Security Collapse in the HTTPS Market
Hyptertext Transfer Protocol Secure (HTTPS) has evolved into the de facto standard for secure web browsing. Through the certificate-based authentication protocol, web services and browsers first authenticate one another (“shake hands”) using a TLS/SSL certificate, then encrypt web communications end-to-end, and show a padlock in the browser to users to indicate a communication is secure. In recent years, HTTPS has become an essential technology to protect social, political, and economic activities online. Recent breaches at Certificate Authorities (CAs) have exposed several systemic vulnerabilities and market failures inherent in the current HTTPS authentication model. This article outlines the systemic vulnerabilities of HTTPS, maps the thriving market for certificates, and analyzes the suggested regulatory and technological solutions on both sides of the Atlantic. Our findings show existing yet surprising market patterns and perverse incentives: not unlike the financial sector, the HTTPS market is full of information asymmetries and negative externalities, as a handful of CAs dominate the market and have become “too big to fail.” Unfortunately, the proposed E.U. legislation will reinforce systemic vulnerabilities, and the proposed technological solutions are far from being adopted at scale. Regardless of major cybersecurity incidents and even the Snowden revelations that showed the systemic vulnerabilities in CAs are exploited by Western intelligence agencies, a sense of urgency to secure HTTPS seems nonexistent. As it stands, major CAs continue business as usual. For the foreseeable future, a fundamentally flawed authentication model underlies an absolutely critical technology used every second of every day by every Internet user, corporation and government. On both sides of the Atlantic, one wonders what cybersecurity governance really is about
Year of publication: |
2016
|
---|---|
Authors: | Arnbak, Axel ; Asghari, Hadi ; van Eeten, Michel ; van Eijk, N.A.N.M |
Publisher: |
[S.l.] : SSRN |
Saved in:
freely available
Extent: | 1 Online-Ressource (9 p) |
---|---|
Type of publication: | Book / Working Paper |
Language: | English |
Notes: | In: Com. of the ACM, Vol. 57(10), Oct. 2014, p. 47-55 Nach Informationen von SSRN wurde die ursprüngliche Fassung des Dokuments October 5, 2014 erstellt |
Source: | ECONIS - Online Catalogue of the ZBW |
Persistent link: https://www.econbiz.de/10014139842
Saved in favorites
Similar items by person
-
Security Economics in the HTTPS Value Chain
Asghari, Hadi, (2016)
-
Obscured by Clouds or How to Address Governmental Access to Cloud Data from Abroad
van Hoboken, Joris, (2014)
-
Collectively exercising the right of access: individual effort, societal effect
Mahieu, René L. P., (2018)
- More ...