Paper Review: SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements

This is an interesting paper which raises some excellent questions regarding the adoption of HTTPS and security issues related to it. Although HTTPS is considered secure, various attacks on HTTPS and its certificate model have been hypothesized and executed. As we are migrating more and more towards HTTPS, the number of browser-trusted certificate authorities are … Continue reading Paper Review: SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements →

Paper Review: Measuring HTTPS Adoption on the Web

Since the inception of the internet, web traffic was unencrypted for the most part, but this has been changing over the last few years. This paper majorly discusses two questions. First, are the community effort to migrate from HTTP to HTTPS are paying off? Which areas do we need to work more? Second, how far … Continue reading Paper Review: Measuring HTTPS Adoption on the Web →

Paper Review: The Matter of Heartbleed

In this paper, the authors talk about Heartbleed, a critical security bug in OpenSSL, an open source implementation of SSL. The heartbleed vulnerability was disclosed in April 2014. It is a vulnerability in TLS Heartbeat extension. The heartbeat extension is used to check whether the server we are communicating to is still up. To do … Continue reading Paper Review: The Matter of Heartbleed →

Paper Review: Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

There have been a lot of security-related incidents due to poor random number generation. Keeping that in mind, the authors collected the keys to look for specific vulnerabilities and find the root cause for them. They have used two most used cryptographic protocol for analysis i.e. TLS and SSH. The authors used NMap to collect … Continue reading Paper Review: Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices →

Paper Review: Making Middleboxes Someone Else’s Problem: Network Processing as a Cloud Service

In this paper, the authors have done a survey of the deployed middleboxes across the enterprises to find the problems that are introduced and then they propose a solution for the same. They find out what these deployments look like and what challenges do they introduce in practice and how can we make them better. … Continue reading Paper Review: Making Middleboxes Someone Else’s Problem: Network Processing as a Cloud Service →

Paper Review: BlindBox: Deep Packet Inspection over Encrypted Traffic

In this paper, the authors developed "Blindbox", a tool which enables deep packet inspection over encrypted traffic. In this paper, the authors mainly focus on the intrusion prevention system, although the techniques that are developed are applicable to other systems like parental filtering systems, etc. The need for such solution arises because of the following … Continue reading Paper Review: BlindBox: Deep Packet Inspection over Encrypted Traffic →

Paper Review: TapDance: End-to-Middle Anticensorship without Flow Blocking

This paper reviews the existing approaches to censorship resistances mainly end-to-middle proxies like Telex, Decoy Routing, and Cirripede. In these designs, the client tags the connection in a way that only end-to-middle proxies can see but the sensor cannot see. When the proxy sees such connection, it cuts of the client's connection with decoy server … Continue reading Paper Review: TapDance: End-to-Middle Anticensorship without Flow Blocking →

Paper Review: Towards Grounding Censorship Circumvention in Empiricism

In this paper, the authors talk about the existing deployed approaches to circumvent internet censorship and also discusses the research proposals to consider the criteria employed in their proposals. The goal of this paper is to understand the real world censorship problems and how research and censorship convention address them.  But, before talking about the … Continue reading Paper Review: Towards Grounding Censorship Circumvention in Empiricism →

Paper Review: PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs

In this paper, the authors perform the in-depth analysis of online sales of counterfeit goods and unauthorized products. These products mainly drive the underground advertising industry including spam, forum abuse, etc. Although these websites are economically motivated, their underlying business functionality is not clearly understood. In this paper, the authors analyze the functioning of three … Continue reading Paper Review: PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs →