Accept the Risk and Continue: Measuring the Long Tail of Government https Adoption

Proceedings of the ACM Internet Measurement Conference Pub Date : 2020-10-27 DOI:10.1145/3419394.3423645

S. Singanamalla, E. Jang, Richard J. Anderson, Tadayoshi Kohno, Kurtis Heimerl

{"title":"Accept the Risk and Continue: Measuring the Long Tail of Government https Adoption","authors":"S. Singanamalla, E. Jang, Richard J. Anderson, Tadayoshi Kohno, Kurtis Heimerl","doi":"10.1145/3419394.3423645","DOIUrl":null,"url":null,"abstract":"Across the world, government websites are expected to be reliable sources of information, regardless of their view count. Interactions with these websites often contain sensitive information, such as identity, medical, or legal data, whose integrity must be protected for citizens to remain safe. To better understand the government website ecosystem, we measure the adoption of https including the \"long tail\" of government websites around the world, which are typically not captured in the top-million datasets used for such studies. We identify and measure major categories and frequencies of https adoption errors, including misconfiguration of certificates via expiration, reuse of keys and serial numbers between unrelated government departments, use of insecure cryptographic protocols and keys, and untrustworthy root Certificate Authorities (CAs). Finally, we observe an overall lower https rate and a steeper dropoff with descending popularity among government sites compared to the commercial websites & provide recommendations to improve the usage of https in governments worldwide.","PeriodicalId":255324,"journal":{"name":"Proceedings of the ACM Internet Measurement Conference","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ACM Internet Measurement Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3419394.3423645","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

Abstract

Across the world, government websites are expected to be reliable sources of information, regardless of their view count. Interactions with these websites often contain sensitive information, such as identity, medical, or legal data, whose integrity must be protected for citizens to remain safe. To better understand the government website ecosystem, we measure the adoption of https including the "long tail" of government websites around the world, which are typically not captured in the top-million datasets used for such studies. We identify and measure major categories and frequencies of https adoption errors, including misconfiguration of certificates via expiration, reuse of keys and serial numbers between unrelated government departments, use of insecure cryptographic protocols and keys, and untrustworthy root Certificate Authorities (CAs). Finally, we observe an overall lower https rate and a steeper dropoff with descending popularity among government sites compared to the commercial websites & provide recommendations to improve the usage of https in governments worldwide.

查看原文本刊更多论文

接受风险并继续:衡量政府采用https的长尾效应

无论浏览量如何，全世界的政府网站都被认为是可靠的信息来源。与这些网站的交互通常包含敏感信息，如身份、医疗或法律数据，必须保护其完整性，以确保公民的安全。为了更好地了解政府网站生态系统，我们测量了https的采用情况，包括世界各地政府网站的“长尾”，这些数据通常没有被用于此类研究的前100万数据集中捕获。我们识别和测量https采用错误的主要类别和频率，包括通过过期错误配置证书，在不相关的政府部门之间重用密钥和序列号，使用不安全的加密协议和密钥，以及不可信的根证书颁发机构(ca)。最后，我们观察到与商业网站相比，政府网站的https使用率总体较低，并且随着受欢迎程度的下降而急剧下降，并提供建议以改善https在全球政府中的使用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the ACM Internet Measurement Conference

自引率

0.00%

发文量