Characterizing the HTTPS Trust Landscape: A Passive View from the Edge
Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS pr...
Ausführliche Beschreibung
Autor*in: |
Ouvrier, Gustaf [verfasserIn] |
---|
Format: |
Artikel |
---|---|
Sprache: |
Englisch |
Erschienen: |
2017 |
---|
Schlagwörter: |
---|
Übergeordnetes Werk: |
Enthalten in: IEEE communications magazine - New York, NY : IEEE, 1979, 55(2017), 7, Seite 36-42 |
---|---|
Übergeordnetes Werk: |
volume:55 ; year:2017 ; number:7 ; pages:36-42 |
Links: |
---|
DOI / URN: |
10.1109/MCOM.2017.1600981 |
---|
Katalog-ID: |
OLC1995858358 |
---|
LEADER | 01000caa a2200265 4500 | ||
---|---|---|---|
001 | OLC1995858358 | ||
003 | DE-627 | ||
005 | 20220221011045.0 | ||
007 | tu | ||
008 | 170901s2017 xx ||||| 00| ||eng c | ||
024 | 7 | |a 10.1109/MCOM.2017.1600981 |2 doi | |
028 | 5 | 2 | |a PQ20170901 |
035 | |a (DE-627)OLC1995858358 | ||
035 | |a (DE-599)GBVOLC1995858358 | ||
035 | |a (PRQ)g886-12dd6b245d63d69c8b191938b474d650b49a79ad0a8c089cba5b2d8a291d518f0 | ||
035 | |a (KEY)0033889320170000055000700036characterizingthehttpstrustlandscapeapassiveviewfr | ||
040 | |a DE-627 |b ger |c DE-627 |e rakwb | ||
041 | |a eng | ||
082 | 0 | 4 | |a 620 |q DE-600 |
084 | |a 53.70 |2 bkl | ||
084 | |a 53.00 |2 bkl | ||
100 | 1 | |a Ouvrier, Gustaf |e verfasserin |4 aut | |
245 | 1 | 0 | |a Characterizing the HTTPS Trust Landscape: A Passive View from the Edge |
264 | 1 | |c 2017 | |
336 | |a Text |b txt |2 rdacontent | ||
337 | |a ohne Hilfsmittel zu benutzen |b n |2 rdamedia | ||
338 | |a Band |b nc |2 rdacarrier | ||
520 | |a Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the "trust" relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties. | ||
650 | 4 | |a Mobile communication | |
650 | 4 | |a Browsers | |
650 | 4 | |a Ciphers | |
650 | 4 | |a Servers | |
650 | 4 | |a Internet | |
650 | 4 | |a Wireless communication systems | |
650 | 4 | |a Mobile communication systems | |
650 | 4 | |a Analysis | |
650 | 4 | |a Usage | |
700 | 1 | |a Laterman, Michel |4 oth | |
700 | 1 | |a Arlitt, Martin |4 oth | |
700 | 1 | |a Carlsson, Niklas |4 oth | |
773 | 0 | 8 | |i Enthalten in |t IEEE communications magazine |d New York, NY : IEEE, 1979 |g 55(2017), 7, Seite 36-42 |w (DE-627)12961632X |w (DE-600)244028-3 |w (DE-576)015114236 |x 0163-6804 |7 nnns |
773 | 1 | 8 | |g volume:55 |g year:2017 |g number:7 |g pages:36-42 |
856 | 4 | 1 | |u http://dx.doi.org/10.1109/MCOM.2017.1600981 |3 Volltext |
856 | 4 | 2 | |u http://ieeexplore.ieee.org/document/7981521 |
912 | |a GBV_USEFLAG_A | ||
912 | |a SYSFLAG_A | ||
912 | |a GBV_OLC | ||
912 | |a SSG-OLC-TEC | ||
912 | |a SSG-OLC-MKW | ||
912 | |a GBV_ILN_70 | ||
912 | |a GBV_ILN_2014 | ||
912 | |a GBV_ILN_2016 | ||
912 | |a GBV_ILN_2111 | ||
936 | b | k | |a 53.70 |q AVZ |
936 | b | k | |a 53.00 |q AVZ |
951 | |a AR | ||
952 | |d 55 |j 2017 |e 7 |h 36-42 |
author_variant |
g o go |
---|---|
matchkey_str |
article:01636804:2017----::hrceiighhtsrslnsaepsi |
hierarchy_sort_str |
2017 |
bklnumber |
53.70 53.00 |
publishDate |
2017 |
allfields |
10.1109/MCOM.2017.1600981 doi PQ20170901 (DE-627)OLC1995858358 (DE-599)GBVOLC1995858358 (PRQ)g886-12dd6b245d63d69c8b191938b474d650b49a79ad0a8c089cba5b2d8a291d518f0 (KEY)0033889320170000055000700036characterizingthehttpstrustlandscapeapassiveviewfr DE-627 ger DE-627 rakwb eng 620 DE-600 53.70 bkl 53.00 bkl Ouvrier, Gustaf verfasserin aut Characterizing the HTTPS Trust Landscape: A Passive View from the Edge 2017 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the "trust" relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties. Mobile communication Browsers Ciphers Servers Internet Wireless communication systems Mobile communication systems Analysis Usage Laterman, Michel oth Arlitt, Martin oth Carlsson, Niklas oth Enthalten in IEEE communications magazine New York, NY : IEEE, 1979 55(2017), 7, Seite 36-42 (DE-627)12961632X (DE-600)244028-3 (DE-576)015114236 0163-6804 nnns volume:55 year:2017 number:7 pages:36-42 http://dx.doi.org/10.1109/MCOM.2017.1600981 Volltext http://ieeexplore.ieee.org/document/7981521 GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-TEC SSG-OLC-MKW GBV_ILN_70 GBV_ILN_2014 GBV_ILN_2016 GBV_ILN_2111 53.70 AVZ 53.00 AVZ AR 55 2017 7 36-42 |
