Please use this identifier to cite or link to this item:
http://arks.princeton.edu/ark:/88435/dsp01b8515r23v
Title: | The Impact of the Online Certificate Status Protocol on User Privacy |
Authors: | Bryers, Evan |
Advisors: | Mittal, Prateek |
Department: | Electrical Engineering |
Class Year: | 2019 |
Abstract: | In the current Internet Public Key Infrastructure (PKI), trusted third parties called Certificate Authorities (CAs) issue digitally-signed certificates affirming ownership of a domain. The Online Certificate Status Protocol (OCSP) was introduced to allow applications to verify that a given certificate had not been revoked, by querying an OCSP responder (server). By requiring applications to send unencrypted requests to third-party responders each time they wish to validate a certificate’s status, OCSP is generally understood to present a threat to user privacy, leaking information about user web behavior. Ironically, the publicity of this issue has not led to significant study of the nature and scope of this threat. In this work, we outline and conduct a large-scale measurement of OCSP traffic associated with visits to popular websites. We then use this data to assess the extent to which entities at three levels—CAs, Content Delivery Networks, and ASes—are capable of inferring the destination sites a user visits using passively-observed OCSP traffic. We also consider the ramifications of OCSP privacy leakage in the context of anonymous networks such as Tor, and propose a novel correlation attack that incorporates OCSP traffic. |
URI: | http://arks.princeton.edu/ark:/88435/dsp01b8515r23v |
Type of Material: | Princeton University Senior Theses |
Language: | en |
Appears in Collections: | Electrical Engineering, 1932-2020 |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
BRYERS-EVAN-THESIS.pdf | 1.63 MB | Adobe PDF | Request a copy |
Items in Dataspace are protected by copyright, with all rights reserved, unless otherwise indicated.