University of Twente Student Theses


Information leakage via Certificate Transparency

Gerretzen, B.M. (2022) Information leakage via Certificate Transparency.

[img] PDF
Abstract:As the need for encryption on the internet grew, the secure sockets layer (SSL) and later TLS were introduced. These protocols rely on a cryptographic system called public-key cryptography. Where every user has a public and private key they use for encryption. To make sure that the key actually belongs to you, certificates were introduced, they are proof that you are the owner of a public key. X.509 is the current standard format for public key certificates. Most of the certificate authorities that issue these certificates also publish them to certificate transparency logs. A number of certificates from various certificate transparency logs have been saved by the University of Twente, the domain names in these certificates have been analyzed to see what sensitive services can be identified by analyzing labels in the domain names. I found that services that are indicated by the domain name label have their default ports exposed to the internet with rates varying from 1% to 90% depending on the service. In addition to this, I found that the amount of hosts with open ports that allow unauthenticated access ranges from 3% to 97%, depending on the service.
Item Type:Essay (Bachelor)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science BSc (56964)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page