HTTPS with self-signed certificates, demonstrates significant demand for host authentication that is low-cost and simple to deploy. While Tofu-based applications are a clear improvement over completely inse- cure protocols, they can leave users vulnerable to even simple network attacks. Our system, PERSPECTIVES, thwarts many of these attacks by using a collection of “no- tary” hosts that observes a server's public key via multiple network vantage points (detecting localized attacks) and keeps a record of the server's key over time (recognizing short-lived attacks). Clients can download these records on-demand and compare them against an unauthenticated key, detecting many common attacks. PERSPECTIVES ex- plores a promising part of the host authentication design space: Trust-on-first-use applications gain significant at- tack robustness without sacrificing their ease-of-use. We also analyze the security provided by PERSPECTIVES and describe our experience building and deploying a publicly available implementation.},
author = {Wendlandt, Dan and Andersen, David G. and Perrig, Adrian},
file = {:Users/tilman/Documents/Mendeley Desktop/Wendlandt, Andersen, Perrig - 2008 - Perspectives Improving SSH-style Host Authentication with Multi-Path Probing.pdf:pdf},
isbn = {978-1-931971-59-1},
journal = {USENIX Annual Technical Conference},
keywords = {difference observation,other approach,system model},
mendeley-tags = {difference observation,other approach,system model},
pages = {321--334},
title = {{Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing.}},
url = {http://static.usenix.org/event/usenix08/tech/full{\_}papers/wendlandt/wendlandt{\_}html/},
year = {2008}
}
@article{Aumann2010,
abstract = {In the setting of secure multiparty computation, a set of mutually distrustful parties wish to securely compute some joint function of their private inputs. The computation should be carried out in a secure way, meaning that no coalition of corrupted parties should be able to learn more than specified or somehow cause the result to be "incorrect." Typically, corrupted parties are either assumed to be semi-honest (meaning that they follow the protocol specification) or malicious (meaning that they may deviate arbitrarily from the protocol). However, in many settings, the assumption regarding semi-honest behavior does not suffice and security in the presence of malicious adversaries is excessive and expensive to achieve. In this paper, we introduce the notion of covert adversaries, which we believe faithfully models the adversarial behavior in many commercial, political, and social settings. Covert adversaries have the property that they may deviate arbitrarily from the protocol specification in an attempt to cheat, but do not wish to be "caught" doing so. We provide a definition of security for covert adversaries and show that it is possible to obtain highly efficient protocols that are secure against such adversaries. We stress that in our definition, we quantify over all (possibly malicious) adversaries and do not assume that the adversary behaves in any particular way. Rather, we guarantee that if an adversary deviates from the protocol in a way that would enable it to "cheat" (meaning that it can achieve something that is impossible in an ideal model where a trusted party is used to compute the function), then the honest parties are guaranteed to detect this cheating with good probability. We argue that this level of security is sufficient in many settings. {\textcopyright} 2009 International Association for Cryptologic Research.},
author = {Aumann, Yonatan and Lindell, Yehuda},
doi = {10.1007/s00145-009-9040-7},
file = {:Users/tilman/Documents/Mendeley Desktop/Aumann, Lindell - 2010 - Security against covert adversaries Efficient protocols for realistic adversaries.pdf:pdf},
issn = {09332790},
journal = {Journal of Cryptology},
keywords = {Covert adversaries,Efficient constructions,Secure two-party computation,Simulation paradigm,sys},
mendeley-tags = {sys},
number = {2},
pages = {281--343},
title = {{Security against covert adversaries: Efficient protocols for realistic adversaries}},
volume = {23},
year = {2010}
}
@article{RFC8555,
author = {Barnes, R. and Hoffman-Andrews, J. and McCarney, D. and Kasten, J.},
journal = {IETF RFC},
title = {{RFC8555: Automatic Certificate Management Environment (ACME)}},
url = {https://tools.ietf.org/html/rfc8555},
year = {2019}
}
@article{RFC675,
author = {Cerf, Vinton and Dalal, Yogen and Sunshine, Carl},
journal = {IETF RFC},
title = {{RFC675: SPECIFICATION OF INTERNET TRANSMISSION CONTROL PROGRAM}},
year = {1974}
}
@article{Josang2013,
abstract = {A PKI can be described as a set of technologies, procedures, and policies for propagating trust from where it initially exists to where it is needed for authentication in online environments. How the trust propagation takes place under a specific PKI depends on the PKI's syntactic trust structure, which is commonly known as a trust model. However, trust is primarily a semantic concept that cannot be expressed in syntactic terms alone. In order to define meaningful trust models for PKIs it is also necessary to consider the semantic assumptions and human cognition of trust relationships, as explicitly or implicitly expressed by certification policies, legal contractual agreements between participants in a PKI, and by how identity information is displayed and represented. Of the many different PKI trust models proposed in the literature, some have been implemented and are currently used in practical settings, from small personal networks to large-scale private and public networks such as the Internet. This chapter takes a closer look at the most prominent and widely used PKI trust models, and discusses related semantic issues.},
author = {J{\o}sang, Audun},
doi = {10.4018/978-1-4666-4030-6.ch012},
file = {:Users/tilman/Documents/Mendeley Desktop/J{\o}sang - 2013 - PKI trust models.pdf:pdf},
isbn = {9781466640313},
journal = {Theory and Practice of Cryptography Solutions for Secure Information Systems},
number = {May},
pages = {279--301},
title = {{PKI trust models}},
year = {2013}
}
@article{Soghoian2012,
abstract = {This paper introduces the compelled certificate creation attack, in which government agencies may compel a certificate authority to issue false SSL certificates that can be used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications. {\textcopyright} 2012 Springer-Verlag.},
author = {Soghoian, Christopher and Stamm, Sid},
doi = {10.1007/978-3-642-27576-0_20},
file = {:Users/tilman/Documents/Mendeley Desktop/Soghoian, Stamm - 2012 - Certified lies Detecting and defeating government interception attacks against SSL (short paper).pdf:pdf},
isbn = {9783642275753},
issn = {03029743},
journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
keywords = {badpki,system model},
mendeley-tags = {badpki,system model},
pages = {250--259},
title = {{Certified lies: Detecting and defeating government interception attacks against SSL (short paper)}},
volume = {7035 LNCS},
year = {2012}
}
@article{Kales2019,
author = {Kales, Daniel and Omolola, Olamide and Ramacher, Sebastian},
doi = {10.1109/eurosp.2019.00039},
file = {:Users/tilman/Documents/Mendeley Desktop/Kales, Omolola, Ramacher - 2019 - Revisiting User Privacy for Certificate Transparency.pdf:pdf},
isbn = {9781728111476},
journal = {2019 IEEE European Symposium on Security and Privacy (EuroS{\&}P)},
keywords = {privacy},
mendeley-tags = {privacy},
pages = {432--447},
publisher = {IEEE},
title = {{Revisiting User Privacy for Certificate Transparency}},
year = {2019}
}
@article{RFC5280,
author = {Cooper, D. and Santesson, S. and Farrell, S. and Boeyen, S. and Housley, R. and Polk, W.},
journal = {IETF RFC},
title = {{RFC5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile}},
year = {2008}
}
@misc{ChromeCertificates,
author = {{The Chromium Projects}},
title = {{Root Certificate Policy}},
url = {https://www.chromium.org/Home/chromium-security/root-ca-policy}
}
@techreport{Laurie2012,
author = {Laurie, B and Kasper, Emilia},
booktitle = {Google Research, September},
file = {:Users/tilman/Documents/Mendeley Desktop/Laurie, Kasper - 2012 - Revocation transparency.pdf:pdf},
institution = {Google},
pages = {0--2},
title = {{Revocation transparency}},
url = {http://sump2.links.org/files/RevocationTransparency.pdf},
year = {2012}
}
@techreport{Nolte2018,
address = {Hamburg},
author = {Nolte, Theodor},
file = {:Users/tilman/Documents/Mendeley Desktop/Nolte - 2018 - Certificate Transparency Deployment Study.pdf:pdf},
institution = {Hochschule f{\"{u}}r Angewandte Wissenschaften Hamburg},
keywords = {adoption},
mendeley-tags = {adoption},
title = {{Certificate Transparency Deployment Study}},
year = {2018}
}
@article{Phan2019,
archivePrefix = {arXiv},
arxivId = {1905.09478},
author = {Phan, Vy An},
eprint = {1905.09478},
file = {:Users/tilman/Documents/Mendeley Desktop/Phan - 2019 - Private Queries on Public Certificate Transparency Data.pdf:pdf},
journal = {CoRR},
keywords = {privacy},
mendeley-tags = {privacy},
title = {{Private Queries on Public Certificate Transparency Data}},
year = {2019}
}
@inproceedings{Ryan2014,
abstract = {—The certificate authority model for authenticating public keys of websites has been attacked in recent years, and several proposals have been made to reinforce it. We develop and extend certificate transparency, a proposal in this direction, so that it efficiently handles certificate revocation. We show how this extension can be used to build a secure end-to-end email or messaging system using PKI with no requirement to trust certificate authorities, or to rely on complex peer-to-peer key-signing arrangements such as PGP. This makes end-to-end encrypted mail possible, with apparently few additional usability issues compared to unencrypted mail (specifically, users do not need to understand or concern themselves with keys or certificates). Underlying these ideas is a new attacker model appropriate for cloud computing, which we call " malicious-but-cautious " .},
author = {Ryan, Mark D.},
booktitle = {Proceedings 2014 Network and Distributed System Security Symposium},
doi = {10.14722/ndss.2014.23379},
file = {:Users/tilman/Documents/Mendeley Desktop/Ryan - 2014 - Enhanced Certificate Transparency and End-to-End Encrypted Mail.pdf:pdf},
isbn = {1891562355},
keywords = {other approach},
mendeley-tags = {other approach},
publisher = {Internet Society},
title = {{Enhanced Certificate Transparency and End-to-End Encrypted Mail}},
year = {2014}
}
@article{RFC2616,
author = {Fielding, Roy T. and Gettys, James and Mogul, Jeffrey C. and Nielsen, Henrik Frystyk and Masinter, Larry and Leach, Paul J. and Berners-Lee, Tim},
journal = {IETF RFC},
title = {{RFC2616: Hypertext Transfer Protocol – HTTP/1.1}},
url = {https://tools.ietf.org/html/rfc2616},
year = {1999}
}
@article{RFC6101,
author = {Freier, A. and Karlton, P. and Kocher, P.},
journal = {IETF RFC},
title = {{RFC6101: The Secure Sockets Layer (SSL) Protocol Version 3.0}},
url = {https://tools.ietf.org/html/rfc6101},
year = {2011}
}
@article{Yu2016,
abstract = {The security of public key validation protocols for web-based applications has recently attracted attention because of weaknesses in the certificate authority model, and consequent attacks. Recent proposals using public logs have succeeded in making certificate management more transparent and verifiable. However, those proposals involve a fixed set of authorities. This means an oligopoly is created. Another problem with current log-based system is their heavy reliance on trusted parties that monitor the logs. We propose a distributed transparent key infrastructure (DTKI), which greatly reduces the oligopoly of service providers and allows verification of the behaviour of trusted parties. In addition, this paper formalises the public log data structure and provides a formal analysis of the security that DTKI guarantees.},
archivePrefix = {arXiv},
arxivId = {1408.1023},
author = {Yu, Jiangshan and Cheval, Vincent and Ryan, Mark},
doi = {10.1093/comjnl/bxw039},
eprint = {1408.1023},
file = {:Users/tilman/Documents/Mendeley Desktop/Yu, Cheval, Ryan - 2016 - DTKI A new formalized PKI with verifiable trusted parties.pdf:pdf},
issn = {14602067},
journal = {Computer Journal},
keywords = {Certificate,Formal verification,Key distribution,PKI,SSL,TLS,Transparency,Trust,comparison,other approach,system model,transparency},
mendeley-tags = {comparison,other approach,system model,transparency},
number = {11},
pages = {1695--1713},
title = {{DTKI: A new formalized PKI with verifiable trusted parties}},
volume = {59},
year = {2016}
}
@book{Ristic2015,
address = {London},
author = {Risti{\'{c}}, Ivan},
editor = {Giri{\'{c}}-Risti{\'{c}}, Jelena and Rankin, Melinda},
file = {:Users/tilman/Documents/Mendeley Desktop/Risti{\'{c}} - 2015 - BULLETPROOF SSL AND TLS Understanding and Deploying SSLTLS and PKI to Secure Servers and Web Applications Free.pdf:pdf},
isbn = {9781907117046},
publisher = {Feisty Duck Limited},
title = {{BULLETPROOF SSL AND TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications Free}},
year = {2015}
}
@article{Amann2017,
abstract = {Driven by CA compromises and the risk of man-in-the-middle attacks, new security features have been added to TLS, HTTPS, and the web PKI over the past five years. These include Certificate Transparency (CT), for making the CA system auditable; HSTS and HPKP headers, to harden the HTTPS posture of a domain; the DNS-based extensions CAA and TLSA, for control over certificate issuance and pinning; and SCSV, for protocol downgrade protection. This paper presents the first large scale investigation of these improvements to the HTTPS ecosystem, explicitly accounting for their combined usage. In addition to collecting passive measurements at the Internet uplinks of large University networks on three continents, we perform the largest domain-based active Internet scan to date, covering 193M domains. Furthermore, we track the long-term deployment history of new TLS security features by leveraging passive observations dating back to 2012. We find that while deployment of new security features has picked up in general, only SCSV (49M domains) and CT (7M domains) have gained enough momentum to improve the overall security of HTTPS. Features with higher complexity, such as HPKP, are deployed scarcely and often incorrectly. Our empirical findings are placed in the context of risk, deployment effort, and benefit of these new technologies, and actionable steps for improvement are proposed. We cross-correlate use of features and find some techniques with significant correlation in deployment. We support reproducible research and publicly release data and code.},
author = {Amann, Johanna and Gasser, Oliver and Scheitle, Quirin and Brent, Lexi and Carle, Georg and Holz, Ralph},
doi = {10.1145/3131365.3131401},
file = {:Users/tilman/Documents/Mendeley Desktop/Amann et al. - 2017 - Mission accomplished HTTPS security after diginotar.pdf:pdf},
isbn = {9781450351188},
journal = {Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC},
keywords = {CAA,CT,HPKP,HSTS,HTTPS,PKI,SCSV,TLS,X.509},
pages = {325--340},
title = {{Mission accomplished? HTTPS security after diginotar}},
volume = {Part F1319},
year = {2017}
}
@article{Yu2017,
abstract = {Certificate authorities serve as trusted parties to help secure web communications. They are a vital component for ensuring the security of cloud infrastructures and big data repositories. Unfortunately, recent attacks using mis-issued cer-tificates show this model is severely broken. Much research has been done to enhance certificate man-agement in order to create more secure and reliable cloud architectures. However, none of it has been widely adopted yet, and it is hard to judge which one is the winner. This chapter provides a survey with critical analysis on the existing proposals for managing public key certificates. This evaluation framework would be helpful for future research on designing an alternative certificate management system to secure the internet.},
author = {Yu, Jiangshan and Ryan, Mark},
doi = {10.1016/b978-0-12-805467-3.00007-7},
file = {:Users/tilman/Documents/Mendeley Desktop/Yu, Ryan - 2017 - Evaluating Web PKIs.pdf:pdf},
journal = {Software Architecture for Big Data and the Cloud},
keywords = {comparison,other approach,system model},
mendeley-tags = {comparison,other approach,system model},
pages = {105--126},
title = {{Evaluating Web PKIs}},
year = {2017}
}
@article{Tomescu2019,
abstract = {Transparency logs allow users to audit a potentially malicious service , paving the way towards a more accountable Internet. For example, Certificate Transparency (CT) enables domain owners to audit Certificate Authorities (CAs) and detect impersonation attacks. Yet, to achieve their full potential, transparency logs must be bandwidth-efficient when queried by users. Specifically, everyone should be able to efficiently look up log entries by their key and efficiently verify that the log remains append-only. Unfortunately , without additional trust assumptions, current transparency logs cannot provide both small-sized lookup proofs and small-sized append-only proofs. In fact, one of the proofs always requires band-width linear in the size of the log, making it expensive for everyone to query the log. In this paper, we address this gap with a new primitive called an append-only authenticated dictionary (AAD). Our construction is the first to achieve (poly)logarithmic size for both proof types and helps reduce bandwidth consumption in transparency logs. This comes at the cost of increased append times and high memory usage, both of which remain to be improved to make practical deployment possible. CCS CONCEPTS • Security and privacy → Key management; • Theory of computation → Cryptographic primitives; Data structures design and analysis.},
author = {Tomescu, Alin and Bhupatiraju, Vivek and Papadopoulos, Dimitrios and Papamanthou, Charalampos and Triandopoulos, Nikos and Devadas, Srinivas},
doi = {10.1145/3319535.3345652},
file = {:Users/tilman/Documents/Mendeley Desktop/Tomescu et al. - 2019 - Transparency Logs via Append-Only Authenticated Dictionaries.pdf:pdf},
isbn = {9781450367479},
journal = {Ccs},
keywords = {Charalampos Papamanthou,Dimitrios Papadopoulos,Merkle trees,Nikos Triandopoulos,RSA accumulators,Vivek Bhupatiraju,and Srinivas Devadas 2019 Trans-parency Logs via A,append-only,authenticated dictionaries,bilinear accumulators,polynomials ACM Reference Format: Alin Tomescu,transparency logs},
pages = {18},
title = {{Transparency Logs via Append-Only Authenticated Dictionaries}},
year = {2019}
}
@article{Bernhard2019,
abstract = {HTTPS and TLS are the backbone of Internet security, however setting up web servers to run these protocols is a notoriously difficult process. In this paper, we perform two live subjects usability studies on the deployment of HTTPS in a real-world setting. Study 1 is a within subjects comparison between traditional HTTPS configuration (purchasing a certificate and installing it on a server) and Let's Encrypt, which automates much of the process. Study 2 is a between subjects study looking at the same two systems, examining why users encounter usability issues. Overall we confirm past results that HTTPS is difficult to deploy, and we find some evidence that suggests Let's Encrypt is an easier, more efficient method for deploying HTTPS.},
author = {Bernhard, Matthew and Sharman, Jonathan and Acemyan, Claudia Ziegler and Kortum, Philip and Wallach, Dan S. and {Alex Halderman}, J.},
doi = {10.1145/3290605.3300540},
file = {:Users/tilman/Documents/Mendeley Desktop/Bernhard et al. - 2019 - On the usability of HTTPS deployment.pdf:pdf},
isbn = {9781450359702},
journal = {Conference on Human Factors in Computing Systems - Proceedings},
title = {{On the usability of HTTPS deployment}},
year = {2019}
}
@misc{Kaufman2018,
author = {Kaufman, Jeff T.},
title = {{History of HTTPS Usage}},
url = {https://www.jefftk.com/p/history-of-https-usage},
urldate = {2019-11-04},
year = {2018}
}
@article{Manousis2016,
abstract = {Let's Encrypt is a new entrant in the Certificate Authority ecosystem that offers free and automated certificate signing. It is visionary in its commitment to Certificate Transparency. In this paper, we shed light on the adoption patterns of Let's Encrypt "in the wild" and inform the future design and deployment of this exciting development in the security landscape. We analyze acquisition patterns of certificates as well as their usage and deployment trends in the real world. To this end, we analyze data from Certificate Transparency Logs containing records of more then 18 million certificates. We also leverage other sources like Censys, Alexa's historic records, Geolocation databases, and VirusTotal. We also perform active HTTPS measurements on the domains owning Let's Encrypt certificates. Our analysis of certificate acquisition shows that (1) the impact of Let's Encrypt is particularly visible in Western Europe; (2) Let's Encrypt has the potential to democratize HTTPS adoption in countries that are recent entrants to Internet adoption; (3) there is anecdotal evidence of popular domains quitting their previously untrustworthy or expensive CAs in order to transition to Let's Encrypt; and (4) there is a "heavy tailed" behavior where a small number of domains acquire a large number of certificates. With respect to usage, we find that: (1) only 54{\%} of domains actually use the Let's Encrypt certificates they have procured; (2) there are many non-trivial incidents of server misconfigurations; and (3) there is early evidence of use of Let's Encrypt certificates for typosquatting and for malware-laden sites.},
archivePrefix = {arXiv},
arxivId = {1611.00469},
author = {Manousis, Antonis and Ragsdale, Roy and Draffin, Ben and Agrawal, Adwiteeya and Sekar, Vyas},
eprint = {1611.00469},
file = {:Users/tilman/Documents/Mendeley Desktop/Manousis et al. - 2016 - Shedding Light on the Adoption of Let's Encrypt.pdf:pdf},
journal = {Computing Research Repository},
title = {{Shedding Light on the Adoption of Let's Encrypt}},
url = {http://arxiv.org/abs/1611.00469},
volume = {abs/1611.0},
year = {2016}
}
@inproceedings{Zadegan2016,
address = {Paris},
author = {Zadegan, Bryant and Lester, Ryan},
booktitle = {DEF CON 24},
file = {:Users/tilman/Documents/Mendeley Desktop/Zadegan, Lester - 2016 - Abusing Bleeding Edge Web Standards for AppSec Glory.pdf:pdf},
title = {{Abusing Bleeding Edge Web Standards for AppSec Glory}},
year = {2016}
}
@article{RFC7469,
author = {Evans, C. and Palmer, C. and Sleevi, R.},
doi = {10.17487/RFC7469},
journal = {IETF RFC},
title = {{RFC7469: Public Key Pinning Extension for HTTP}},
url = {https://tools.ietf.org/html/rfc7469},
year = {2015}
}
@article{Roosa2013,
abstract = {For more than a decade, Internet users have relied on digital certificates issued by certificate authorities to encrypt and authenticate their most valuable communications. Computer security experts have lambasted weaknesses in the system since its inception. Recent exploits have brought several problems back into stark focus. The authors describe some proposed technologybased improvements, as well as some legal, economic, and organizational shortcomings of the trust model. They also propose first steps toward fixes and next steps for study. {\textcopyright} 1997-2012 IEEE.},
author = {Roosa, Steven B. and Schultze, Stephen},
doi = {10.1109/MIC.2013.27},
file = {:Users/tilman/Documents/Mendeley Desktop/Roosa, Schultze - 2013 - Trust darknet Control and compromise in the internet's certificate authority model.pdf:pdf},
issn = {10897801},
journal = {IEEE Internet Computing},
keywords = {badpki,legal implications,public policy,public-key cryptosystems},
mendeley-tags = {badpki},
number = {3},
pages = {18--25},
publisher = {IEEE},
title = {{Trust darknet: Control and compromise in the internet's certificate authority model}},
volume = {17},
year = {2013}
}
@article{Maxwell2019,
abstract = {We describe a new Schnorr-based multi-signature scheme (i.e., a protocol which allows a group of signers to produce a short, joint signature on a common message) called MuSig, provably secure under the Discrete Logarithm assumption and in the plain public-key model (meaning that signers are only required to have a public key, but do not have to prove knowledge of the private key corresponding to their public key to some certification authority or to other signers before engaging the protocol). MuSig improves over the state-of-art scheme of Bellare and Neven (ACM Conference on Computer and Communications Security-CCS 2006) and its variants by Bagherzandi et al. (ACM Conference on Computer and Communications Security-CCS 2008) and Ma et al. (Des Codes Cryptogr 54(2):121–133, 2010) in two respects: (i) it is simple and efficient, having the same key and signature size as standard Schnorr signatures; (ii) it allows key aggregation, which informally means that the joint signature can be verified exactly as a standard Schnorr signature with respect to a single “aggregated” public key which can be computed from the individual public keys of the signers. To the best of our knowledge, this is the first multi-signature scheme provably secure under the Discrete Logarithm assumption in the plain public-key model which allows key aggregation. As an application, we explain how our new multi-signature scheme could improve both performance and user privacy in Bitcoin.},
author = {Maxwell, Gregory and Poelstra, Andrew and Seurin, Yannick and Wuille, Pieter},
doi = {10.1007/s10623-019-00608-x},
file = {:Users/tilman/Documents/Mendeley Desktop/Maxwell et al. - 2019 - Simple Schnorr multi-signatures with applications to Bitcoin.pdf:pdf},
issn = {15737586},
journal = {Designs, Codes, and Cryptography},
keywords = {Bitcoin,Discrete logarithm problem,Forking lemma,Key aggregation,Multi-signatures,Schnorr signatures},
pages = {1--34},
title = {{Simple Schnorr multi-signatures with applications to Bitcoin}},
year = {2019}
}
@misc{Merkle1982,
author = {Merkle, Ralph C.},
file = {:Users/tilman/Documents/Mendeley Desktop/Merkle - 1982 - US Patent 4309569 Method of providing digital signatures.pdf:pdf},
publisher = {United States Patent Office},
title = {{US Patent 4309569: Method of providing digital signatures}},
year = {1982}
}
@techreport{Varvello2015,
author = {Varvello, Matteo and Schomp, Kyle and Naylor, David and Blackburn, Jeremy and Papagiannaki, Konstantina},
file = {:Users/tilman/Documents/Mendeley Desktop/Varvello et al. - 2015 - Is The Web HTTP 2 Yet.pdf:pdf},
institution = {isthewebhttp2yet.com},
title = {{Is The Web HTTP / 2 Yet ?}},
url = {http://isthewebhttp2yet.com/files/http2-pam16.pdf},
year = {2015}
}
@book{Wattenhofer2016,
author = {Wattenhofer, Roger},
file = {:Users/tilman/Documents/Mendeley Desktop/Wattenhofer - 2016 - The science of blokchain.pdf:pdf},
isbn = {9781522751830},
publisher = {Inverted Forest Publishing},
title = {{The science of blokchain}},
year = {2016}
}
@inproceedings{Syta2017,
abstract = {Bias-resistant public randomness is a critical com- ponent in many (distributed) protocols. Generating public ran- domness is hard, however, because active adversaries may behave dishonestly to bias public random choices toward their advan- tage. Existing solutions do not scale to hundreds or thousands of participants, as is needed in many decentralized systems. We propose two large-scale distributed protocols, RandHound and RandHerd, which provide publicly-verifiable, unpredictable, and unbiasable randomness against Byzantine adversaries. Rand- Hound relies on an untrusted client to divide a set of randomness servers into groups for scalability, and it depends on the pigeon- hole principle to ensure output integrity, even for non-random, adversarial group choices. RandHerd implements an efficient, decentralized randomness beacon. RandHerd is structurally similar to a BFT protocol, but uses RandHound in a one-time setup to arrange participants into verifiably unbiased random secret-sharing groups, which then repeatedly produce random output at predefined intervals. Our prototype demonstrates that RandHound and RandHerd achieve good performance across hundreds of participants while retaining a low failure probability by properly selecting protocol parameters, such as a group size and secret-sharing threshold. For example, when sharding 512 nodes into groups of 32, our experiments show that RandHound can produce fresh random output after 240 seconds. RandHerd, after a setup phase of 260 seconds, is able to generate fresh random output in intervals of approximately 6 seconds. For this configuration, both protocols operate at a failure probability of at},
address = {San Jose},
author = {Syta, Ewa and Jovanovic, Philipp and Kogias, Eleftherios Kokoris and Gailly, Nicolas},
booktitle = {2017 IEEE Symposium on Security and Privacy},
doi = {10.1109/SP.2017.45},
file = {:Users/tilman/Documents/Mendeley Desktop/Syta et al. - 2017 - Scalable Bias-Resistant Distributed Randomness.pdf:pdf},
pages = {444--460},
publisher = {IEEE Computer Society},
title = {{Scalable Bias-Resistant Distributed Randomness}},
year = {2017}
}
@inproceedings{Stubs2019,
address = {Bonn},
author = {Mueller, Tobias and St{\"{u}}bs, Marius and Federrath, Hannes},
booktitle = {Open Identity Summit 2019},
editor = {Ro{\ss}nagel, Heiko and Wagner, Sven and H{\"{u}}hnlein, Detlef},
file = {:Users/tilman/Documents/Mendeley Desktop/Mueller, St{\"{u}}bs, Federrath - 2019 - Let's Revoke! Mitigating Revocation Equivocation by re-purposing the Certificate Transparency Log.pdf:pdf},
keywords = {asynchronous decentralised messaging,email,key revocation,openpgp,pki,revocation,trust},
mendeley-tags = {revocation},
pages = {143--154},
publisher = {Gesellschaft f{\"{u}}r Informatik},
title = {{Let's Revoke! Mitigating Revocation Equivocation by re-purposing the Certificate Transparency Log}},
year = {2019}
}
@article{Stark2019,
abstract = {Certificate Transparency (CT) is an emerging system for enabling the rapid discovery of malicious or misissued certificates. Initially standardized in 2013, CT is now finally beginning to see widespread support. Although CT provides desirable security benefits, web browsers cannot begin requiring all websites to support CT at once, due to the risk of breaking large numbers of websites. We discuss challenges for deployment, analyze the adoption of CT on the web, and measure the error rates experienced by users of the Google Chrome web browser. We find that CT has so far been widely adopted with minimal breakage and warnings. Security researchers often struggle with the tradeoff between security and user frustration: rolling out new security requirements often causes breakage. We view CT as a case study for deploying ecosystem-wide change while trying to minimize end user impact. We discuss the design properties of CT that made its success possible, as well as draw lessons from its risks and pitfalls that could be avoided in future large-scale security deployments.},
author = {Stark, Emily and Sleevi, Ryan and Muminovi{\'{c}}, Rijad and O'Brien, Devon and Messeri, Eran and Felt, Adrienne Porter and Mcmillion, Brendan and Tabriz, Parisa},
doi = {10.1109/SP.2019.00027},
file = {:Users/tilman/Documents/Mendeley Desktop/Stark et al. - 2019 - Does Certificate Transparency Break the Web Measuring Adoption and Error Rate.pdf:pdf},
journal = {Proceedings of the IEEE Symposium on Security {\&} Privacy (2019)},
keywords = {Certificate Transparency,HTTPS,Index Terms-Web PKI,gossip,usable security},
mendeley-tags = {gossip},
title = {{Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate}},
url = {https://ai.google/research/pubs/pub47551},
year = {2019}
}
@misc{Slepak2014,
author = {Slepak, Greg},
booktitle = {okTurtles Blog},
title = {{The Trouble with Certificate Transparency}},
url = {https://blog.okturtles.org/2014/09/the-trouble-with-certificate-transparency/},
year = {2014}
}
@phdthesis{Magnusson2019,
author = {Magnusson, Jonathan},
file = {:Users/tilman/Documents/Mendeley Desktop/Magnusson - 2019 - Designing DNS Cache Aggregation to Detect Misbehaving Certificate Transparency Logs.pdf:pdf},
keywords = {gossip},
mendeley-tags = {gossip},
school = {Karlstad University},
title = {{Designing DNS Cache Aggregation to Detect Misbehaving Certificate Transparency Logs}},
year = {2019}
}
@misc{Ritter2016,
author = {Ritter, Tom},
booktitle = {ritter.vg},
keywords = {gossip},
mendeley-tags = {gossip},
title = {a bit on certificate transparency gossip},
url = {https://ritter.vg/blog-a{\_}bit{\_}on{\_}certificate{\_}transparency{\_}gossip.html},
urldate = {2019-07-01},
year = {2016}
}
@inproceedings{Boneh2003a,
abstract = {An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verifier that the n users did indeed sign the n original messages (i.e., user i signed message M i for i = 1,..., n). In this paper we introduce the concept of an aggregate signature, present security models for such signatures, and give several applications for aggregate signatures. We construct an efficient aggregate signature from a recent short signature scheme based on bilinear maps due to Boneh, Lynn, and Shacham. Aggregate signatures are useful for reducing the size of certificate chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols such as SBGP. We also show that aggregate signatures give rise to verifiably encrypted signatures. Such signatures enable the verifier to test that a given ciphertext C is the encryption of a signature on a given message M. Verifiably encrypted signatures are used in contract-signing protocols. Finally, we show that similar ideas can be used to extend the short signature scheme to give simple ring signatures.},
address = {Warsaw},
author = {Boneh, Dan and Gentry, Craig and Lynn, Ben and Shacham, Hovav},
booktitle = {Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques},
doi = {10.1007/3-540-39200-9_26},
editor = {Biham, Eli},
file = {:Users/tilman/Documents/Mendeley Desktop/Boneh et al. - 2003 - Aggregate and Verifiably Encrypted Signatures from Bilinear Maps.pdf:pdf},
isbn = {3-540-14039-5},
pages = {416--432},
publisher = {Springer-Verlag},
title = {{Aggregate and Verifiably Encrypted Signatures from Bilinear Maps}},
url = {http://link.springer.com/10.1007/3-540-39200-9{\_}26},
year = {2003}
}
@misc{Smith2018,
author = {Smith, Martin},
booktitle = {certificate-transparency},
title = {{Google CT Log Outage Postmortem For Oct 24 2018}},
url = {https://groups.google.com/d/msg/certificate-transparency/mm5Dqmxce3M/JGKwCLp9AgAJ},
urldate = {2019-05-06},
year = {2018}
}
@techreport{Stehr2019,
address = {Braunschweig},
author = {Stehr, Tilman},
file = {:Users/tilman/Documents/Mendeley Desktop/Stehr - 2019 - How do Browsers Handle Misbehaving Certificate Transparency Logs.pdf:pdf},
institution = {Technische Universit{\"{a}}t Braunschweig},
title = {{How do Browsers Handle Misbehaving Certificate Transparency Logs ?}},
year = {2019}
}
@article{Kent2018,
author = {Kent, Stephen},
file = {:Users/tilman/Documents/Mendeley Desktop/Kent - 2018 - Attack and Threat Model for Certificate Transparency.pdf:pdf},
institution = {Internet Engineering Task Force},
journal = {IETF Draft},
keywords = {system model},
mendeley-tags = {system model},
title = {{Attack and Threat Model for Certificate Transparency}},
url = {https://tools.ietf.org/html/draft-ietf-trans-threat-analysis-16},
year = {2018}
}
@article{Dowling2016,
abstract = {Since hundreds of certificate authorities (CAs) can issue browser-trusted certificates, it can be difficult for domain owners to detect certificates that have been fraudulently issued for their domain. Certificate Transparency (CT) is a recent standard by the Internet Engineering Task Force (IETF) that aims to construct public logs of all certificates issued by CAs, making it easier for domain owners to monitor for fraudulently issued certificates. To avoid relying on trusted log servers, CT includes mechanisms by which monitors and auditors can check whether logs are behaving honestly or not; these mechanisms are primarily based on Merkle tree hashing and authentication proofs. Given that CT is now being deployed, it is important to verify that it achieves its security goals. In this work, we define four security properties of logging schemes such as CT that can be assured via cryptographic means, and show that CT does achieve these security properties. We consider two classes of security goals: those involving security against a malicious logger attempting to present different views of the log to different parties or at different points in time, and those involving security against malicious monitors who attempt to frame an honest log for failing to include a certificate in the log. We show that Certificate Transparency satisfies these security properties under various assumptions on Merkle trees all of which reduce to collision resistance of the underlying hash function (and in one case with the additional assumption of unforgeable signatures).},
author = {Dowling, Benjamin and G{\"{u}}nther, Felix and Herath, Udyani and Stebila, Douglas},
doi = {10.1007/978-3-319-45744-4},
file = {:Users/tilman/Documents/Mendeley Desktop/Dowling et al. - 2016 - Secure Logging Schemes and Certificate Transparency.pdf:pdf},
isbn = {978-3-319-45743-7},
journal = {Computer Security – ESORICS 2016. ESORICS 2016. Lecture Notes in Computer Science},
keywords = {system model},
mendeley-tags = {system model},
pages = {1--27},
title = {{Secure Logging Schemes and Certificate Transparency}},
url = {http://link.springer.com/10.1007/978-3-319-45744-4},
volume = {9879},
year = {2016}
}
@article{Nykvist2018,
abstract = {Certificate Transparency (CT) was developed to mitigate shortcomings in the TLS/SSL landscape and to assess the trustworthi- ness of Certificate Authorities (CAs) and the certificates they create. With CT, certificates should be logged in public, audible, append-only CT logs and servers should provide clients (browsers) evidence, in the form of Signed Certificate Timestamps (SCTs), that the certificates that they present have been logged in credible CT logs. These SCTs can be delivered using three different methods: (i) X.509v3 extension, (ii) TLS extension, and (iii) OSCP stapling. In this paper, we develop a client-side measurement tool that implements all three methods and use the tool to analyze the SCT adoption among the one-million most popular web domains. Using two snapshots (from May and Oct. 2017), we answer a wide range of questions related to the delivery choices made by different domains, identify differences in the certificates used by these domains, the CT logs they use, and characterize the overheads and potential per- formance impact of the SCT delivery methods. By highlighting some of the tradeoffs between the methods and differences in the websites select- ing them, we provide insights into the current SCT adoption status and differences in how domains have gone upon adopting this new technology. 1},
author = {Nykvist, Carl and Sj{\"{o}}str{\"{o}}m, Linus and Gustafsson, Josef and Carlsson, Niklas},
doi = {10.1007/978-3-319-76481-8_14},
file = {:Users/tilman/Documents/Mendeley Desktop/Nykvist et al. - 2018 - Server-Side Adoption of Certificate Transparency.pdf:pdf},
isbn = {9783319764801},
journal = {Passive and Active Measurement. PAM 2018. Lecture Notes in Computer Science},
pages = {186--199},
title = {{Server-Side Adoption of Certificate Transparency}},
volume = {10771},
year = {2018}
}
@article{Basin2014,
abstract = {We present ARPKI, a public-key infrastructure that ensures that certificate-related operations, such as certificate issuance, update, revocation, and validation, are transparent and ac-countable. ARPKI is the first such infrastructure that sys-tematically takes into account requirements identified by previous research. Moreover, ARPKI is co-designed with a formal model, and we verify its core security property using the Tamarin prover. We present a proof-of-concept imple-mentation providing all features required for deployment. ARPKI efficiently handles the certification process with low overhead and without incurring additional latency to TLS. ARPKI offers extremely strong security guarantees, where compromising n − 1 trusted signing and verifying entities is insufficient to launch an impersonation attack. Moreover, it deters misbehavior as all its operations are publicly visible.},
author = {Basin, David and Cremers, Cas and Kim, Tiffany Hyun-Jin and Perrig, Adrian and Sasse, Ralf and Szalachowski, Pawel},
doi = {10.1145/2660267.2660298},
file = {:Users/tilman/Documents/Mendeley Desktop/Basin et al. - 2014 - ARPKI Attack Resilient Public-Key Infrastructure.pdf:pdf},
isbn = {9781450329576},
issn = {15437221},
journal = {Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14},
keywords = {a single compro-,attack resilience,certificate validation,formal validation,in the current trust,log servers,model of tls pki,other approach,public,public-key infrastructure,tls,to review},
mendeley-tags = {other approach,to review},
title = {{ARPKI: Attack Resilient Public-Key Infrastructure}},
url = {https://netsec.ethz.ch/publications/papers/ccsfp200s-cremersA.pdf},
year = {2014}
}
@article{Dahlberg2018,
abstract = {Certificate Transparency (CT) is a project that mandates public logging of TLS certificates issued by certificate authorities. While a CT log is designed to be trustless, it relies on the assumption that every client sees and cryptographically verifies the same log. The solution to this problem is a gossip mechanism that ensures that clients share the same view of the logs. Despite CT being added to Google Chrome, no gossip mechanism is pending wide deployment. We suggest an aggregation-based gossip mechanism that passively observes cryptographic material that CT logs emit in plaintext, aggregating at packet processors and periodically verifying log consistency off-path. Based on 20 days of RIPE Atlas measurements that represents clients from 3500 autonomous systems and 40{\%} of the IPv4 space, our proposal can be deployed incrementally for a realistic threat model with significant protection against undetected log misbehavior. We also discuss how to instantiate aggregation-based gossip on a variety of packet processors, and show that our P4 and XDP proof-of-concepts implementations run at line-speed.},
archivePrefix = {arXiv},
arxivId = {1806.08817},
author = {Dahlberg, Rasmus and Pulls, Tobias and Vestin, Jonathan and H{\o}iland-J{\o}rgensen, Toke and Kassler, Andreas},
eprint = {1806.08817},
file = {:Users/tilman/Documents/Mendeley Desktop/Dahlberg et al. - 2018 - Aggregation-Based Gossip for Certificate Transparency.pdf:pdf},
journal = {CoRR},
keywords = {gossip},
mendeley-tags = {gossip},
pages = {1--20},
title = {{Aggregation-Based Gossip for Certificate Transparency}},
volume = {abs/1806.0},
year = {2018}
}
@inproceedings{Syta2016,
abstract = {The secret keys of critical network authorities - such as time, name, certificate, and software update services - represent high-value targets for hackers, criminals, and spy agencies wishing to use these keys secretly to compromise other hosts. To protect authorities and their clients proactively from undetected exploits and misuse, we introduce CoSi, a scalable witness cosigning protocol ensuring that every authoritative statement is validated and publicly logged by a diverse group of witnesses before any client will accept it. A statement S collectively signed by W witnesses assures clients that S has been seen, and not immediately found erroneous, by those W observers. Even if S is compromised in a fashion not readily detectable by the witnesses, CoSi still guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to risk that the compromise will soon be detected by one of the W witnesses. Because clients can verify collective signatures efficiently without communication, CoSi protects clients' privacy, and offers the first transparency mechanism effective against persistent man-in-the-middle attackers who control a victim's Internet access, the authority's secret key, and several witnesses' secret keys. CoSi builds on existing cryptographic multisignature methods, scaling them to support thousands of witnesses via signature aggregation over efficient communication trees. A working prototype demonstrates CoSi in the context of timestamping and logging authorities, enabling groups of over 8,000 distributed witnesses to cosign authoritative statements in under two seconds.},
address = {San Jose},
author = {Syta, Ewa and Tamas, Iulia and Visher, Dylan and Wolinsky, David Isaac and Jovanovic, Philipp and Gasser, Linus and Gailly, Nicolas and Khoffi, Ismail and Ford, Bryan},
booktitle = {2016 IEEE Symposium on Security and Privacy},
doi = {10.1109/SP.2016.38},
file = {:Users/tilman/Documents/Mendeley Desktop/Syta et al. - 2016 - Keeping Authorities ‘Honest or Bust' with Decentralized Witness Cosigning.pdf:pdf},
isbn = {9781509008247},
keywords = {cryptography,distributed protocols,multisignatures,scalability,signatures,transparency},
pages = {526--545},
publisher = {IEEE},
title = {{Keeping Authorities ‘Honest or Bust' with Decentralized Witness Cosigning}},
year = {2016}
}
@inproceedings{Kim2013,
abstract = {Recent trends in public-key infrastructure research explore the trade-off between decreased trust in Certificate Authorities (CAs), re-silience against attacks, communication overhead (bandwidth and latency) for setting up an SSL/TLS connection, and availability with respect to verifiability of public key information. In this pa-per, we propose AKI as a new public-key validation infrastructure, to reduce the level of trust in CAs. AKI integrates an architec-ture for key revocation of all entities (e.g., CAs, domains) with an architecture for accountability of all infrastructure parties through checks-and-balances. AKI efficiently handles common certifica-tion operations, and gracefully handles catastrophic events such as domain key loss or compromise. We propose AKI to make progress towards a public-key validation infrastructure with key revocation that reduces trust in any single entity.},
author = {Kim, Tiffany Hyun-Jin and Huang, Lin-Shung and Perrig, Adrian and Jackson, Collin and Gligor, Virgil},
booktitle = {WWW '13 - Proceedings of the 22nd international conference on World Wide Web},
doi = {10.1145/2488388.2488448},
file = {:Users/tilman/Documents/Mendeley Desktop/Kim et al. - 2013 - Accountable Key Infrastructure (AKI) A Proposal for a Public-Key Validation Infrastructure.pdf:pdf},
isbn = {9781450320351},
keywords = {accountability,certificate validation,log servers,other approach,public,public-key infrastructure,ssl,tls,to review},
mendeley-tags = {other approach,to review},
pages = {679--690},
title = {{Accountable Key Infrastructure (AKI): A Proposal for a Public-Key Validation Infrastructure}},
year = {2013}
}
@article{Gustafsson2017,
abstract = {Many of today's web-based services rely heavily on secure end-to-end connections. The “trust” that these services require builds upon TLS/SSL. Unfortunately, TLS/SSL is highly vulnerable to com- promised Certificate Authorities (CAs) and the certificates they gener- ate. Certificate Transparency (CT) provides a way to monitor and audit certificates and certificate chains, to help improve the overall network security. Using an open standard, anybody can setup CT logs, monitors, and auditors. CT is already used by Google's Chrome browser for vali- dation of Extended Validation (EV) certificates, Mozilla is drafting their own CT policies to be enforced, and public CT logs have proven valu- able in identifying rogue certificates. In this paper we present the first large-scale characterization of the CT landscape. Our characterization uses both active and passive measurements and highlights similarities and differences in public CT logs, their usage, and the certificates they include. We also provide insights into how the certificates in these logs relate to the certificates and keys observed in regular web traffic. 1},
author = {Gustafsson, Josef and Overier, Gustaf and Arlitt, Martin and Carlsson, Niklas},
doi = {10.1007/978-3-319-54328-4_7},
file = {:Users/tilman/Documents/Mendeley Desktop/Gustafsson et al. - 2017 - A first look at the CT landscape Certificate transparency logs in practice.pdf:pdf},
isbn = {9783319543277},
issn = {16113349},
journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
keywords = {adoption},
mendeley-tags = {adoption},
pages = {87--99},
title = {{A first look at the CT landscape: Certificate transparency logs in practice}},
volume = {10176 LNCS},
year = {2017}
}
@misc{OBrien2018c,
author = {O'Brien, Devon},
booktitle = {Certificate Transparency Policy},
title = {{Certificate Transparency Enforcement in Chrome and CT Day in London}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/Qqr59r6yn1A/2t0bWblZBgAJ},
urldate = {2019-01-30},
year = {2018}
}
@article{RFC6962-bis,
author = {Laurie, B. and Langley, A. and Kasper, E. and Messeri, E. and Stradling, R.},
journal = {IETF Draft},
title = {{Certificate Transparency Version 2.0}},
url = {https://www.ietf.org/id/draft-ietf-trans-rfc6962-bis-30.txt},
year = {2018}
}
@misc{Markham2016,
author = {Markham, Gervase and Rowley, Jeremy and Stradling, Rob and Beattie, Doug and Barreira, I{\~{n}}igo and Aas, Josh and Salz, Richard and Ayer, Andrew and Fige, Patrick and Palmer, Matt and Sleevi, Ryan and Ritter, Tom},
booktitle = {Certificate Transparency Policy},
title = {{Discussion Thread “Mozilla CT Policy - significantly updated draft”}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/Xx1bv8r33ZE/G92XHS6gAAAJ},
urldate = {2019-01-30},
year = {2016}
}
@misc{Sleevi2016a,
author = {Sleevi, Ryan},
booktitle = {mozilla.dev.security.policy},
title = {{Comment on “Mozilla CT Policy”}},
url = {https://groups.google.com/d/msg/mozilla.dev.security.policy/VJYX1Wnnhiw/7NbhdhHHBgAJ},
urldate = {2019-01-30},
year = {2016}
}
@misc{Ayer2018b,
author = {Ayer, Andrew},
booktitle = {Andrew's Blog},
title = {{How will Certificate Transparency Logs be Audited in Practice?}},
url = {https://www.agwa.name/blog/post/how{\_}will{\_}certificate{\_}transparency{\_}logs{\_}be{\_}audited{\_}in{\_}practice},
urldate = {2019-01-30},
year = {2018}
}
@techreport{Sleevi2017,
author = {Sleevi, Ryan and Messeri, Eran},
file = {:Users/tilman/Documents/Mendeley Desktop/Sleevi, Messeri - 2017 - Certificate Transparency in Chrome Monitoring CT logs consistency.pdf:pdf},
institution = {Google},
title = {{Certificate Transparency in Chrome: Monitoring CT logs consistency}},
url = {https://docs.google.com/document/d/1FP5J5Sfsg0OR9P4YT0q1dM02iavhi8ix1mZlZe{\_}z-ls/edit},
year = {2017}
}
@misc{TheChromiumAuthors,
author = {{The Chromium Authors}},
title = {chromium / chromium / src.git / master / . / components / certificate{\_}transparency / features.cc},
url = {https://chromium.googlesource.com/chromium/src.git/+/master/components/certificate{\_}transparency/features.cc},
urldate = {2019-01-30}
}
@misc{Kalinnikov2018,
author = {Kalinnikov, Pavel},
booktitle = {Certificate Transparency Policy},
title = {{Mirrors for Symantec logs are now running}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/Nu13xFn6dcA/GEvL8y7nCAAJ},
urldate = {2019-01-30},
year = {2018}
}
@misc{Sullivan2018,
author = {Sullivan, Nick},
booktitle = {Cloudflare Blog},
title = {{Introducing Certificate Transparency and Nimbus}},
url = {https://blog.cloudflare.com/introducing-certificate-transparency-and-nimbus/},
urldate = {2019-01-30},
year = {2018}
}
@misc{Colon2018,
author = {Colon, David},
booktitle = {Certificate Transparency Policy},
title = {{Comment on “Sabre uptime below 99{\%}”}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/XOmpEaEBaJM/ub{\_}Tx9FDBAAJ},
urldate = {2019-01-30},
year = {2018}
}
@misc{Nair2018,
author = {Nair, Hari},
booktitle = {Certificate Transparency Policy},
title = {{[Inform] Announcing sunset of Venafi CT log server (ctlog-gen2.api.venafi.com)}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/zupHFW6JhiE/rKdB4eKpCwAJ},
urldate = {2019-01-30},
year = {2018}
}
@misc{OBrien2018a,
author = {O'Brien, Devon},
booktitle = {Chromium Bug Tracker},
title = {{Comment on “Issue 801624: DigiCert High Performance Log 2”}},
url = {https://crbug.com/801624{\#}c19},
urldate = {2019-01-30},
year = {2018}
}
@misc{Ayer2018,
author = {Ayer, Andrew},
booktitle = {Certificate Transparency Policy},
title = {{Comment on “Technical Enforcement of Certificate Expiry Range”}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/FNj7S4mbmi0/zLpA1C01AQAJ},
urldate = {2019-01-30},
year = {2018}
}
@misc{Ayer2018a,
author = {Ayer, Andrew},
booktitle = {Andrew's Blog},
title = {{These Three Companies Are Doing the Internet a Solid By Running Certificate Transparency Logs}},
url = {https://www.agwa.name/blog/post/these{\_}three{\_}companies{\_}are{\_}doing{\_}the{\_}internet{\_}a{\_}solid},
urldate = {2019-01-30},
year = {2018}
}
@misc{Bowen2018,
author = {Bowen, Peter},
booktitle = {Certificate Transparency Policy},
title = {{Comment on “Some question on the policy”}},
url = {https://groups.google.com/a/chromium.org/d/msg/ct-policy/I07{\_}gHba6wQ/KVLSDtmgAQAJ},
urldate = {2019-01-30},
year = {2018}
}
@misc{CTEcosystem,
author = {{SSL Mate Cert Spotter}},
title = {{Certificate Transparency Ecosystem}},
url = {https://sslmate.com/labs/ct{\_}ecosystem/ecosystem.html},
urldate = {2019-01-30}
}
@misc{Martin21122018,