| 1. |
- Cerenius, David, et al.
(författare)
-
Trust Issue(r)s: Certificate Revocation and Replacement Practices in the Wild
- 2024
-
Ingår i: Passive and Active Measurement. - Cham, Switzerland : Springer Nature. - 9783031562518 - 9783031562525 ; , s. 293-321
-
Konferensbidrag (refereegranskat)abstract
- Every time we use the web, we place our trust in X.509 certificates binding public keys to domain identities. However, for these certificates to be trustworthy, proper issuance, management, and timely revocations (in cases of compromise or misuse) are required. While great efforts have been placed on ensuring trustworthiness in the issuance of new certificates, there has been a scarcity of empirical studies on revocation management. This study offers the first comprehensive analysis of certificate replacements (CRs) of revoked certificates. It provides a head-to-head comparison of the CRs where the replaced certificate was revoked versus not revoked. Leveraging two existing datasets with overlapping timelines, we create a combined dataset containing 1.5 million CRs that we use to unveil valuable insights into the effect of revocations on certificate management. Two key questions guide our research: (1) the influence of revocations on certificate replacement behavior and (2) the effectiveness of revocations in fulfilling their intended purpose. Our statistical analysis reveals significant variations in revocation rates, retention rates, and post-revocation usage, shedding light on differences in Certificate Authorities' (CAs) practices and subscribers' decisions. Notably, a substantial percentage of revoked certificates were either observed or estimated to be used after revocation, raising concerns about key-compromise instances. Finally, our findings highlight shortcomings in existing revocation protocols and practices, emphasizing the need for improvements. We discuss ongoing efforts and potential solutions to address these issues, offering valuable guidance for enhancing the security and integrity of web communications.
|
|
| 2. |
- Abdel-Halim, Adam, et al.
(författare)
-
Temporal Analysis of X.509 Revocations and their Statuses
- 2022
-
Ingår i: 7TH IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW 2022). - : IEEE. - 9781665495608 ; , s. 258-265
-
Konferensbidrag (refereegranskat)abstract
- Despite the X509 public key infrastructure (PKI) being essential for ensuring the trust we place in our communication with web servers, the revocation of the trust placed in individual X509 certificates is neither transparent nor well-studied, leaving many unanswered questions. In this paper, we present a temporal analysis of 36 million certificates, whose revocation statuses we followed for 120 days since first being issued. We characterize the revocation rates of different certificate authorities (CAs) and how the rates change over the lifetime of the certificates. We identify and discuss several instances where the status changes from "revoked" to "good", "unauthorized" or "unknown", respectively, before the certificates expiry. This complements prior work that has observed such inconsistencies in some CAs behavior after expiry but also highlight a potentially more severe problem. Our results highlight heterogeneous revocation practices among the CAs.
|
|
| 3. |
|
|
| 4. |
- Arlitt, Martin, et al.
(författare)
-
Characterizing Intelligence Gathering and Control on an Edge Network
- 2011
-
Ingår i: ACM Transactions on Internet Technology. - : ASSOC COMPUTING MACHINERY, 2 PENN PLAZA, STE 701, NEW YORK, NY 10121-0701 USA. - 1533-5399 .- 1557-6051. ; 11:1
-
Tidskriftsartikel (refereegranskat)abstract
- here is a continuous struggle for control of resources at every organization that is connected to the Internet. The local organization wishes to use its resources to achieve strategic goals. Some external entities seek direct control of these resources, for purposes such as spamming or launching denial-of-service attacks. Other external entities seek indirect control of assets (e. g., users, finances), but provide services in exchange for them. less thanbrgreater than less thanbrgreater thanUsing a year-long trace from an edge network, we examine what various external organizations know about one organization. We compare the types of information exposed by or to external organizations using either active (reconnaissance) or passive (surveillance) techniques. We also explore the direct and indirect control external entities have on local IT resources.
|
|
| 5. |
|
|
| 6. |
- Arlitt, Martin, et al.
(författare)
-
Passive Crowd-based Monitoring of World Wide Web Infrastructure and its Performance
- 2012
-
Ingår i: Proc. IEEE International Conference on Communications (ICC 2012). - : IEEE. - 9781457720529 - 9781457720512 ; , s. 2689-2694
-
Konferensbidrag (refereegranskat)abstract
- The World Wide Web and the services it provides are continually evolving. Even for a single time instant, it is a complex task to methodologically determine the infrastructure over which these services are provided and the corresponding effect on user perceived performance. For such tasks, researchers typically rely on active measurements or large numbers of volunteer users. In this paper, we consider an alternative approach, which we refer to as passive crowd-based monitoring. More specifically, we use passively collected proxy logs from a global enterprise to observe differences in the quality of service (QoS) experienced by users on different continents. We also show how this technique can measure properties of the underlying infrastructures of different Web content providers. While some of these properties have been observed using active measurements, we are the first to show that many of these properties (such as location of servers) can be obtained using passive measurements of actual user activity. Passive crowd-based monitoring has the advantages that it does not add any overhead on Web infrastructure, it does not require any specific software on the clients, but still captures the performance and infrastructure observed by actual Web usage.
|
|
| 7. |
- Bruhner, Carl Magnus, 1988-, et al.
(författare)
-
Changing of the Guards: Certificate and Public Key Management on the Internet
- 2022
-
Ingår i: Passive and active measurement (PAM 2022). - Cham : Springer International Publishing. - 9783030987855 - 9783030987848 ; , s. 50-80
-
Konferensbidrag (refereegranskat)abstract
- Certificates are the foundation of secure communication over the internet. However, not all certificates are created and managed in a consistent manner and the certificate authorities (CAs) issuing certificates achieve different levels of trust. Furthermore, user trust in public keys, certificates, and CAs can quickly change. Combined with the expectation of 24/7 encrypted access to websites, this quickly evolving landscape has made careful certificate management both an important and challenging problem. In this paper, we first present a novel server-side characterization of the certificate replacement (CR) relationships in the wild, including the reuse of public keys. Our data-driven CR analysis captures management biases, highlights a lack of industry standards for replacement policies, and features successful example cases and trends. Based on the characterization results we then propose an efficient solution to an important revocation problem that currently leaves web users vulnerable long after a certificate has been revoked.
|
|
| 8. |
|
|
| 9. |
- Carlsson, Niklas, et al.
(författare)
-
Towards More Effective Utilization of Computer Systems
- 2011
-
Ingår i: Proc. ACM/SPEC International Conference on Performance Engineering (ICPE ’10), Karlsruhe, Germany, March 2011.. - New York, NY, USA : ACM. - 9781450305198 ; , s. 235-246
-
Konferensbidrag (refereegranskat)
|
|
| 10. |
- Gill, Phillipa, et al.
(författare)
-
Characterizing Organizational Use of Web-Based Services: Methodology, Challenges, Observations, and Insights
- 2011
-
Ingår i: ACM TRANSACTIONS ON THE WEB. - : Association for Computing Machinery (ACM). - 1559-1131 .- 1559-114X. ; 5:4
-
Tidskriftsartikel (refereegranskat)abstract
- Todays Web provides many different functionalities, including communication, entertainment, social networking, and information retrieval. In this article, we analyze traces of HTTP activity from a large enterprise and from a large university to identify and characterize Web-based service usage. Our work provides an initial methodology for the analysis of Web-based services. While it is nontrivial to identify the classes, instances, and providers for each transaction, our results show that most of the traffic comes from a small subset of providers, which can be classified manually. Furthermore, we assess both qualitatively and quantitatively how the Web has evolved over the past decade, and discuss the implications of these changes.
|
|
