Skip navigation
Please use this identifier to cite or link to this item: http://arks.princeton.edu/ark:/88435/dsp01b8515r23v
Title: The Impact of the Online Certificate Status Protocol on User Privacy
Authors: Bryers, Evan
Advisors: Mittal, Prateek
Department: Electrical Engineering
Class Year: 2019
Abstract: In the current Internet Public Key Infrastructure (PKI), trusted third parties called Certificate Authorities (CAs) issue digitally-signed certificates affirming ownership of a domain. The Online Certificate Status Protocol (OCSP) was introduced to allow applications to verify that a given certificate had not been revoked, by querying an OCSP responder (server). By requiring applications to send unencrypted requests to third-party responders each time they wish to validate a certificate’s status, OCSP is generally understood to present a threat to user privacy, leaking information about user web behavior. Ironically, the publicity of this issue has not led to significant study of the nature and scope of this threat. In this work, we outline and conduct a large-scale measurement of OCSP traffic associated with visits to popular websites. We then use this data to assess the extent to which entities at three levels—CAs, Content Delivery Networks, and ASes—are capable of inferring the destination sites a user visits using passively-observed OCSP traffic. We also consider the ramifications of OCSP privacy leakage in the context of anonymous networks such as Tor, and propose a novel correlation attack that incorporates OCSP traffic.
URI: http://arks.princeton.edu/ark:/88435/dsp01b8515r23v
Type of Material: Princeton University Senior Theses
Language: en
Appears in Collections:Electrical Engineering, 1932-2020

Files in This Item:
File Description SizeFormat 
BRYERS-EVAN-THESIS.pdf1.63 MBAdobe PDF    Request a copy


Items in Dataspace are protected by copyright, with all rights reserved, unless otherwise indicated.