spelling |
10.1109/MCOM.2017.1600981 doi PQ20170901 (DE-627)OLC1995858358 (DE-599)GBVOLC1995858358 (PRQ)g886-12dd6b245d63d69c8b191938b474d650b49a79ad0a8c089cba5b2d8a291d518f0 (KEY)0033889320170000055000700036characterizingthehttpstrustlandscapeapassiveviewfr DE-627 ger DE-627 rakwb eng 620 DE-600 53.70 bkl 53.00 bkl Ouvrier, Gustaf verfasserin aut Characterizing the HTTPS Trust Landscape: A Passive View from the Edge 2017 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the "trust" relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties. Mobile communication Browsers Ciphers Servers Internet Wireless communication systems Mobile communication systems Analysis Usage Laterman, Michel oth Arlitt, Martin oth Carlsson, Niklas oth Enthalten in IEEE communications magazine New York, NY : IEEE, 1979 55(2017), 7, Seite 36-42 (DE-627)12961632X (DE-600)244028-3 (DE-576)015114236 0163-6804 nnns volume:55 year:2017 number:7 pages:36-42 http://dx.doi.org/10.1109/MCOM.2017.1600981 Volltext http://ieeexplore.ieee.org/document/7981521 GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-TEC SSG-OLC-MKW GBV_ILN_70 GBV_ILN_2014 GBV_ILN_2016 GBV_ILN_2111 53.70 AVZ 53.00 AVZ AR 55 2017 7 36-42 |
allfields_unstemmed |
10.1109/MCOM.2017.1600981 doi PQ20170901 (DE-627)OLC1995858358 (DE-599)GBVOLC1995858358 (PRQ)g886-12dd6b245d63d69c8b191938b474d650b49a79ad0a8c089cba5b2d8a291d518f0 (KEY)0033889320170000055000700036characterizingthehttpstrustlandscapeapassiveviewfr DE-627 ger DE-627 rakwb eng 620 DE-600 53.70 bkl 53.00 bkl Ouvrier, Gustaf verfasserin aut Characterizing the HTTPS Trust Landscape: A Passive View from the Edge 2017 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the "trust" relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties. Mobile communication Browsers Ciphers Servers Internet Wireless communication systems Mobile communication systems Analysis Usage Laterman, Michel oth Arlitt, Martin oth Carlsson, Niklas oth Enthalten in IEEE communications magazine New York, NY : IEEE, 1979 55(2017), 7, Seite 36-42 (DE-627)12961632X (DE-600)244028-3 (DE-576)015114236 0163-6804 nnns volume:55 year:2017 number:7 pages:36-42 http://dx.doi.org/10.1109/MCOM.2017.1600981 Volltext http://ieeexplore.ieee.org/document/7981521 GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-TEC SSG-OLC-MKW GBV_ILN_70 GBV_ILN_2014 GBV_ILN_2016 GBV_ILN_2111 53.70 AVZ 53.00 AVZ AR 55 2017 7 36-42 |
allfieldsGer |
10.1109/MCOM.2017.1600981 doi PQ20170901 (DE-627)OLC1995858358 (DE-599)GBVOLC1995858358 (PRQ)g886-12dd6b245d63d69c8b191938b474d650b49a79ad0a8c089cba5b2d8a291d518f0 (KEY)0033889320170000055000700036characterizingthehttpstrustlandscapeapassiveviewfr DE-627 ger DE-627 rakwb eng 620 DE-600 53.70 bkl 53.00 bkl Ouvrier, Gustaf verfasserin aut Characterizing the HTTPS Trust Landscape: A Passive View from the Edge 2017 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the "trust" relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties. Mobile communication Browsers Ciphers Servers Internet Wireless communication systems Mobile communication systems Analysis Usage Laterman, Michel oth Arlitt, Martin oth Carlsson, Niklas oth Enthalten in IEEE communications magazine New York, NY : IEEE, 1979 55(2017), 7, Seite 36-42 (DE-627)12961632X (DE-600)244028-3 (DE-576)015114236 0163-6804 nnns volume:55 year:2017 number:7 pages:36-42 http://dx.doi.org/10.1109/MCOM.2017.1600981 Volltext http://ieeexplore.ieee.org/document/7981521 GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-TEC SSG-OLC-MKW GBV_ILN_70 GBV_ILN_2014 GBV_ILN_2016 GBV_ILN_2111 53.70 AVZ 53.00 AVZ AR 55 2017 7 36-42 |
allfieldsSound |
10.1109/MCOM.2017.1600981 doi PQ20170901 (DE-627)OLC1995858358 (DE-599)GBVOLC1995858358 (PRQ)g886-12dd6b245d63d69c8b191938b474d650b49a79ad0a8c089cba5b2d8a291d518f0 (KEY)0033889320170000055000700036characterizingthehttpstrustlandscapeapassiveviewfr DE-627 ger DE-627 rakwb eng 620 DE-600 53.70 bkl 53.00 bkl Ouvrier, Gustaf verfasserin aut Characterizing the HTTPS Trust Landscape: A Passive View from the Edge 2017 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the "trust" relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties. Mobile communication Browsers Ciphers Servers Internet Wireless communication systems Mobile communication systems Analysis Usage Laterman, Michel oth Arlitt, Martin oth Carlsson, Niklas oth Enthalten in IEEE communications magazine New York, NY : IEEE, 1979 55(2017), 7, Seite 36-42 (DE-627)12961632X (DE-600)244028-3 (DE-576)015114236 0163-6804 nnns volume:55 year:2017 number:7 pages:36-42 http://dx.doi.org/10.1109/MCOM.2017.1600981 Volltext http://ieeexplore.ieee.org/document/7981521 GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-TEC SSG-OLC-MKW GBV_ILN_70 GBV_ILN_2014 GBV_ILN_2016 GBV_ILN_2111 53.70 AVZ 53.00 AVZ AR 55 2017 7 36-42 |
language |
English |
source |
Enthalten in IEEE communications magazine 55(2017), 7, Seite 36-42 volume:55 year:2017 number:7 pages:36-42 |
sourceStr |
Enthalten in IEEE communications magazine 55(2017), 7, Seite 36-42 volume:55 year:2017 number:7 pages:36-42 |
format_phy_str_mv |
Article |
institution |
findex.gbv.de |
topic_facet |
Mobile communication Browsers Ciphers Servers Internet Wireless communication systems Mobile communication systems Analysis Usage |
dewey-raw |
620 |
isfreeaccess_bool |
false |
container_title |
IEEE communications magazine |
authorswithroles_txt_mv |
Ouvrier, Gustaf @@aut@@ Laterman, Michel @@oth@@ Arlitt, Martin @@oth@@ Carlsson, Niklas @@oth@@ |
publishDateDaySort_date |
2017-01-01T00:00:00Z |
hierarchy_top_id |
12961632X |
dewey-sort |
3620 |
id |
OLC1995858358 |
language_de |
englisch |
fullrecord |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000caa a2200265 4500</leader><controlfield tag="001">OLC1995858358</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20220221011045.0</controlfield><controlfield tag="007">tu</controlfield><controlfield tag="008">170901s2017 xx ||||| 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1109/MCOM.2017.1600981</subfield><subfield code="2">doi</subfield></datafield><datafield tag="028" ind1="5" ind2="2"><subfield code="a">PQ20170901</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)OLC1995858358</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)GBVOLC1995858358</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(PRQ)g886-12dd6b245d63d69c8b191938b474d650b49a79ad0a8c089cba5b2d8a291d518f0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(KEY)0033889320170000055000700036characterizingthehttpstrustlandscapeapassiveviewfr</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2="4"><subfield code="a">620</subfield><subfield code="q">DE-600</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">53.70</subfield><subfield code="2">bkl</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">53.00</subfield><subfield code="2">bkl</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Ouvrier, Gustaf</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Characterizing the HTTPS Trust Landscape: A Passive View from the Edge</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2017</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">ohne Hilfsmittel zu benutzen</subfield><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Band</subfield><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the "trust" relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Mobile communication</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Browsers</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Ciphers</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Servers</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Internet</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Wireless communication systems</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Mobile communication systems</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Analysis</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Usage</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Laterman, Michel</subfield><subfield code="4">oth</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Arlitt, Martin</subfield><subfield code="4">oth</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Carlsson, Niklas</subfield><subfield code="4">oth</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">Enthalten in</subfield><subfield code="t">IEEE communications magazine</subfield><subfield code="d">New York, NY : IEEE, 1979</subfield><subfield code="g">55(2017), 7, Seite 36-42</subfield><subfield code="w">(DE-627)12961632X</subfield><subfield code="w">(DE-600)244028-3</subfield><subfield code="w">(DE-576)015114236</subfield><subfield code="x">0163-6804</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:55</subfield><subfield code="g">year:2017</subfield><subfield code="g">number:7</subfield><subfield code="g">pages:36-42</subfield></datafield><datafield tag="856" ind1="4" ind2="1"><subfield code="u">http://dx.doi.org/10.1109/MCOM.2017.1600981</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="u">http://ieeexplore.ieee.org/document/7981521</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_OLC</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SSG-OLC-TEC</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SSG-OLC-MKW</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2014</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2016</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2111</subfield></datafield><datafield tag="936" ind1="b" ind2="k"><subfield code="a">53.70</subfield><subfield code="q">AVZ</subfield></datafield><datafield tag="936" ind1="b" ind2="k"><subfield code="a">53.00</subfield><subfield code="q">AVZ</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">55</subfield><subfield code="j">2017</subfield><subfield code="e">7</subfield><subfield code="h">36-42</subfield></datafield></record></collection>
|
author |
Ouvrier, Gustaf |
spellingShingle |
Ouvrier, Gustaf ddc 620 bkl 53.70 bkl 53.00 misc Mobile communication misc Browsers misc Ciphers misc Servers misc Internet misc Wireless communication systems misc Mobile communication systems misc Analysis misc Usage Characterizing the HTTPS Trust Landscape: A Passive View from the Edge |
authorStr |
Ouvrier, Gustaf |
ppnlink_with_tag_str_mv |
@@773@@(DE-627)12961632X |
format |
Article |
dewey-ones |
620 - Engineering & allied operations |
delete_txt_mv |
keep |
author_role |
aut |
collection |
OLC |
remote_str |
false |
illustrated |
Not Illustrated |
issn |
0163-6804 |
topic_title |
620 DE-600 53.70 bkl 53.00 bkl Characterizing the HTTPS Trust Landscape: A Passive View from the Edge Mobile communication Browsers Ciphers Servers Internet Wireless communication systems Mobile communication systems Analysis Usage |
topic |
ddc 620 bkl 53.70 bkl 53.00 misc Mobile communication misc Browsers misc Ciphers misc Servers misc Internet misc Wireless communication systems misc Mobile communication systems misc Analysis misc Usage |
topic_unstemmed |
ddc 620 bkl 53.70 bkl 53.00 misc Mobile communication misc Browsers misc Ciphers misc Servers misc Internet misc Wireless communication systems misc Mobile communication systems misc Analysis misc Usage |
topic_browse |
ddc 620 bkl 53.70 bkl 53.00 misc Mobile communication misc Browsers misc Ciphers misc Servers misc Internet misc Wireless communication systems misc Mobile communication systems misc Analysis misc Usage |
format_facet |
Aufsätze Gedruckte Aufsätze |
format_main_str_mv |
Text Zeitschrift/Artikel |
carriertype_str_mv |
nc |
author2_variant |
m l ml m a ma n c nc |
hierarchy_parent_title |
IEEE communications magazine |
hierarchy_parent_id |
12961632X |
dewey-tens |
620 - Engineering |
hierarchy_top_title |
IEEE communications magazine |
isfreeaccess_txt |
false |
familylinks_str_mv |
(DE-627)12961632X (DE-600)244028-3 (DE-576)015114236 |
title |
Characterizing the HTTPS Trust Landscape: A Passive View from the Edge |
ctrlnum |
(DE-627)OLC1995858358 (DE-599)GBVOLC1995858358 (PRQ)g886-12dd6b245d63d69c8b191938b474d650b49a79ad0a8c089cba5b2d8a291d518f0 (KEY)0033889320170000055000700036characterizingthehttpstrustlandscapeapassiveviewfr |
title_full |
Characterizing the HTTPS Trust Landscape: A Passive View from the Edge |
author_sort |
Ouvrier, Gustaf |
journal |
IEEE communications magazine |
journalStr |
IEEE communications magazine |
lang_code |
eng |
isOA_bool |
false |
dewey-hundreds |
600 - Technology |
recordtype |
marc |
publishDateSort |
2017 |
contenttype_str_mv |
txt |
container_start_page |
36 |
author_browse |
Ouvrier, Gustaf |
container_volume |
55 |
class |
620 DE-600 53.70 bkl 53.00 bkl |
format_se |
Aufsätze |
author-letter |
Ouvrier, Gustaf |
doi_str_mv |
10.1109/MCOM.2017.1600981 |
dewey-full |
620 |
title_sort |
characterizing the https trust landscape: a passive view from the edge |
title_auth |
Characterizing the HTTPS Trust Landscape: A Passive View from the Edge |
abstract |
Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the "trust" relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties. |
abstractGer |
Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the "trust" relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties. |
abstract_unstemmed |
Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the "trust" relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties. |
collection_details |
GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-TEC SSG-OLC-MKW GBV_ILN_70 GBV_ILN_2014 GBV_ILN_2016 GBV_ILN_2111 |
container_issue |
7 |
title_short |
Characterizing the HTTPS Trust Landscape: A Passive View from the Edge |
url |
http://dx.doi.org/10.1109/MCOM.2017.1600981 http://ieeexplore.ieee.org/document/7981521 |
remote_bool |
false |
author2 |
Laterman, Michel Arlitt, Martin Carlsson, Niklas |
author2Str |
Laterman, Michel Arlitt, Martin Carlsson, Niklas |
ppnlink |
12961632X |
mediatype_str_mv |
n |
isOA_txt |
false |
hochschulschrift_bool |
false |
author2_role |
oth oth oth |
doi_str |
10.1109/MCOM.2017.1600981 |
up_date |
2024-07-03T22:58:47.065Z |
_version_ |
1803600555742855169 |
fullrecord_marcxml |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000caa a2200265 4500</leader><controlfield tag="001">OLC1995858358</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20220221011045.0</controlfield><controlfield tag="007">tu</controlfield><controlfield tag="008">170901s2017 xx ||||| 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1109/MCOM.2017.1600981</subfield><subfield code="2">doi</subfield></datafield><datafield tag="028" ind1="5" ind2="2"><subfield code="a">PQ20170901</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)OLC1995858358</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)GBVOLC1995858358</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(PRQ)g886-12dd6b245d63d69c8b191938b474d650b49a79ad0a8c089cba5b2d8a291d518f0</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(KEY)0033889320170000055000700036characterizingthehttpstrustlandscapeapassiveviewfr</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2="4"><subfield code="a">620</subfield><subfield code="q">DE-600</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">53.70</subfield><subfield code="2">bkl</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">53.00</subfield><subfield code="2">bkl</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Ouvrier, Gustaf</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Characterizing the HTTPS Trust Landscape: A Passive View from the Edge</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2017</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">ohne Hilfsmittel zu benutzen</subfield><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Band</subfield><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the "trust" relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Mobile communication</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Browsers</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Ciphers</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Servers</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Internet</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Wireless communication systems</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Mobile communication systems</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Analysis</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Usage</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Laterman, Michel</subfield><subfield code="4">oth</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Arlitt, Martin</subfield><subfield code="4">oth</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Carlsson, Niklas</subfield><subfield code="4">oth</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">Enthalten in</subfield><subfield code="t">IEEE communications magazine</subfield><subfield code="d">New York, NY : IEEE, 1979</subfield><subfield code="g">55(2017), 7, Seite 36-42</subfield><subfield code="w">(DE-627)12961632X</subfield><subfield code="w">(DE-600)244028-3</subfield><subfield code="w">(DE-576)015114236</subfield><subfield code="x">0163-6804</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:55</subfield><subfield code="g">year:2017</subfield><subfield code="g">number:7</subfield><subfield code="g">pages:36-42</subfield></datafield><datafield tag="856" ind1="4" ind2="1"><subfield code="u">http://dx.doi.org/10.1109/MCOM.2017.1600981</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="u">http://ieeexplore.ieee.org/document/7981521</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_OLC</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SSG-OLC-TEC</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SSG-OLC-MKW</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2014</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2016</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2111</subfield></datafield><datafield tag="936" ind1="b" ind2="k"><subfield code="a">53.70</subfield><subfield code="q">AVZ</subfield></datafield><datafield tag="936" ind1="b" ind2="k"><subfield code="a">53.00</subfield><subfield code="q">AVZ</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">55</subfield><subfield code="j">2017</subfield><subfield code="e">7</subfield><subfield code="h">36-42</subfield></datafield></record></collection>
|
score |
7.3982735 |