English
Related papers

Related papers: Does "www." Mean Better Transport Layer Security?

200 papers

If two or more identical HTTPS clients, located at different geographic locations (regions), make an HTTPS request to the same domain (e.g. example.com), on the same day, will they receive the same HTTPS security guarantees in response? Our…

Cryptography and Security · Computer Science 2020-10-21 Eman Salem Alashwali , Pawel Szalachowski , Andrew Martin

Phishing attacks remain a persistent cybersecurity threat, and the widespread adoption of TLS certificates has unintentionally enabled malicious websites to appear trustworthy to users. This study examines whether certificate metadata and…

It is notoriously difficult to securely configure HTTPS, and poor server configurations have contributed to several attacks including the FREAK, Logjam, and POODLE attacks. In this work, we empirically evaluate the TLS security posture of…

Cryptography and Security · Computer Science 2021-11-02 Camelia Simoiu , Wilson Nguyen , Zakir Durumeric

Most modern web browsers today sacrifice optimal TLS security for backward compatibility. They apply coarse-grained TLS configurations that support (by default) legacy versions of the protocol that have known design weaknesses, and weak…

Cryptography and Security · Computer Science 2018-09-18 Eman Salem Alashwali , Kasper Rasmussen

In this paper, we revisit the performance of the QUIC connection setup and relate the design choices for fast and secure connections to common Web deployments. We analyze over 1M Web domains with 272k QUIC-enabled services and find two…

Networking and Internet Architecture · Computer Science 2023-02-03 Marcin Nawrocki , Pouyan Fotouhi Tehrani , Raphael Hiesgen , Jonas Mücke , Thomas C. Schmidt , Matthias Wählisch

HTTPS is quickly rising alongside the need of Internet users to benefit from security and privacy when accessing the Web, and it becomes the predominant application protocol on the Internet. This migration towards a secure Web using HTTPS…

Cryptography and Security · Computer Science 2020-08-20 Wazen M. Shbair , Thibault Cholez , Jerome Francois , Isabelle Chrisment

Web-fraud is one of the most unpleasant features of today's Internet. Two well-known examples of fraudulent activities on the web are phishing and typosquatting. Their effects range from relatively benign (such as unwanted ads) to downright…

Cryptography and Security · Computer Science 2015-03-13 Mishari Al Mishari , Emiliano De Cristofaro , Karim El Defrawy , Gene Tsudik

As Internet users have become more savvy about the potential for their Internet communication to be observed, the use of network traffic encryption technologies (e.g., HTTPS/TLS) is on the rise. However, even when encryption is enabled,…

Cryptography and Security · Computer Science 2020-07-09 Nguyen Phong Hoang , Arian Akhavan Niaki , Nikita Borisov , Phillipa Gill , Michalis Polychronakis

As of today, TLS is the most commonly used protocol to protect communication content. To provide good security, it is of central importance, that administrators know how to configure their services correctly. For this purpose, services…

Human-Computer Interaction · Computer Science 2018-09-25 Christian Tiefenau , Emanuel von Zezschwitz

Managed TLS has become a common approach for deploying HTTPS, with platforms generating and storing private keys and automating certificate issuance on behalf of domain operators. This model simplifies operational management but shifts…

Cryptography and Security · Computer Science 2025-12-09 Daniyal Ganiuly , Nurzhau Bolatbek , Assel Smaiyl

The surge in website attacks, including Denial of Service (DoS), Cross-Site Scripting (XSS), and Clickjacking, underscores the critical need for robust HTTPS implementation-a practice that, alarmingly, remains inadequately adopted.…

Cryptography and Security · Computer Science 2024-10-22 Urvashi Kishnani , Sanchari Das

Using a total of 4,774 hospitals categorized as government, non-profit, and proprietary hospitals, this study provides the first measurement-based analysis of hospitals' websites and connects the findings with data breaches through a…

Cryptography and Security · Computer Science 2023-04-27 Mohammed Alkinoon , Abdulrahman Alabduljabbar , Hattan Althebeiti , Rhongho Jang , DaeHun Nyang , David Mohaisen

The Domain Name System (DNS) is a core Internet service that translates domain names into IP addresses. It is a distributed database and protocol with many known weaknesses that subject to countless attacks including spoofing attacks,…

Cryptography and Security · Computer Science 2022-11-16 Alshaima Almarzooqi , Jawahir Mahmoud , Bayena Alzaabi , Arsiema Ghebremichael , Monther Aldwairi

Network traffic inspection, including TLS traffic, in enterprise environments is widely practiced. Reasons for doing so are primarily related to improving enterprise security (e.g., malware detection) and meeting legal requirements. To…

Cryptography and Security · Computer Science 2018-09-25 Louis Waked , Mohammad Mannan , Amr Youssef

Toll scams involve criminals registering fake domains that pretend to be legitimate transportation agencies to trick users into making fraudulent payments. Although these scams are rapidly increasing and causing significant harm, they have…

Cryptography and Security · Computer Science 2025-10-17 Morium Akter Munny , Mahbub Alam , Sonjoy Kumar Paul , Daniel Timko , Muhammad Lutfor Rahman , Nitesh Saxena

We present new analytic techniques for inferring HTTP semantics from passive observations of HTTPS that can infer the value of important fields including the status-code, Content-Type, and Server, and the presence or absence of several…

Cryptography and Security · Computer Science 2018-05-30 Blake Anderson , Andrew Chi , Scott Dunlop , David McGrew

Web browsers provide the security foundation for our online experiences. Significant research has been done into the security of browsers themselves, but relatively little investigation has been done into how they interact with the…

Cryptography and Security · Computer Science 2025-04-25 Dolière Francis Somé , Moaz Airan , Zakir Durumeric , Cristian-Alexandru Staicu

Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, in most cases they have benign causes (e.g., misconfiguration or even deliberate deployment). This adds fuzziness to the decision on whether to…

Cryptography and Security · Computer Science 2022-07-26 Martin Ukrop , Lydia Kraus , Vashek Matyas

In webpage fingerprinting, an on-path adversary infers the specific webpage loaded by a victim user by analysing the patterns in the encrypted TLS traffic exchanged between the user's browser and the website's servers. This work studies…

Cryptography and Security · Computer Science 2023-10-30 Vasilios Mavroudis , Jamie Hayes

Related-domain attackers control a sibling domain of their target web application, e.g., as the result of a subdomain takeover. Despite their additional power over traditional web attackers, related-domain attackers received only limited…

Cryptography and Security · Computer Science 2020-12-04 Marco Squarcina , Mauro Tempesta , Lorenzo Veronese , Stefano Calzavara , Matteo Maffei
‹ Prev 1 2 3 10 Next ›