Exploring the Evolution of the TLS Certificate Ecosystem
| dc.contributor.author | Farhan, Syed Muhammad | en |
| dc.contributor.committeechair | Chung, Taejoong Tijay | en |
| dc.contributor.committeemember | Gulzar, Muhammad Ali | en |
| dc.contributor.committeemember | Viswanath, Bimal | en |
| dc.contributor.department | Computer Science | en |
| dc.date.accessioned | 2022-06-02T08:01:04Z | en |
| dc.date.available | 2022-06-02T08:01:04Z | en |
| dc.date.issued | 2022-06-01 | en |
| dc.description.abstract | A vast majority of popular communication protocols for the internet employ the use of TLS (Transport Layer Security) to secure communication. As a result, there have been numerous efforts including the introduction of Certificate Transparency logs and Free Automated CAs to improve the SSL certificate ecosystem. Our work highlights the effectiveness of these efforts using the Certificate Transparency dataset as well as certificates collected via full IPv4 scans. We show that a large proportion of invalid certificates still exists and outline reasons why these certificates are invalid and where they are hosted. Moreover, we show that the incorrect use of template certificates has led to incorrect SCTs being embedded in the certificates. Taken together, our results emphasize continued involvement for the research community to improve the web's PKI ecosystem. | en |
| dc.description.abstractgeneral | Security and Privacy for communication over the internet is increasingly important. TLS (Transport Layer Security) is the most popular protocol used to secure communications over the internet today. This work explores how this protocol has evolved over the past 9 years and how effective the measures undertaken by the community have been to improve the adherence to best practices in the wild. TLS employs the use of certificates to initialize secure communication and make sure the other party is indeed who they say they are. We show that while security has improved over the years, a majority of certificates are invalid and outline reasons why. We also observe the growth of Certificate Transparency logs and show how the use of template certificates cause unexpected issues. Taken together, our results emphasize a continued involvement for the research community to improve the TLS certificate ecosystem. | en |
| dc.description.degree | Master of Science | en |
| dc.format.medium | ETD | en |
| dc.identifier.other | vt_gsexam:34689 | en |
| dc.identifier.uri | http://hdl.handle.net/10919/110403 | en |
| dc.language.iso | en | en |
| dc.publisher | Virginia Tech | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | Security | en |
| dc.subject | TLS | en |
| dc.subject | Certificates | en |
| dc.subject | Network Security | en |
| dc.subject | Cryptography | en |
| dc.subject | Public Key Cryptography | en |
| dc.subject | Web Security Protocol | en |
| dc.subject | Measurement | en |
| dc.title | Exploring the Evolution of the TLS Certificate Ecosystem | en |
| dc.type | Thesis | en |
| thesis.degree.discipline | Computer Science and Applications | en |
| thesis.degree.grantor | Virginia Polytechnic Institute and State University | en |
| thesis.degree.level | masters | en |
| thesis.degree.name | Master of Science | en |
Files
Original bundle
1 - 1 of 1