liu.seSök publikationer i DiVA
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Characterizing the HTTPS Trust Landscape: A Passive View from the Edge
Linköpings universitet, Tekniska fakulteten.
SAP, Germany.
University of Calgary, Canada.
Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska fakulteten.
2017 (Engelska)Ingår i: IEEE Communications Magazine, ISSN 0163-6804, E-ISSN 1558-1896, Vol. 55, nr 7, s. 36-42Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the trust relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties.

Ort, förlag, år, upplaga, sidor
Institute of Electrical and Electronics Engineers (IEEE), 2017. Vol. 55, nr 7, s. 36-42
Nationell ämneskategori
Mänsklig interaktion med IKT
Identifikatorer
URN: urn:nbn:se:liu:diva-139568DOI: 10.1109/MCOM.2017.1600981ISI: 000405724800006OAI: oai:DiVA.org:liu-139568DiVA, id: diva2:1130080
Tillgänglig från: 2017-08-08 Skapad: 2017-08-08 Senast uppdaterad: 2018-03-27Bibliografiskt granskad

Open Access i DiVA

fulltext(346 kB)122 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 346 kBChecksumma SHA-512
514a49d38f082a7b6030b7589d8e645e470e41c449a6442cda71e437e1266d5a022a2f5109e7b729d3d1a23f445e2501bfc027af6b5c4d6856de258bb05198fe
Typ fulltextMimetyp application/pdf

Övriga länkar

Förlagets fulltext

Sök vidare i DiVA

Av författaren/redaktören
Carlsson, Niklas
Av organisationen
Tekniska fakultetenDatabas och informationsteknik
I samma tidskrift
IEEE Communications Magazine
Mänsklig interaktion med IKT

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 122 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

doi
urn-nbn

Altmetricpoäng

doi
urn-nbn
Totalt: 320 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf