Related papers: On the Interplay between TLS Certificates and QUIC…
Stateful Middleboxes are integral part of enterprise and campus networks that provide essential in-network, security, and value-added services. These stateful middleboxes rely on precise network flow identification. However, the adoption of…
Within a few years of its introduction, QUIC has gained traction: a significant chunk of traffic is now delivered over QUIC. The networking community is actively engaged in debating the fairness, performance, and applicability of QUIC for…
HTTPS is quickly rising alongside the need of Internet users to benefit from security and privacy when accessing the Web, and it becomes the predominant application protocol on the Internet. This migration towards a secure Web using HTTPS…
QUIC, as the transport layer of the next-generation Web stack (HTTP/3), natively provides security and performance improvements over TCP-based stacks. However, since QUIC provides end-to-end encryption for both data and packet headers,…
The use of TLS proxies to intercept encrypted traffic is controversial since the same mechanism can be used for both benevolent purposes, such as protecting against malware, and for malicious purposes, such as identity theft or warrantless…
Transport Layer Security (TLS) is the base for many Internet applications and services to achieve end-to-end security. In this paper, we provide guidance on how to measure TLS deployments, including X.509 certificates and Web PKI. We…
The QUIC transport protocol represents a significant evolution in web transport technologies, offering improved performance and reduced latency compared to traditional protocols like TCP. Given the growing number of QUIC implementations,…
The level of trust accorded to certification authorities has been decreasing over the last few years as several cases of misbehavior and compromise have been observed. Log-based approaches, such as Certificate Transparency, ensure that…
QUIC protocol is primarily designed to optimize web performance and security. However, previous research has pointed out that it is vulnerable to handshake flooding attacks. Attackers can send excessive volume of handshaking requests to…
The Transport Layer Security (TLS) protocol and its public-key infrastructure (PKI) are widely used in the Internet to achieve secure communication. Validating domain ownership by trusted certification authorities (CAs) is a critical step…
QUIC has rapidly evolved into a cornerstone transport protocol for secure, low-latency communications, yet its deployment continues to expose critical security and privacy vulnerabilities, particularly during connection establishment phases…
If two or more identical HTTPS clients, located at different geographic locations (regions), make an HTTPS request to the same domain (e.g. example.com), on the same day, will they receive the same HTTPS security guarantees in response? Our…
With the introduction of QUIC, a modern transport-layer network protocol, HTTP/3 leverages its benefits to enhance web content delivery. This paper proposes a mechanism based on the recently standardized Extensible Prioritization Scheme…
The ability to quickly revoke a compromised key is critical to the security of any public-key infrastructure. Regrettably, most traditional certificate revocation schemes suffer from latency, availability, or privacy problems. These…
This paper presents a practical solution to the problem of limited bandwidth in Quantum Key Distribution (QKD)- secured communication through using rapidly rekeyed Internet Protocol security (IPsec) links. QKD is a cutting-edge security…
In Software-Defined Networks (SDNs), the control plane and data plane communicate for various purposes, such as applying configurations and collecting statistical data. While various methods have been proposed to reduce the overhead and…
Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, in most cases they have benign causes (e.g., misconfiguration or even deliberate deployment). This adds fuzziness to the decision on whether to…
Quantum computing represents an emerging threat to the public key infrastructure underlying transport layer security (TLS) widely used in the Internet. This paper describes how QKD symmetric keys can be used with TLS to provide quantum…
While applications quickly evolve, Internet protocols do not follow the same pace. There are two root causes for this. First, extending protocol with cleartext control plane is usually hindered by various network devices such as…
Satellite broadband services are critical infrastructures enabling advanced technologies to function in the most remote regions of the globe. However, status-quo services are often unencrypted by default and vulnerable to eavesdropping…