OpreaFlavia_TSC - Measurement and Analysis of Private Key...

Info icon This preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem Oprea Flavia Facultatea de Automatică și Calculatoare, UPB   [email protected] Abstract Keywords I. I NTRODUCTION II. S TATE OF THE ART III. R ELATED W ORK A. HTTPS Ecosystem – Measurements One of the first related works that have been done for the analysis of private key sharing in the HTTPS Ecosystem and for trying to better understand the SSL certificate ecosystem are various measurements of CAs, certificates they issued and client root stores [1, 2, 3, 4, 5]. For example, in this specific article [1] that studies the analysis of the HTTPS certificate ecosystem, 110 comprehensive scans of the IPv4 HTTPS ecosystem over a 14 month period have been done. The study shows that regular active scans provide detailed and temporally fine-grained visibility into this otherwise opaque area of security infrastructure. Another example is a public project [4] that includes a regular scan of IPv4 SSL services on TCP port 443 (HTTPS port). These datasets contain snapshots taken within a timeframe of maximum 8 hours each and show a focus on understanding the centralization of the set of CAs and the properties of client root stores. A third example is RFC 6962 [3] that describes an experimental protocol for publicly logging the existence of Transport Layer Security (TLS) certificates as they are issued or observed, in a manner that allows anyone to audit certificate authority (CA) activity and notice the issuance of suspect certificates as well as to audit the certificate logs themselves. The intent is that eventually clients would refuse to honor certificates that do not appear in a log, effectively forcing CAs to add all issued certificates to the logs. In this article [6] published in 2014, the authors perform a case study of deploying Convergence under realistic workloads with a university-wide trace of real-world HTTPS activity. By synthesizing Convergence requests, they effectively force perspectives-based verification on an entire university in simulation. They demonstrate that through local and server caching single Convergence deployment can meet the requirements of millions of SSL flows while imposing under 0.1 % network overhead and requiring as little as 108 ms to validate a certificate, making Convergence a worthwhile candidate for further deployment and adoption. All these examples have been developed more for the understanding and improving the SSL certificate ecosystem, by measuring the CAs, the certificates they issued and client root stores. The certificate transparency RFC 6962 [3] is simply a technique for improving the transparency and accountability of CAs by measuring the costs of HTTPS security as well as the alternate architectures to the current CA-based systems [6, 7, 8].
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern