University of Twente Student Theses
Information leakage via Certificate Transparency
Gerretzen, B.M. (2022) Information leakage via Certificate Transparency.
|
PDF
495kB |
| Abstract: | As the need for encryption on the internet grew, the secure sockets layer (SSL) and later TLS were introduced. These protocols rely on a cryptographic system called public-key cryptography. Where every user has a public and private key they use for encryption. To make sure that the key actually belongs to you, certificates were introduced, they are proof that you are the owner of a public key. X.509 is the current standard format for public key certificates. Most of the certificate authorities that issue these certificates also publish them to certificate transparency logs. A number of certificates from various certificate transparency logs have been saved by the University of Twente, the domain names in these certificates have been analyzed to see what sensitive services can be identified by analyzing labels in the domain names. I found that services that are indicated by the domain name label have their default ports exposed to the internet with rates varying from 1% to 90% depending on the service. In addition to this, I found that the amount of hosts with open ports that allow unauthenticated access ranges from 3% to 97%, depending on the service. |
| Item Type: | Essay (Bachelor) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science BSc (56964) |
| Link to this item: | https://purl.utwente.nl/essays/91730 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page