English
Related papers

Related papers: An Empirical Analysis of HTTPS Configuration Secur…

200 papers

Default configuration of various software applications often neglects security objectives. We tested the default configuration of TLS in dozen web and application servers. The results show that "secure by default" principle should be…

Cryptography and Security · Computer Science 2017-08-28 Martin Stanek

The use of secure connections using HTTPS as the default means, or even the only means, to connect to web servers is increasing. It is being pushed from both sides: from the bottom up by client distributions and plugins, and from the top…

Networking and Internet Architecture · Computer Science 2017-06-12 George Michaelson , Matthew Roughan , Jonathan Tuke , Matt P. Wand , Randy Bush

As of today, TLS is the most commonly used protocol to protect communication content. To provide good security, it is of central importance, that administrators know how to configure their services correctly. For this purpose, services…

Human-Computer Interaction · Computer Science 2018-09-25 Christian Tiefenau , Emanuel von Zezschwitz

Most modern web browsers today sacrifice optimal TLS security for backward compatibility. They apply coarse-grained TLS configurations that support (by default) legacy versions of the protocol that have known design weaknesses, and weak…

Cryptography and Security · Computer Science 2018-09-18 Eman Salem Alashwali , Kasper Rasmussen

Most TLS clients such as modern web browsers enforce coarse-grained TLS security configurations. They support legacy versions of the protocol that have known design weaknesses, and weak ciphersuites that provide fewer security guarantees…

Cryptography and Security · Computer Science 2018-09-18 Eman Salem Alashwali , Pawel Szalachowski

If two or more identical HTTPS clients, located at different geographic locations (regions), make an HTTPS request to the same domain (e.g. example.com), on the same day, will they receive the same HTTPS security guarantees in response? Our…

Cryptography and Security · Computer Science 2020-10-21 Eman Salem Alashwali , Pawel Szalachowski , Andrew Martin

HTTPS is quickly rising alongside the need of Internet users to benefit from security and privacy when accessing the Web, and it becomes the predominant application protocol on the Internet. This migration towards a secure Web using HTTPS…

Cryptography and Security · Computer Science 2020-08-20 Wazen M. Shbair , Thibault Cholez , Jerome Francois , Isabelle Chrisment

The surge in website attacks, including Denial of Service (DoS), Cross-Site Scripting (XSS), and Clickjacking, underscores the critical need for robust HTTPS implementation-a practice that, alarmingly, remains inadequately adopted.…

Cryptography and Security · Computer Science 2024-10-22 Urvashi Kishnani , Sanchari Das

Experience shows that most researchers and developers tend to treat plain-domains (those that are not prefixed with "www" sub-domains, e.g. "example.com") as synonyms for their equivalent www-domains (those that are prefixed with "www"…

Cryptography and Security · Computer Science 2019-06-19 Eman Salem Alashwali , Pawel Szalachowski , Andrew Martin

Modern web browsers have effectively become the new operating system for business applications, yet their security posture is often under-scrutinized. This paper presents a novel, comprehensive Browser Security Posture Analysis…

Cryptography and Security · Computer Science 2025-05-14 Avihay Cohen

Organisations are upgrading their cryptographic infrastructure to become quantum safe before large scale quantum computers materialise. Post quantum cryptography (PQC) standards now exist for key exchange and digital signatures, but the…

Cryptography and Security · Computer Science 2026-05-19 Harish Balaji , Aarav Varshney , Prasanna Ravi , Sripal Jain , Robin Foe , Jorden Seet , Huaxiong Wang , Kwok-Yan Lam , Anupam Chattopadhyay

Securing cloud configurations is an elusive task, which is left up to system administrators who have to base their decisions on ``trial and error'' experimentations or by observing good practices (e.g., CIS Benchmarks). We propose a…

Cryptography and Security · Computer Science 2022-06-08 Francesco Minna , Fabio Massacci , Katja Tuma

Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, in most cases they have benign causes (e.g., misconfiguration or even deliberate deployment). This adds fuzziness to the decision on whether to…

Cryptography and Security · Computer Science 2022-07-26 Martin Ukrop , Lydia Kraus , Vashek Matyas

Revelations of large scale electronic surveillance and data mining by governments and corporations have fueled increased adoption of HTTPS. We present a traffic analysis attack against over 6000 webpages spanning the HTTPS deployments of 10…

Cryptography and Security · Computer Science 2014-03-04 Brad Miller , Ling Huang , A. D. Joseph , J. D. Tygar

Algorithmic complexity vulnerabilities are a class of security problems that enables attackers to trigger the worst-case complexity of certain algorithms. Such vulnerabilities can be leveraged to deploy low-volume, asymmetric, CPU-based…

Cryptography and Security · Computer Science 2022-11-22 Masudul Hasan Masud Bhuiyan , Cristian-Alexandru Staicu

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their…

Cryptography and Security · Computer Science 2016-10-19 Tobias Fiebig , Franziska Lichtblau , Florian Streibelt , Thorben Krueger , Pieter Lexis , Randy Bush , Anja Feldmann

A proper configuration of an information system can ensure accuracy and efficiency, among other system objectives. Conversely, a poor configuration can have a significant negative impact on the system's performance, reliability, and cost.…

Software Engineering · Computer Science 2022-06-06 Jörn Kuhlenkamp , Sebastian Werner , Chin Hong Tran , Stefan Tai

This document presents TLS and how to make it secure enough as of 2014 Spring. Of course all the information given here will rot with time. Protocols known as secure will be cracked and will be replaced with better versions. Fortunately we…

Cryptography and Security · Computer Science 2014-07-09 Emmanuel Dreyfus

Network traffic inspection, including TLS traffic, in enterprise environments is widely practiced. Reasons for doing so are primarily related to improving enterprise security (e.g., malware detection) and meeting legal requirements. To…

Cryptography and Security · Computer Science 2018-09-25 Louis Waked , Mohammad Mannan , Amr Youssef

Large language models (LLMs) are increasingly deployed through open-source and commercial frameworks, enabling individuals and organizations to self-host advanced LLM capabilities. As LLM deployments become prevalent, particularly in…

Cryptography and Security · Computer Science 2025-08-27 Xinyi Hou , Jiahao Han , Yanjie Zhao , Haoyu Wang
‹ Prev 1 2 3 10 Next ›