DC ElementWertSprache
dc.contributor.authorTehrani, Pouyan Fotouhi-
dc.contributor.authorOsterweil, Eric-
dc.contributor.authorSchiller, Jochen-
dc.contributor.authorSchmidt, Thomas C.-
dc.contributor.authorWählisch, Matthias-
dc.date.accessioned2022-02-14T09:51:37Z-
dc.date.available2022-02-14T09:51:37Z-
dc.date.issued2021-
dc.identifier.isbn978-1-4503-8312-7en_US
dc.identifier.urihttp://hdl.handle.net/20.500.12738/12395-
dc.description.abstractDuring disasters, crisis, and emergencies the public relies on online services provided by official authorities to receive timely alerts, trustworthy information, and access to relief programs. It is therefore crucial for the authorities to reduce risks when accessing their online services. This includes catering to secure identification of service, secure resolution of name to network service, and content security and privacy as a minimum base for trustworthy communication. In this paper, we take a first look at Alerting Authorities (AA) in the US and investigate security measures related to trustworthy and secure communication. We study the domain namespace structure, DNSSEC penetration, and web certificates. We introduce an integrative threat model to better understand whether and how the online presence and services of AAs are harmed. As an illustrative example, we investigate 1,388 Alerting Authorities, backed by the United States Federal Emergency Management Agency (US FEMA). We observe partial heightened security relative to the global Internet trends, yet find cause for concern as about 80\% of service providers fail to deploy measures of trustworthy service provision. Our analysis shows two major shortcomings. First, how the DNS ecosystem is leveraged: about 50% of organizations do not own their dedicated domain names and are dependent on others, 55% opt for unrestricted-use namespaces, which simplifies phishing, and less than 0.4% of unique AA domain names are secured by DNSSEC, which can lead to DNS poisoning and possibly to certificate misissuance. Second, how Web PKI certificates are utilized: 15% of all hosts provide none or invalid certificates, thus cannot cater to confidentiality and data integrity, 64% of the hosts provide domain validation certification that lack any identity information, and shared certificates have gained on popularity, which leads to fate-sharing and can be a cause for instability.en_US
dc.description.sponsorshipBundesministerium für Bildung und Forschungen_US
dc.language.isoen_USen_US
dc.publisherAssociation for Computing Machineryen_US
dc.subject.ddc004: Informatiken_US
dc.titleSecurity of Alerting Authorities in the WWW : Measuring Namespaces, DNSSEC, and Web PKIen_US
dc.typeinProceedingsen_US
dc.relation.conferenceWeb Conference 2021en_US
local.contributorPerson.editorLeskovec, Jure-
local.contributorPerson.editorGrobelnik, Marko-
local.contributorPerson.editorNajork, Marc-
local.contributorPerson.editorTang, Jie-
local.contributorPerson.editorZia, Leila-
tuhh.container.endpage2720en_US
tuhh.container.startpage2709en_US
tuhh.oai.showtrueen_US
tuhh.publication.instituteDepartment Informatiken_US
tuhh.publication.instituteFakultät Technik und Informatiken_US
tuhh.publisher.doi10.1145/3442381.3450033-
tuhh.relation.ispartofseriesACM Conferencesen_US
tuhh.type.opusInProceedings (Aufsatz / Paper einer Konferenz etc.)-
dc.rights.cchttps://creativecommons.org/licenses/by/4.0/en_US
dc.type.casraiConference Paper-
dc.type.dinicontributionToPeriodical-
dc.type.drivercontributionToPeriodical-
dc.type.statusinfo:eu-repo/semantics/publishedVersionen_US
dcterms.DCMITypeText-
tuhh.book.titleProceedings of the Web Conference 2021-
item.creatorGNDTehrani, Pouyan Fotouhi-
item.creatorGNDOsterweil, Eric-
item.creatorGNDSchiller, Jochen-
item.creatorGNDSchmidt, Thomas C.-
item.creatorGNDWählisch, Matthias-
item.fulltextNo Fulltext-
item.creatorOrcidTehrani, Pouyan Fotouhi-
item.creatorOrcidOsterweil, Eric-
item.creatorOrcidSchiller, Jochen-
item.creatorOrcidSchmidt, Thomas C.-
item.creatorOrcidWählisch, Matthias-
item.seriesrefACM Conferences-
item.grantfulltextnone-
item.cerifentitytypePublications-
item.tuhhseriesidACM Conferences-
item.languageiso639-1en_US-
item.openairecristypehttp://purl.org/coar/resource_type/c_5794-
item.openairetypeinProceedings-
crisitem.author.deptDepartment Informatik-
crisitem.author.orcid0000-0002-0956-7885-
crisitem.author.parentorgFakultät Technik und Informatik-
Enthalten in den Sammlungen:Publications without full text
Zur Kurzanzeige

Seitenansichten

74
checked on 27.12.2024

Google ScholarTM

Prüfe

HAW Katalog

Prüfe

Volltext ergänzen

Feedback zu diesem Datensatz


Diese Ressource wurde unter folgender Copyright-Bestimmung veröffentlicht: Lizenz von Creative Commons Creative Commons