The rise of certificate transparency and its implications on the internet ecosystem

Quirin Scheitle, Oliver Gasser, Theodor Nolte, Johanna Amann, Lexi Brent, Georg Carle, Ralph Holz, Thomas C. Schmidt, Matthias Wählisch

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

48 Scopus citations

Abstract

In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen exponential growth. Website support for CT has also constantly increased, with now 33% of established connections supporting CT. With the increasing deployment of CT, there are also concerns of information leakage due to all certificates being visible in CT logs. To understand this threat, we introduce a CT honeypot and show that data from CT logs is being used to identify targets for scanning campaigns only minutes after certificate issuance. We present and evaluate a methodology to learn and validate new subdomains from the vast number of domains extracted from CT logged certificates.

Original languageEnglish
Title of host publicationIMC 2018 - Proceedings of the Internet Measurement Conference
PublisherAssociation for Computing Machinery
Pages343-349
Number of pages7
ISBN (Electronic)9781450356190
DOIs
StatePublished - 31 Oct 2018
Event2018 Internet Measurement Conference, IMC 2018 - Boston, United States
Duration: 31 Oct 20182 Nov 2018

Publication series

NameProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Conference

Conference2018 Internet Measurement Conference, IMC 2018
Country/TerritoryUnited States
CityBoston
Period31/10/182/11/18

Keywords

  • Certificate Transparency
  • Honeypot
  • Phishing

Fingerprint

Dive into the research topics of 'The rise of certificate transparency and its implications on the internet ecosystem'. Together they form a unique fingerprint.

Cite this