Cited By
View all- Cevallos-Salas DEstrada-Jiménez JGuamán D(2024)Application layer security for Internet communicationsComputers and Electrical Engineering10.1016/j.compeleceng.2024.109498119:PAOnline publication date: 1-Oct-2024
A Survey on X.509 Public-Key Infrastructure, Certificate Revocation, and Their Modern Implementation on Blockchain and Ledger Technologies
Authors: 
Salabat Khan, Fei Luo, Zijian Zhang, Farhan Ullah, Farhan Amin, Syed Furqan Qadri, Md Belal Bin Heyat, Rukhsana Ruby, Lu Wang, Shamsher Ullah, Meng Li, Victor C. M. Leung, Kaishun WuAuthors Info & Claims
Salabat Khan, Fei Luo, Zijian Zhang, Farhan Ullah, Farhan Amin, Syed Furqan Qadri, Md Belal Bin Heyat, Rukhsana Ruby, Lu Wang, Shamsher Ullah, Meng Li, Victor C. M. Leung, Kaishun WuAuthors Info & ClaimsPages 2529 - 2568
Abstract
Cyber-attacks are becoming more common against Internet users due to the increasing dependency on online communication in their daily lives. X.509 Public-Key Infrastructure (PKIX) is the most widely adopted and used system to secure online communications and digital identities. However, different attack vectors exist against the PKIX system, which attackers exploit to breach the security of the reliant protocols. Recently, various projects (e.g., Let’s Encrypt and Google Certificate Transparency) have been started to encrypt online communications, fix PKIX vulnerabilities, and guard Internet users against cyber-attacks. This survey focuses on classical PKIX proposals, certificate revocation proposals, and their implementation on blockchain as well as ledger technologies. First, we discuss the PKIX architecture, the history of the World Wide Web, the certificate issuance process, and possible attacks on the certificate issuance process. Second, a taxonomy of PKIX proposals, revocation proposals, and their modern implementation is provided. Then, a set of evaluation metrics is defined for comparison. Finally, the leading proposals are compared using 15 evaluation metrics and 13 cyber-attacks before presenting the lessons learned and suggesting future PKIX and revocation research.
References
[1]
“Digital 2022: April global statshot report.” Accessed: Jun. 30, 2022. [Online]. Available: https://datareportal.com/reports/digital-2022-april-global-statshot
[2]
“Vulnerability and threat trends report 2022.” Accessed: Jun. 30, 2022. [Online]. Available: https://www.skyboxsecurity.com/resources/report/vulnerability-threat-trends-report-2022/
[3]
G. Greenwaldet al., “NSA collecting phone records of millions of Verizon customers daily,” Guardian, vol. 6, no. 6, p. 13, 2013.
[4]
R. S. Raman, L. Evdokimov, E. Wurstrow, J. A. Halderman, and R. Ensafi, “Investigating large scale HTTPs interception in Kazakhstan,” in Proc. ACM Internet Meas. Conf. (IMC), 2020, pp. 125–132. [Online]. Available: https://doi.org/10.1145/3419394.3423665
[5]
B. Laurie, “Certificate transparency,” Commun. ACM, vol. 57, no. 10, pp. 40–46, 2014. [Online]. Available: https://doi.org/10.1145/2659897
[6]
C. Welch. “Google encrypts gmail between data centers to keep the NSA out of your inbox.,” Mar. 2014. [Online]. Available: https://www.theverge.com/2014/3/20/5530072/google-encrypts-gmail-between-data-centers-to-keep-out-nsa
[7]
C. Farivar, “Apple expands data encryption under iOS 8, making handover to cops moot.,” Sep. 2014. [Online]. Available: https://arstechnica.com/gadgets/2014/09/apple-expands-data-encryption-under-ios-8-making-handover-to-cops-moot/
[8]
S. Farrell and H. Tschofenig, “Pervasive monitoring is an attack,” IETF, Rep. RFC 7258, 2014.
[9]
J. Aaset al., “Let’s encrypt: An automated certificate authority to encrypt the entire Web,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security (CCS), 2019, pp. 2473–2487. [Online]. Available: https://doi.org/10.1145/3319535.3363192
[10]
T. H.-J. Kim, L.-S. Huang, A. Perrig, C. Jackson, and V. Gligor, “Accountable key infrastructure (AKI): A proposal for a public-key validation infrastructure,” in Proc. 22nd Int. Conf. World Wide Web (WWW), May 2013, pp. 679–690. [Online]. Available: https://doi.org/10.1145/2488388.2488448
[11]
H. Birge-Lee, Y. Sun, A. Edmundson, J. Rexford, and P. Mittal, “Bamboozling certificate authorities with BGP,” in Proc. 27th USENIX Conf. Security Symp. (SEC), 2018, pp. 833–849.
[12]
K. Borgolte, T. Fiebig, S. Hao, C. Kruegel, and G. Vigna, “Cloud strife: Mitigating the security risks of domain-validated certificates,” in Proc. Appl. Netw. Res. Workshop (ANRW), 2018, p. 4. [Online]. Available: https://doi.org/10.1145/3232755.3232859
[13]
R. A. Rueppel and B. Wildhaber, “Public key infrastructure—Survey and issues,” in Trust Center. Cham, Switzerland: Springer, 1995, pp. 197–212.
[14]
A. C. Grant. “Search for trust: An analysis and comparison of ca system alternatives and enhancements.” 2012. [Online]. Available: https://digitalcommons.dartmouth.edu/senior_theses/78/
[15]
M. Marlinspike, “SSL and the future of authenticity,” in Proc. Black Hat USA, 2011, p. 6.
[16]
D. Wendlandt, D. G. Andersen, and A. Perrig, “Perspectives: Improving SSH-style host authentication with multi-path probing,” in Proc. USENIX Annu. Tech. Conf. (ATC), 2008, pp. 321–334.
[17]
R. Barnes, “DANE: Taking TLS authentication to the next level using DNSSEC,” IETF J., vol. 7, no. 2, p. 360, 2011.
[18]
R. Barnes, “Use cases and requirements for DNS-based authentication of named entities (DANE),” Internet Eng. Task Force, RFC 6394, 2011.
[19]
P. Hoffman and J. Schlyter, “The DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA,” IETF, RFC 6698, Aug. 2012.
[20]
P. Hallam-Baker, R. Stradling, and B. Laurie, “DNS certification authority authorization (CAA) resource record,” Internet Eng. Task Force, RFC 6844, 2013.
[21]
K. Engert. “MECAI-mutually endorsing CA infrastructure.” 2013. [Online]. Available: https://kuix.de/mecai/mecai-proposal-v2.pdf
[22]
G. Toth and T. Vlieg, “Public key pinning for TLS using a trust on first use model,” 2013. [Online]. Available: https://rp.os3.nl/2012-2013/p56/report.pdf
[23]
P. Eckersley. “Sovereign key cryptography for Internet domains.” 2012. [Online]. Available: https://git.eff.org
[24]
F. Amin, A. Jahangir, and H. Rasifard, “Analysis of public-key cryptography for wireless sensor networks security,” Int. J. Comput. Inf. Eng., vol. 2, no. 5, pp. 1448–1453, 2008.
[25]
J. Clark and P. C. Van Oorschot, “SoK: SSL and HTTPs: Revisiting past challenges and evaluating certificate trust model enhancements,” in Proc. IEEE Symp. Security Privacy, 2013, pp. 511–525.
[26]
A. Parsovs, “Practical issues with TLS client certificate authentication,” in Proc. Cryptol. ePrint Archive, 2013, pp. 1–8.
[27]
A. Delignat-Lavaud, M. Abadi, A. Birrell, I. Mironov, T. Wobber, and Y. Xie, “Web PKI: Closing the gap between guidelines and practices,” in Proc. NDSS, 2014, pp. 1–15.
[28]
A. Albarqiet al., “Public key infrastructure: A survey,” J. Inf. Security, vol. 6, no. 1, p. 31, 2014.
[29]
L. S. Huang, A. Rice, E. Ellingsen, and C. Jackson, “Analyzing forged SSL certificates in the wild,” in Proc. IEEE Symp. Security Privacy, 2014, pp. 83–97.
[30]
L. Zhanget al., “Analysis of SSL certificate reissues and revocations in the wake of heartbleed,” in Proc. Conf. Internet Meas. Conf., 2014, pp. 489–502.
[31]
R. Holz, J. Amann, O. Mehani, M. Wachs, and M. A. Kaafar, “TLS in the wild: An Internet-wide analysis of TLS-based protocols for electronic communication,” in Proc. Netw. Distrib. Syst. Security Symp. (NDSS), San Diego, CA, USA, 2016, pp. 1–8.
[32]
K. Michael and B. Joseph, “Upgrading HTTPs in mid-air: An empirical study of strict transport security and key pinning,” in Proc. NDSS Symp., 2015, pp. 1–8.
[33]
J. Hodges, C. Jackson, and A. Barth, “HTTP strict transport security (HSTS).” 2012. [Online]. Available: https://https.cio.gov/hsts/
[34]
S. de los Santos, C. Torrano, Y. Rubio, and F. Brezo, “Implementation state of HSTS and HPKP in both browsers and servers,” in Proc. Int. Conf. Cryptol. Netw. Security, 2016, pp. 192–207.
[35]
B. VanderSloot, J. Amann, M. Bernhard, Z. Durumeric, M. Bailey, and J. A. Halderman, “Towards a complete view of the certificate ecosystem,” in Proc. Internet Meas. Conf., 2016, pp. 543–549.
[36]
R. Heiland, W. C. Garrison, Y. Qiao, A. J. Lee, and V. Welch. “The Web’s PKI: An expository review and certificate validation cost simulation.” 2016. [Online]. Available: https://scholarworks.iu.edu/dspace/bitstream/handle/2022/21038/CACR-ASAC-PKI.pdf?sequence=1
[37]
K.-A. Shim, “A survey of public-key cryptographic primitives in wireless sensor networks,” IEEE Commun. Surveys Tuts., vol. 18, no. 1, pp. 577–601, 1st Quart., 2016.
[38]
J. Yu and M. Ryan, “Chapter 7—Evaluating Web PKIS,” in Software Architecture for Big Data and the Cloud, 2017, pp. 105–126. [Online]. Available: https://www.sciencedirect.com/science/article/pii/B9780128054673000077
[39]
J. Gustafsson, G. Overier, M. Arlitt, and N. Carlsson, “A first look at the CT landscape: Certificate transparency logs in practice,” in Proc. Int. Conf. Passive Active Netw. Meas., 2017, pp. 87–99.
[40]
J. Amann, O. Gasser, Q. Scheitle, L. Brent, G. Carle, and R. Holz, “Mission accomplished? HTTPs security after diginotar,” in Proc. Internet Meas. Conf., 2017, pp. 325–340.
[41]
S. Weiler and D. Blacka, “Clarifications and implementation notes for DNS security (DNSSEC),” IETF, RFC 6840, Feb. 2013.
[42]
C. Nykvist, L. Sjöström, J. Gustafsson, and N. Carlsson, “Server-side adoption of certificate transparency,” in Proc. Int. Conf. Passive Active Netw. Meas., 2018, pp. 186–199.
[43]
O. Gasser, B. Hof, M. Helm, M. Korczynski, R. Holz, and G. Carle, “In log we trust: Revealing poor security practices with certificate transparency logs and Internet measurements,” in Proc. Int. Conf. Passive Active Network Meas., 2018, pp. 173–185.
[44]
B. Liet al., “Certificate transparency in the wild: Exploring the reliability of monitors,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security, 2019, pp. 2505–2520.
[45]
M. Malik, M. Dutta, and J. Granjal, “A survey of key bootstrapping protocols based on public key cryptography in the Internet of Things,” IEEE Access, vol. 7, pp. 27443–27464, 2019.
[46]
B. Li, D. Chu, J. Lin, Q. Cai, C. Wang, and L. Meng, “The weakest link of certificate transparency: Exploring the TLS/HTTPs configurations of third-party monitors,” in Proc. 18th IEEE Int. Conf. Trust Security Privacy Comput. Commun. 13th IEEE Int. Conf. Big Data Sci. Eng. (TrustCom/BigDataSE), 2019, pp. 216–223.
[47]
R. Khan, P. Kumar, D. N. K. Jayakody, and M. Liyanage, “A survey on security and privacy of 5G technologies: Potential solutions, recent advancements, and future directions,” IEEE Commun. Surveys Tuts., vol. 22, no. 1, pp. 196–248, 1st Quart., 2019.
[48]
B. Amann, R. Sommer, M. Vallentin, and S. Hall, “No attack necessary: The surprising dynamics of SSL trust relationships,” in Proc. 29th Annu. Comput. Security Appl. Conf., 2013, pp. 179–188.
[49]
D. Akhawe, B. Amann, M. Vallentin, and R. Sommer, “Here’s my cert, so trust me, maybe? Understanding TLS errors on the Web,” in Proc. 22nd Int. Conf. World Wide Web, 2013, pp. 59–70.
[50]
L. Zhu, D. Wessels, A. Mankin, and J. Heidemann, “Measuring DANE TLSA deployment,” in Proc. Int. Workshop Traffic Monitor. Anal., 2015, pp. 219–232.
[51]
C. Aishwaryaet al., “DANE: An inbuilt security extension,” in Proc. IEEE Int. Conf. Green Comput. Internet Things (ICGCIoT), 2015, pp. 1571–1576.
[52]
H. Leeet al., “A longitudinal and comprehensive study of the DANE ecosystem in email,” in Proc. 29th USENIX Security Symp. (USENIX Security), 2020, p. 6.
[53]
C. Brunner, F. Knirsch, A. Unterweger, and D. Engel, “A comparison of blockchain-based PKI implementations,” in Proc. ICISSP, 2020, pp. 333–340.
[54]
L. Chuat, A. Abdou, R. Sasse, C. Sprenger, D. Basin, and A. Perrig, “SoK: Delegation and revocation, the missing links in the Web’s chain of trust,” in Proc. IEEE Eur. Symp. Security Privacy (EuroS&P), 2020, pp. 624–638.
[55]
N. Aldahwan and D. Alghazzawi, “Use of blockchain in public key infrastructure (PKI): A systematic literature review,” Int. J. Comput. Sci. Inf. Security, vol. 18, no. 6, pp. 106–111, 2020.
[56]
G. Schmid, “Thirty years of DNS insecurity: Current issues and perspectives,” IEEE Commun. Surveys Tuts., vol. 23, no. 4, pp. 2429–2459, 4th Quart., 2021.
[57]
O. Albogami, M. Alruqi, K. Almalki, and A. Aljahdali, “Public key infrastructure traditional and modern implementation,” Int. J. Netw. Security, vol. 23, no. 2, pp. 343–350, 2021.
[58]
S. Meiklejohn, J. DeBlasio, D. O’Brien, C. Thompson, K. Yeo, and E. Stark, “SoK: SCT auditing in certificate transparency,” 2022, arxiv.abs/2203.01661.
[59]
D. Maldonado-Ruiz, J. Torres, N. E. Madhoun, and M. Badra, “Current trends in blockchain implementations on the paradigm of public key infrastructure: A survey,” IEEE Access, vol. 10, pp. 17641–17655, 2022.
[60]
X. D. C. de Carnavalet and P. C. van Oorschot, “A survey and analysis of TLS interception mechanisms and motivations,” ACM Comput. Surveys, vol. 55, no. 13s, pp. 1–40, 2023. [Online]. Available: https://doi.org/10.1145/3580522
[61]
M. S. Pour, C. Nader, K. Friday, and E. Bou-Harb, “A comprehensive survey of recent Internet measurement techniques for cyber security,” Comput. Security, vol. 128, May 2023, Art. no. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404823000330
[62]
M. K. Bansal and M. Sethumadhavan, “Survey on domain name system security problems-DNS and blockchain solutions,” in Proc. Int. Conf. Futuristic Trends Netw. Comput. Technol., 2019, pp. 634–647.
[63]
Recommendations x.509 and ISO 9594-8, ITU, Geneva, Switzerland, 1988.
[64]
“The directory—Overview of concepts, models and services, Melbourne, Fascicle VIII. 8—Rec,” ITU, Geneva, Switzerland, ITU Recommendation 500, 1988.
[65]
H. Leibowitz, A. Herzberg, and E. Syta, “Provable security for PKI schemes,” inProc. IACR Cryptol. ePrint Arch., 2019, p. 807.
[66]
P. R. Zimmermann, The Official PGP User’s Guide. Cambridge, MA, USA: MIT Press, 1995.
[67]
S. Khan, F. Luo, Z. Zhang, M. A. Rahim, M. Ahmad, and K. Wu, “Survey on issues and recent advances in vehicular public-key infrastructure (VPKI),” IEEE Commun. Surveys Tuts., vol. 24, no. 3, pp. 1574–1601, 3rd Quart., 2022.
[68]
J. Höglund, S. Lindemer, M. Furuhed, and S. Raza, “PKI4IoT: Towards public key infrastructure for the Internet of Things,” Comput. Security, vol. 89, Feb. 2020, Art. no. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404819302019
[69]
X. Shi, S. Shi, M. Wang, J. Kaunisto, and C. Qian, “On-device IoT certificate revocation checking with small memory and low latency,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security (CCS), 2021, pp. 1118–1134. [Online]. Available: https://doi.org/10.1145/3460120.3484580
[70]
J. Höglund, M. Furuhed, and S. Raza, “Lightweight certificate revocation for low-power IoT with end-to-end security,” J. Inf. Security Appl., vol. 73, Mar. 2023, Art. no. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S2214212623000091
[71]
A. Garbaet al., “LightCERT4IoTs: Blockchain-based lightweight certificates authentication for IoT applications,” IEEE Access, vol. 11, pp. 28370–28383, 2023.
[72]
R. Barnes, J. Hoffman-Andrews, D. McCarney, and J. Kasten, “Automatic certificate management environment (ACME),” IETF, RFC 8555, Mar. 2019.
[73]
L. Schwittmann, M. Wander, and T. Weis, “Domain impersonation is feasible: A study of CA domain validation vulnerabilities,” in Proc. IEEE Eur. Symp. Security Privacy (EuroS&P), 2019, pp. 544–559.
[74]
C. Soghoian and S. Stamm, “Certified lies: Detecting and defeating government interception attacks against SSL (short paper),” in Proc. Int. Conf. Financial Cryptography Data Security, 2011, pp. 250–259.
[75]
D. Liu, S. Hao, and H. Wang, “All your DNS records point to us: Understanding the security threats of dangling DNS records,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security (CCS), 2016, pp. 1414–1425. [Online]. Available: https://doi.org/10.1145/2976749.2978387
[76]
S. Goldberg. “The myetherwallet.com Hijack and why it’s risky to hold cryptocurrency in a Webapp.” 2018. [Online]. Available: https://medium.com/@goldbe/the-myetherwallet-com-hijack-and-why-its-risky-to-hold-cryptocurrency-in-a-webapp-261131fad278
[77]
T. Dai, H. Shulman, and M. Waidner, “Let’s downgrade let’s encrypt,” in Proc. ACM SIGSAC Conf. Comput. Commub. Security (CCS), 2021, pp. 1421–1440. [Online]. Available: https://doi.org/10.1145/3460120.3484815
[78]
D. Poddebniaket al., “EFAIL: Breaking S/MIME and OpenPGP email encryption using exfiltration channels,” in Proc. 27th USENIX Security Symp. (USENIX Security), Aug. 2018, pp. 549–566. [Online]. Available: https://www.usenix.org/conference/usenixsecurity18/presentation/poddebniak
[79]
J. Kasten, E. Wustrow, and J. A. Halderman, “CAGE: Taming certificate authorities by inferring restricted scopes,” in Proc. Int. Conf. Financ. Cryptography Data Security, 2013, pp. 329–337.
[80]
N. Heninger, Z. Durumeric, E. Wustrow, and J. A. Halderman, “Mining your PS and QS: Detection of widespread weak keys in network devices,” in Proc. 21st USENIX Security Symp. (USENIX Security), 2012, pp. 205–220.
[81]
J. Braun and G. Rynkowski, “The potential of an individualized set of trusted CAS: Defending against CA failures in the Web PKI,” in Proc. IEEE Int. Conf. Social Comput., 2013, pp. 600–605.
[82]
J. Braun, F. Volk, J. Buchmann, and M. Mühlhäuser, “Trust views for the Web PKI,” in Proc. Eur. Public Key Infrastruct. Workshop, 2013, pp. 134–151.
[83]
J. Braun, F. Volk, J. Classen, J. Buchmann, and M. Mühlhäuser, “CA trust management for the Web PKI,” J. Comput. Security, vol. 22, no. 6, pp. 913–959, 2014.
[84]
J. Classen, J. Braun, F. Volk, M. Hollick, J. Buchmann, and M. Mühlhäuser, “A distributed reputation system for certification authority trust management,” in Proc. IEEE Trustcom/BigDataSE/ISPA, vol. 1, 2015, pp. 1349–1356.
[85]
M. Brandt, T. Dai, A. Klein, H. Shulman, and M. Waidner, “Domain validation++ for MITM-resilient PKI,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security, 2018, pp. 2060–2076.
[86]
E. Syta, I. Tamas, D. Visher, D. I. Wolinsky, and B. Ford, “Certificate cothority: Towards trustworthy collective CAS,” in Proc. Hot Topics Privacy Enhanc. Technol. (HotPETs), vol. 7, 2015, pp. 1–2.
[87]
E. Sytaet al., “Keeping authorities ‘honest or bust’ with decentralized witness cosigning,” in Proc. IEEE Symp. Security Privacy (SP), 2016, pp. 526–545.
[88]
L. Chuat, C. Krähenbühl, P. Mittal, and A. Perrig, “F-PKI: Enabling innovation and trust flexibility in the HTTPs public-key infrastructure,” 2021, arXiv:2108.08581.
[89]
L. Wang, G. Asharov, R. Pass, T. Ristenpart, and A. Shelat, “Blind certificate authorities,” in Proc. IEEE Symp. Security Privacy (SP), 2019, pp. 1015–1032.
[90]
E. F. Kfoury, D. Khoury, A. AlSabeh, J. Gomez, J. Crichigno, and E. Bou-Harb, “A blockchain-based method for decentralizing the ACME protocol to enhance trust in PKI,” in Proc. 43rd Int. Conf. Telecommun. Signal Process. (TSP), 2020, pp. 461–465.
[91]
H. Perl, S. Fahl, and M. Smith, “You won’t be needing these any more: On removing unused certificates from trust stores,” in Proc. Int. Conf. Financial Cryptography Data Security, 2014, pp. 307–315.
[92]
Z. Durumeric, E. Wustrow, and J. A. Halderman, “ZMAP: Fast Internet-wide scanning and its security applications,” in Proc. 22nd USENIX Conf. Security (SEC), 2013, pp. 605–620.
[93]
B. Jayaraman, H. Li, and D. Evans, “Decentralized certificate authorities,” 2017, arXiv:1706.03370.
[94]
M. Alicherry and A. D. Keromytis, “DoubleCheck: Multi-path verification against man-in-the-middle attacks,” in Proc. IEEE Symp. Comput. Commun., 2009, pp. 557–563.
[95]
R. Holz, T. Riedmaier, N. Kammenhuber, and G. Carle, “X.509 forensics: Detecting and localising the SSL/TLS men-in-the-middle,” in Proc. Eur. Symp. Res. Comput. Security, 2012, pp. 217–234.
[96]
M. Abadi, A. Birrell, I. Mironov, T. Wobber, and Y. Xie, “Global authentication in an untrustworthy world,” in Proc. 14th Workshop Hot Topics Oper. Syst. (HotOS XIV), 2013, p. 18.
[97]
A. Bates, J. Pletcher, T. Nichols, B. Hollembaek, and K. R. Butler, “Forced perspectives: Evaluating an SSL trust enhancement at scale,” in Proc. Conf. Internet Meas. Conf., 2014, pp. 503–510.
[98]
A. Bateset al., “Securing SSL certificate verification through dynamic linking,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security, 2014, pp. 394–405.
[99]
M. O’Neillet al., “TrustBase: An architecture to repair and strengthen certificate-based authentication,” in Proc. 26th USENIX Security Symp. (USENIX Security), 2017, pp. 609–624.
[100]
M. Modell, A. Barz, G. Toth, and C. Loesch. “Certificate patrol.” 2014. [Online]. Available: https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol
[101]
H. Everywhere. “Electronic frontier foundation.” 2014. [Online]. Available: https://www.eff.org/https-everywhere
[102]
H. Alexis. “HTTPs is actually everywhere.” 2021. [Online]. Available: https://www.eff.org/deeplinks/2021/09/https-actually-everywhere
[103]
A. Langley. “Public key pinning.” 2011. [Online]. Available: https://www.imperialviolet.org/2011/05/04/pinning.html
[104]
C. Evans, C. Palmer, and R. Sleevi, “Public key pinning extension for HTTP,” IETF, RFC 7469, Apr. 2015. [Online]. Available: https://www.rfc-editor.org/rfc/rfc7469.txt
[105]
C. Palmer. “Intent to deprecate and remove: Public key pinning.” 2017. [Online]. Available: https://groups.google.com/a/chromium.org/g/blink-dev/c/he9tr7p3rZ8?pli=1
[106]
J. Hodges, C. Jackson, and A. Barth, “HTTP strict transport security (HSTS),” Internet Eng. Task Force, RFC 6797, 2018.
[107]
M. Marlinspike and T. Perrin. “Trust assertions for certificate keys.” 2013. [Online]. Available: https://tools.ietf.org/id/draft-perrin-tls-tack-02.txt
[108]
X. Wang, Y. Bai, and L. Hu, “Domain based certification and revocation,” in Proc. Int. Conf. Security Manag. (SAM), 2015, p. 272.
[109]
B. Li, W. Wang, L. Meng, J. Lin, X. Liu, and C. Wang, “ELAPHURUS: Ensemble defense against fraudulent certificates in TLS,” in Proc. Int. Conf. Inf. Security Cryptol., 2019, pp. 246–259.
[110]
M. Zhanget al., “Detecting and measuring security risks of hosting-based dangling domains,” Proc. ACM Meas. Anal. Comput. Syst., vol. 7, no. 1, p. 247, Mar. 2023. [Online]. Available: https://doi.org/10.1145/3579440
[111]
R. Liet al., “A longitudinal and comprehensive measurement of DNS strict privacy,” IEEE/ACM Trans. Netw., early access, Apr. 3, 2023. 10.1109/TNET.2023.3262651.
[112]
X. Liet al., “Ghost domain reloaded: Vulnerable links in domain name delegation and revocation,” in Proc. 30th Annu. Netw. Distrib. Syst. Security Symp. (NDSS). 2013, pp. 1–8. [Online]. Available: https://doi.org/10.14722/ndss
[113]
D. Basin, C. Cremers, T. H.-J. Kim, A. Perrig, R. Sasse, and P. Szalachowski, “ARPKI: Attack resilient public-key infrastructure,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security (CCS), Nov. 2014, pp. 382–393. [Online]. Available: https://doi.org/10.1145/2660267.2660298
[114]
D. Basin, C. Cremers, T. H.-J. Kim, A. Perrig, R. Sasse, and P. Szalachowski, “Design, analysis, and implementation of ARPKI: An attack-resilient public-key infrastructure,” IEEE Trans. Depend. Secure Comput., vol. 15, no. 3, pp. 393–408, May/Jun. 2016.
[115]
P. Szalachowski, S. Matsumoto, and A. Perrig, “PoliCert: Secure and flexible TLS certificate management,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security, 2014, pp. 406–417.
[116]
J. Yu, V. Cheval, and M. Ryan, “DTKI: A new formalized PKI with verifiable trusted parties,” Comput. J., vol. 59, no. 11, pp. 1695–1713, 2016.
[117]
J. Chen, S. Yao, Q. Yuan, R. Du, and G. Xue, “Checks and balances: A tripartite public key infrastructure for secure Web-based connections,” in Proc. IEEE INFOCOM Conf. Comput. Commun., 2017, pp. 1–9.
[118]
S. Khan, Z. Zhang, L. Zhu, M. Li, Q. G. K. Safi, and X. Chen, “Accountable and transparent TLS certificate management: An alternate public-key infrastructure with verifiable trusted parties,” Security Commun. Netw., vol. 2018, Jun. 2018, Art. no. [Online]. Available: https://doi.org/10.1155/2018/8527010
[119]
S. Khan, L. Zhu, Z. Zhang, M. A. Rahim, K. Khan, and M. Li, “Attack-resilient TLS certificate transparency,” IEEE Access, vol. 8, pp. 98958–98973, 2020.
[120]
S. Khan, Z. Zhang, L. Zhu, M. A. Rahim, S. Ahmad, and R. Chen, “SCM: Secure and accountable TLS certificate management,” Int. J. Commun. Syst., vol. 33, no. 15, Jul. 2020, Art. no. [Online]. Available: https://onlinelibrary.wiley.com/doi/abs/10.1002/dac.4503
[121]
X. Wang and M. El-Said, “DomainPKI: Domain aware certificate management,” in Proc. 21st Annu. Conf. Inf. Technol. Educ., 2020, pp. 419–425.
[122]
A. Yakubovet al., “A blockchain-based PKI management framework,” in Proc. 1st IEEE/IFIP Int. Workshop Manag. Manag. Blockchain (Man2Block) IEEE/IFIP NOMS, Apr. 2018, pp. 1–7.
[123]
Z. Wang, J. Lin, Q. Cai, Q. Wang, D. Zha, and J. Jing, “Blockchain-based certificate transparency and revocation transparency,” IEEE Trans. Depend. Secure Comput., vol. 19, no. 1, pp. 681–697, Jan./Feb. 2017.
[124]
H. Tewari, A. Hughes, S. Weber, and T. Barry, “X509cloud—Framework for a ubiquitous PKI,” in Proc. IEEE Mil. Commun. Conf. (MILCOM), 2017, pp. 225–230.
[125]
J. Chen, S. Yao, Q. Yuan, K. He, S. Ji, and R. Du, “CertChain: Public and efficient certificate audit based on blockchain for TLS connections,” in Proc. IEEE INFOCOM Conf. Comput. Commun., 2018, pp. 2060–2068.
[126]
D. Madala, M. P. Jhanwar, and A. Chattopadhyay, “Certificate transparency using blockchain,” in Proc. IEEE Int. Conf. Data Min. Workshops (ICDMW), 2018, pp. 71–80.
[127]
Y. Dong, W. Kim, and R. Boutaba, “ConiFER: Centrally-managed PKI with blockchain-rooted trust,” in Proc. IEEE Int. Conf. Internet Things (iThings) IEEE Green Comput. Commun. (GreenCom) IEEE Cyber Phys. Soc. Comput. (CPSCom) IEEE Smart Data (SmartData), 2018, pp. 1092–1099.
[128]
M. Y. Kubilay, M. S. Kiraz, and H. A. Mantar, “CertLedger: A new PKI model with certificate transparency based on blockchain,” Comput. Security, vol. 85, pp. 333–352, Aug. 2019.
[129]
P. Szalachowski, “PADVA: A blockchain-based TLS notary service,” in Proc. IEEE 25th Int. Conf. Parallel Distrib. Syst. (ICPADS), 2019, pp. 836–843.
[130]
Z. Xiong, Z. L. Jiang, S. Yang, X. Wang, and J. Fang, “SSHTDNS: A secure, scalable and high-throughput domain name system via blockchain technique,” in Proc. Int. Conf. Netw. Syst. Security, 2019, pp. 272–287.
[131]
A. Garba, Q. Hu, Z. Chen, and M. R. Asghar, “BB-PKI: Blockchain-based public key infrastructure certificate management,” in Proc. IEEE 22nd Int. Conf. High Perform. Comput. Commun. IEEE 18th Int. Conf. Smart City IEEE 6th Int. Conf. Data Sci. Syst. (HPCC/SmartCity/DSS), 2020, pp. 824–829.
[132]
J. Zhao, Z. Lin, X. Huang, Y. Zhang, and S. Xiang, “TRUSTCA: Achieving certificate transparency through smart contract in blockchain platforms,” in Proc. Int. Conf. High Perform. Big Data Intell. Syst. (HPBD&IS), 2020, pp. 1–6.
[133]
G.-H. Hwang, T.-K. Chang, and H.-W. Chiang, “A semidecentralized PKI system based on public blockchains with automatic indemnification mechanism,” Security Commun. Netw., vol. 2021, Oct. 2021, Art. no.
[134]
N. Johnson and V. Griffith. “Ethereum name service.” 2018. [Online]. Available: https://docs.ens.domains
[135]
Z. Guan, A. Garba, A. Li, Z. Chen, and N. Kaaniche, “AUTHLEDGER: A novel blockchain-based domain name authentication scheme,” in Proc. ICISSP, 2019, pp. 345–352.
[136]
K. Lewison and F. Corella. “Backing rich credentials with a blockchain PKI.” 2016. [Online]. Available: https://pomcor.com/
[137]
A. Garba, Z. Chen, Z. Guan, and G. Srivastava, “LightLedger: A novel blockchain-based domain certificate authentication and validation scheme,” IEEE Trans. Netw. Sci. Eng., vol. 8, no. 2, pp. 1698–1710, Apr.–Jun. 2021.
[138]
M. Caldeira and M. Correia, “Blockchain address transparency with DNS,” in Proc. IEEE Symp. Comput. Commun. (ISCC), 2021, pp. 1–7.
[139]
M. Y. Kubilay, M. S. Kiraz, and H. A. Mantar, “KORGAN: An efficient PKI architecture based on PBFT through dynamic threshold signatures,” Comput. J., vol. 64, no. 4, pp. 564–574, 2021.
[140]
S. Kakei, Y. Shiraishi, M. Mohri, T. Nakamura, M. Hashimoto, and S. Saito, “Cross-certification towards distributed authentication infrastructure: A case of hyperledger fabric,” IEEE Access, vol. 8, pp. 135742–135757, 2020.
[141]
T. Sermpinis, G. Vlahavas, K. Karasavvas, and A. Vakali, “DETRACT: A decentralized, transparent, immutable and Open PKI certificate framework,” Int. J. Inf. Security, vol. 20, no. 4, pp. 553–570, 2021.
[142]
Z. Zhai, S. Shen, and Y. Mao, “BPKI: A secure and scalable blockchain-based public key infrastructure system for Web services,” J. Inf. Security Appl., vol. 68, Aug. 2022, Art. no. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S2214212622000990
[143]
S. Eskandarian, E. Messeri, J. Bonneau, and D. Boneh, “Certificate transparency with privacy,” 2017, arXiv:1703.02209.
[144]
H. Leibowitz, H. Ghalwash, E. Syta, and A. Herzberg, “CTNG: Secure certificate and revocation transparency,” in Proc. Cryptol. ePrint Archive, 2021, p. 4.
[145]
T. Smith, L. Dickinson, and K. Seamons, “Let’s revoke: Scalable global certificate revocation,” in Proc. Netw. Distrib. Syst. Security (NDSS) Symp., 2020, pp. 1–7.
[146]
S. Meier, B. Schmidt, C. Cremers, and D. Basin, “The tamarin prover for the symbolic analysis of security protocols,” in Proc. 25th Int. Conf. Comput.-Aided Verification (CAV), vol. 8044, Jul. 2013, pp. 696–701.
[147]
M. D. Ryan, “Enhanced certificate transparency and end-to-end encrypted mail,” in Proc. NDSS, 2014, pp. 1–14.
[148]
S. Matsumoto and R. M. Reischuk, “Certificates-as-an-insurance: Incentivizing accountability in SSL/TLS,” in Proc. NDSS Workshop Security Emerg. Netw. Technol. (SENT), 2015, p. 9.
[149]
S. Yao, J. Chen, K. He, R. Du, T. Zhu, and X. Chen, “PBCERT: Privacy-preserving blockchain-based certificate status validation toward mass storage management,” IEEE Access, vol. 7, pp. 6117–6128, 2018.
[150]
E. Karaarslan and E. Adiguzel, “Blockchain based DNS and PKI solutions,” IEEE Commun. Stand. Mag., vol. 2, no. 3, pp. 52–57, Sep. 2018.
[151]
Z. Wang, J. Lin, Q. Cai, Q. Wang, J. Jing, and D. Zha, “Blockchain-based certificate transparency and revocation transparency,” in Proc. Int. Conf. Financial Cryptography Data Security, 2018, pp. 144–162.
[152]
Z. Wan, Z. Guan, F. Zhuo, and H. Xian, “BKI: Towards accountable and decentralized public-key infrastructure with blockchain,” in Proc. Int. Conf. Security Privacy Commun. Syst., 2017, pp. 644–658.
[153]
M. S. Melara, A. Blankstein, J. Bonneau, E. W. Felten, and M. J. Freedman, “CONIKS: Bringing key transparency to end users,” in Proc. 24th USENIX Security Symp. (USENIX Security), 2015, pp. 383–398.
[154]
A. Tomescu and S. Devadas, “CATENA: Efficient non-equivocation via bitcoin,” in Proc. IEEE Symp. Security Privacy (SP), 2017, pp. 393–409.
[155]
L. Dykcik, L. Chuat, P. Szalachowski, and A. Perrig, “BlockPKI: An automated, resilient, and transparent public-key infrastructure,” in Proc. IEEE Int. Conf. Data Min. Workshops (ICDMW), 2018, pp. 105–114.
[156]
R. Xu and J. Joshi, “Trustworthy and transparent third-party authority,” ACM Trans. Internet Technol., vol. 20, no. 4, p. 31, Oct. 2020. [Online]. Available: https://doi.org/10.1145/3386262
[157]
B. Qin, J. Huang, Q. Wang, X. Luo, B. Liang, and W. Shi, “CeCoin: A decentralized PKI mitigating MITM attacks,” Future Gener. Comput. Syst., vol. 107, pp. 805–815, Jun. 2020.
[158]
G. Slepak. “DNSchain + okturtles.” 2013. [Online]. Available: https://okturtles.com/other/dnschain_okturtles_overview.pdf
[159]
A. Loibl and J. Naab. “Namecoin.” 2014. [Online]. Available: https://www.namecoin.org/
[160]
J. Benet, “IPFS-content addressed, versioned, P2P file system,” 2014, arXiv:1407.3561.
[161]
Y. G. Malahov. “Bitalias 1, AKA usernames for bitcoin, a new, simple naming system for bitcoin addresses.,” Mar. 2017. [Online]. Available: https://medium.com/bitalias-decentralized-naming-and-identity-service/bitalias-7b66bffed9d8
[162]
A. Muneeb and S. Ryan, “ONENAME—Bringing decentralization to identity with blockchain id.,” Accessed: May 12, 2022. [Online]. Available: https://epicenter.tv/episodes/101/
[163]
F. Li, Z. Liu, T. Li, H. Ju, H. Wang, and H. Zhou, “Privacy-aware PKI model with strong forward security,” Int. J. Intell. Syst., vol. 37, no. 12, pp. 10049–10065, 2022.
[164]
P. Plessing and O. Omolola, “Revisiting privacy-aware blockchain public key infrastructure,” in Proc. ICISSP, 2020, pp. 415–423.
[165]
R. Housleyet al., “Internet x.509 public key infrastructure certificate and CRL profile,” IETF, RFC 2459, Jan. 1999.
[166]
P. Wohlmacher, “Digital certificates: A survey of revocation methods,” in Proc. ACM Workshops Multimedia, 2000, pp. 111–114.
[167]
G. Jain. “Certificate revocation: A survey.” 2000. [Online]. Available: https://citeseer.ist.psu.edu/511985.html
[168]
D. A. Cooper, “A model of certificate revocation,” in Proc. 15h Annu. Comput. Security Appl. Conf. (ACSAC), 1999, pp. 256–264.
[169]
D. A. Cooper, “A more efficient use of delta-CRLs,” in Proc. IEEE Symp. Security Privacy (S&P), 2000, pp. 190–202.
[170]
R. J. Perlman and C. W. Kaufman, “Method of issuance and revocation of certificates of authenticity used in public key networks and other systems,” U.S. Patent 5 261 002, Nov. 9, 1993.
[171]
S. Micali, “Efficient certificate revocation,” Lab. Comput. Sci., Massachusetts Inst. Technol., Cambridge, MA, USA, Rep. MIT/LCS/TM-542b, 1995.
[172]
S. Micali, “Scalable certificate validation and simplified PKI management,” in Proc. 1st Annu. PKI Res. Workshop, vol. 15, 2002, p. 8.
[173]
FIPS PUB 180-1,” National Inst. Stand. Technol., Gaithersburg, MD, USA, 1995.
[174]
W. Aiello, S. Lodha, and R. Ostrovsky, “Fast digital identity revocation,” in Proc. Annu. Int. Cryptol. Conf., 1998, pp. 137–152.
[175]
P. C. Kocher, “On certificate revocation and validation,” in Proc. Int. Conf. Financial Cryptography, 1998, pp. 172–177.
[176]
R. C. Merkle, “A certified digital signature,” in Proc. Conf. Theory Appl. Cryptol., Jul. 1989, pp. 218–238.
[177]
M. Naor and K. Nissim, “Certificate revocation and certificate update,” in Proc. 7th Conf. USENIX Security Symp., vol. 7, 1998, p. 17.
[178]
M. Naor and K. Nissim, “Certificate revocation and certificate update,” IEEE J. Sel. Areas Commun., vol. 18, no. 4, pp. 561–570, Apr. 2000.
[179]
M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams, “X.509 Internet public key infrastructure online certificate status protocol-OCSP,” IETF, RFC 6960, 1999.
[180]
C. Ekechukwu, D. Lindskog, and R. Ruhl, “A notary extension for the online certificate status protocol,” in Proc. IEEE Int. Conf. Soc. Comput., 2013, pp. 1016–1021.
[181]
P. McDaniel and S. Jamin, “Windowed certificate revocation,” in Proc. IEEE INFOCOM Conf. Comput. Commun. 9th Annu. Joint Conf. IEEE Comput. Commun. Soc., vol. 3, 2000, pp. 1406–1414.
[182]
A. Buldas, P. Laud, and H. Lipmaa, “Accountable certificate management using undeniable attestations,” in Proc. 7th ACM Conf. Comput. Commun. Security, 2000, pp. 9–17.
[183]
I. Gassko, P. S. Gemmell, and P. MacKenzie, “Efficient and fresh certification,” in Proc. Int. Workshop Public Key Cryptography, 2000, pp. 342–353.
[184]
P. Zheng, “Tradeoffs in certificate revocation schemes,” SIGCOMM Comput. Commun. Rev., vol. 33, no. 2, pp. 103–112, Apr. 2003. [Online]. Available: https://doi.org/10.1145/956981.956991
[185]
E. Faldella and M. Prandini, “A novel approach to on-line status authentication of public-key certificates,” in Proc. IEEE 16th Annu. Comput. Security Appl. Conf. (ACSAC), 2000, pp. 270–277.
[186]
R. N. Wright, P. D. Lincoln, and J. K. Millen, “Efficient fault-tolerant certificate revocation,” in Proc. 7th ACM Conf. Comput. Commun. Security, 2000, pp. 19–24.
[187]
D. Boneh, X. Ding, G. Tsudik, and C.-M. Wong, “A method for fast revocation of public key certificates and security capabilities,” in Proc. USENIX Security Symp., 2001, p. 22.
[188]
J. L. Munoz, J. Forne, O. Esparza, and M. Soriano, “Certificate revocation system implementation based on the Merkle hash tree,” Int. J. Inf. Security, vol. 2, no. 2, pp. 110–124, 2004. [Online]. Available: https://doi.org/10.1007/s10207-003-0026-4
[189]
F. F. Elwailly, C. Gentry, and Z. Ramzan, “QuasiModo: Efficient certificate validation and revocation,” in Proc. Public Key Cryptography (PKC), 2004, pp. 375–388.
[190]
A. Langley. “Revocation checking and Chrome’s CRL.,” 2012. [Online]. Available: https://www.imperialviolet.org/2012/02/05/crlsets.html
[191]
M. Goodwin. “Revoking intermediate certificates: Introducing OneCRL.,” 2015. [Online]. Available: https://wiki.mozilla.org/CA:RevocationPlan#OneCRL
[192]
J. Larisch, D. Choffnes, D. Levin, B. M. Maggs, A. Mislove, and C. Wilson, “CRLITE: A scalable system for pushing all TLS revocations to all browsers,” in Proc. IEEE Symp. Security Privacy (SP), 2017, pp. 539–556.
[193]
R. L. Rivest, “Can we eliminate certificate revocation lists?,” in Proc. Int. Conf. Financial Cryptography, 1998, pp. 178–183.
[194]
Y.-K. Hsu and S. Seymour, “Intranet security framework based on short-lived certificates,” in Proc. IEEE 6th Workshop Enabling Technol. Infrastruct. Collaborative Enterprises, 1997, pp. 228–234.
[195]
E. Topalovic, B. Saeta, L.-S. Huang, C. Jackson, and D. Boneh. “Towards short-lived certificates.” 2012. [Online]. Available: https://www.ieee-security.org/TC/W2SP/2012/papers/w2sp12-final9.pdf
[196]
D. Eastlakeet al., “Transport layer security (TLS) extensions: Extension definitions,” IETF, RFC 6066, Jan. 2011.
[197]
P. Hallam-Baker, “X.509v3 transport layer security (TLS) feature extension,” IETF, RFC 7633, 2015.
[198]
Q. Hu, M. R. Asghar, and N. Brownlee, “Certificate revocation guard (CRG): An efficient mechanism for checking certificate revocation,” in Proc. IEEE 41st Conf. Local Comput. Netw. (LCN), 2016, pp. 527–530.
[199]
P. Szalachowski, L. Chuat, T. Lee, and A. Perrig, “RITM: Revocation in the middle,” in Proc. IEEE 36th Int. Conf. Distrib. Comput. Syst. (ICDCS), 2016, pp. 189–200.
[200]
A. Schulman, D. Levin, and N. Spring, “REVCAST: Fast, private certificate revocation over FM radio,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security, 2014, pp. 799–810.
[201]
A. Alrawais, A. Alhothaily, X. Cheng, C. Hu, and J. Yu, “SecureGuard: A certificate validation system in public key infrastructure,” IEEE Trans. Veh. Technol., vol. 67, no. 6, pp. 5399–5408, Jun. 2018.
[202]
B. Laurie and E. Kasper, Revocation Transparency, Google Res., Menlo Park, CA, USA, Sep. 2012.
[203]
P. Szalachowski, L. Chuat, and A. Perrig, “PKI safety net (PKISN): Addressing the too-big-to-be-revoked problem of the TLS ecosystem,” in Proc. IEEE Eur. Symp. Security Privacy (EuroS&P), 2016, pp. 407–422.
[204]
A. Singh, B. Sengupta, and S. Ruj, “Certificate transparency with enhancements and short proofs,” in Proc. Aust. Conf. Inf. Security Privacy, 2017, pp. 381–389.
[205]
A. Garba, A. Bochem, and B. Leiding, “BlockVoke—Fast, blockchain-based certificate revocation for PKIS and the Web of trust,” in Proc. Int. Conf. Inf. Security, 2020, pp. 315–333.
[206]
M. Jiaet al., “PROCESS: Privacy-preserving on-chain certificate status service,” in Proc. IEEE INFOCOM Conf. Comput. Commun., 2021, pp. 1–10.
[207]
Y. C. E. Adja, B. Hammi, A. Serhrouchni, and S. Zeadally, “A blockchain-based certificate revocation management and status verification system,” Comput. Security, vol. 104, May 2021, Art. no. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S016740482100033X
[208]
X. Ge, L. Wang, W. An, X. Zhou, and B. Li, “CRchain: An efficient certificate revocation scheme based on blockchain,” in Algorithms and Architectures for Parallel Processing, Y. Lai, T. Wang, M. Jiang, G. Xu, W. Liang, and A. Castiglione, Eds. Cham, Switzerland: Springer Int., 2022, pp. 453–472.
[209]
D. Kumaret al., “Tracking certificate Misissuance in the wild,” in Proc. IEEE Symp. Security Privacy (SP), Jul. 2018, pp. 785–798.
[210]
J. Purushothaman, E. Thompson, and A. Abdou, “Position paper: Certificate root stores—An area of unity or disparity?,” in Proc. 15th Workshop Cyber Security Exp. Test (CSET), 2022, pp. 105–110. [Online]. Available: https://doi.org/10.1145/3546096.3546110
[211]
R. Li, Z. Zhang, J. Shao, R. Lu, X. Jia, and G. Wei, “The potential harm of email delivery: Investigating the HTTPs configurations of webmail services,” IEEE Trans. Depend. Secure Comput., early access, Feb. 20, 2023. 10.1109/TDSC.2023.3246600.
[212]
M. Luo, B. Feng, L. Lu, E. Kirda, and K. Ren, “On the complexity of the Web’s PKI: Evaluating certificate validation of mobile browsers,” IEEE Trans. Depend. Secure Comput., early access, Mar. 13, 2023. 10.1109/TDSC.2023.3255869.
Index Terms
- A Survey on X.509 Public-Key Infrastructure, Certificate Revocation, and Their Modern Implementation on Blockchain and Ledger Technologies
Index terms have been assigned to the content through auto-classification.
Recommendations
Comments
Information & Contributors
Information
Published In
1553-877X © 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.
Publisher
IEEE Press
Publication History
Published: 13 October 2023
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 25 Dec 2024
Other Metrics
Citations
Cited By
View all- Cevallos-Salas DEstrada-Jiménez JGuamán D(2024)Application layer security for Internet communicationsComputers and Electrical Engineering10.1016/j.compeleceng.2024.109498119:PAOnline publication date: 1-Oct-2024