Research on the SSL/TLS Ecosystem

Every day, we use Secure Sockets Layer (SSL) and Transport Layer Security (TLS) to secure our Internet transactions such as name resolution (DNS lookup), banking, e-mail and e-commerce. Along with a public key infrastructure (PKI), they allow our computers to automatically verify that our sensitive information (e.g., credit card numbers and passwords) are hidden from eavesdroppers and sent to trustworthy servers.


In mid-April, 2014, a software vulnerability called Heartbleed was announced. It allows malicious users to capture information that would allow them to masquerade as trusted servers and potentially steal sensitive information from unsuspecting users. The PKI provides multiple ways to prevent such an attack from occurring, and we should expect Web site operators to use these countermeasures.

For more details, please see our projects published at IMC'14 and IMC'15.

Private Key Sharing

We found that the prevalence with which websites trust third-party hosting providers with their secret keys, as well as the impact that this trust has on responsible key management practices, such as revocation. Our results reveal that key sharing is extremely common, with a small handful of hosting providers having keys from the majority of the most popular websites. We also find that hosting providers often manage their customers' keys, and that they tend to react more slowly yet more thoroughly to compromised or potentially compromised keys.

For more details, please see our project published at CCS'16.

Invalid Certificates

SSL and TLS are used to secure the most commonly used Internet protocols. As a result, the ecosystem of SSL certificates has been thoroughly studied, leading to a broad understanding of the strengths and weaknesses of the certificates accepted by most web browsers.
Prior work has naturally focused almost exclusively on "valid" certificates—those that standard browsers accept as well-formed and trusted—and has largely disregarded certificates that are otherwise "invalid." Surprisingly, however, this leaves the majority of certificates unexamined: we find that, on average, 65% of SSL certificates advertised in each IPv4 scan that we examine are actually invalid.

For more details, please see our project published at IMC'16.

OCSP Measurement

We study whether today's web is ready for OCSP Must-Staple.
Specifically, we measure each of the three major principals-web servers, OCSP responders, and browsers-to ascertain whether they are doing what would be necessary for OCSP Must-Staple to succeed, and what impact their failures would have on website availability.

For more details, please see our project published at IMC'18.

Domain Impersonation

Attackers often trick users with domains that look similar, but aren't identical, to high-value target websites. Legitimate certificates can be obtained for these domains, as an attacker can easily prove ownership of a domain they legitimately own. Why cirvumvent the PKI when you can fool users without having to break the rules?
Using Certificate Transparency (CT) logs, we measure the prevelance of impersonating domains in the PKI.

For more details, please see our project published at CCS'19.


The Domain Name System (DNS) provides a scalable, flexible name resolution service. Unfortunately, its unauthenticated architecture has proven to be the vector for many security attacks. To address this, DNS Security Extensions (DNSSEC) were introduced in 1997.
At its core, DNSSEC is a hierarchical public key infrastructure (PKI) that largely mirrors the DNS hierarchy and is anchored in the DNS root zone. DNSSEC enables clients (typically DNS resolvers) who support it to authenticate DNS records for domains that also support DNSSEC.

For more details, please see our projects published at SEC'17 and IMC'17.