2013
DOI: 10.2139/ssrn.2277806
|View full text |Cite
|
Sign up to set email alerts
|

Security Economics in the HTTPS Value Chain

Abstract: Abstract. Even though we increasingly rely on HTTPS to secure Internet communications, several landmark incidents in recent years have illustrated that its security is deeply flawed. We present an extensive multi-disciplinary analysis that examines how the systemic vulnerabilities of the HTTPS authentication model could be addressed. We conceptualize the security issues from the perspective of the HTTPS value chain. We then discuss the breaches at several Certificate Authorities (CAs). Next, we explore the sec… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
17
0

Year Published

2013
2013
2024
2024

Publication Types

Select...
3
3
1

Relationship

0
7

Authors

Journals

citations
Cited by 18 publications
(18 citation statements)
references
References 3 publications
0
17
0
Order By: Relevance
“…To illustrate this, Table I shows the fraction of sessions associated with different browser versions. Here, the latest officially released [8]. Although our dataset includes 750 authority certificates, we find that the vast majority of non-self-signed leaf certificates are issued by only a handful of organizations.…”
Section: Trust Relationship Analysismentioning
confidence: 99%
See 1 more Smart Citation
“…To illustrate this, Table I shows the fraction of sessions associated with different browser versions. Here, the latest officially released [8]. Although our dataset includes 750 authority certificates, we find that the vast majority of non-self-signed leaf certificates are issued by only a handful of organizations.…”
Section: Trust Relationship Analysismentioning
confidence: 99%
“…The top-five organizations signing leaf certificates are Comodo CA Limited (with 22.9% of the sessions), Go Daddy (18.1%), GeoTrust (16.3%), DigiCert (9.4%), GlobalSign (6.8%). Part of this skew is due to rich-get-richer effects as buyers often select popular CAs as these may be less likely to be removed from root stores [8].…”
Section: Trust Relationship Analysismentioning
confidence: 99%
“…Customers would be forced to choose dominant incumbents, as they are likely to remain in service, over new entrants and smaller providers. This is seen in the certification industry, which is extremely concentrated [52]. Technically getting website certificate from a smaller certification authority is the same as getting one from a dominant market player.…”
Section: B Case Study 2: Botnet Takedownsmentioning
confidence: 99%
“…A discussion of the negative effects of market monopolies is beyond the scope of this paper. However, Asghari et al [52] note that even when certain certification authorities provide certificates for free, their services are not adopted in the market.…”
Section: B Case Study 2: Botnet Takedownsmentioning
confidence: 99%
“…al. [AEAE13] offer an interesting perspective on improving SSL/TLS flaws in HTTPS protocol through the analysis of a potential market for such certificates. Based on their findings, they propose a combination of regulatory response and targeted economic incentives to modify HTTPS design.…”
Section: Economic Impact Of Adverse Eventsmentioning
confidence: 99%