Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Characterizing the HTTPS Trust Landscape: A Passive View from the Edge
Linköping University, Faculty of Science & Engineering.
SAP, Germany.
University of Calgary, Canada.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
2017 (English)In: IEEE Communications Magazine, ISSN 0163-6804, E-ISSN 1558-1896, Vol. 55, no 7, 36-42 p.Article in journal (Refereed) Published
Abstract [en]

Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the trust relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2017. Vol. 55, no 7, 36-42 p.
National Category
Human Aspects of ICT
Identifiers
URN: urn:nbn:se:liu:diva-139568DOI: 10.1109/MCOM.2017.1600981ISI: 000405724800006OAI: oai:DiVA.org:liu-139568DiVA: diva2:1130080
Available from: 2017-08-08 Created: 2017-08-08 Last updated: 2017-09-15Bibliographically approved

Open Access in DiVA

fulltext(346 kB)17 downloads
File information
File name FULLTEXT01.pdfFile size 346 kBChecksum SHA-512
514a49d38f082a7b6030b7589d8e645e470e41c449a6442cda71e437e1266d5a022a2f5109e7b729d3d1a23f445e2501bfc027af6b5c4d6856de258bb05198fe
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Search in DiVA

By author/editor
Ouvrier, GustafCarlsson, Niklas
By organisation
Faculty of Science & EngineeringDatabase and information techniques
In the same journal
IEEE Communications Magazine
Human Aspects of ICT

Search outside of DiVA

GoogleGoogle Scholar
Total: 17 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 109 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf