The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem

In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen exponential growth. Website support for CT has also constantly increased, with now 33% of established connections supporting CT. With the increasing deployment of CT, there are also concerns of information leakage due to all certificates being visible in CT logs. To understand this threat, we introduce a CT honeypot and show that data from CT logs is being used to identify targets for scanning campaigns only minutes after certificate issuance. We present and evaluate a methodology to learn and validate new subdomains from the vast number of domains extracted from CT logged certificates.Comment: To be published at ACM IMC 201

Configurable Fault Tolerant Circuits and System Level Integration for Self-Awareness

Scaling minimum features of ICs down to the 10nm- area and below has allowed high integration rates in electronics. Scaling at supply voltages of 1V and below also implies a rising level of stress which drives aging effects that reduce switching speed and the expected life time. Additionally, vulnerability from particle radiation is increased. Hence, fault detection and on-line correction become a must for many applications. However, not only fault tolerance but self-awareness becomes also an advantage. Provided that by being aware of its own healthy state allow optimized configurations regarding system operation modes and configurable hardware mechanism. This paper shows a preliminary work in a configurable circuit and explores its configuration possibilities when integrated into a complete system

Certificate Transparency Deployment Study

Um Webserver-Zertifikate auditierbar zu machen, erweitert Certficate Transparency (CT) das TLS-Ökosystem um sogenannte CT-Logs, welche ein nicht löschbares, öffentliches Verzeichnis darstellen. Das Hinzufügen eines Zertifikats in ein CT-Log wird durch einen sogenannten Signed Certificate Timestamp (SCT) quittiert. Mit dem Übermitteln von zugehörigen SCTs zusammen mit dem Webserver-Zertifikat wird die Auditierbarkeit beim TLS-Handshake nachgewiesen. In dieser Arbeit wird die Verbreitung und die zeitliche Entwicklung der Verbreitung von CT im produktiven Einsatz analysiert. Die Anzahl der Zertifikate in CT-Logs hat exponentiell zugenommen. Website-Support von CT hat in den vergangenen zwölf Monaten von 26% auf gegenwärtig 58% zugenommen für die populärsten Domains, die per HTTPS erreichbar sind.Certificate Transparency (CT) extends the TLS ecosystem by so-called CT logs which represent an append-only public register in order to makewebserver certificates auditable. The adding of a certificate into a CT log will be receipt by a so-called Signed Certificate Timestamp (SCT). At the TLS handshake, together with the webserver certificate, the transmission of the corresponding SCTs prove the availability for auditing. In this thesis, we analyze the deployment of CT and its evolution over time. The number of certificates in CT logs have seen exponentional growth. Website support for CT has increased over a period of twelf month from 26% to currently 58% for the most popular domains which are accessible via HTTPS