The economics of cryptographic trust : understanding certificate authorities
Thesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, Institute for Data, Systems, and Society, Technology and Policy Program, 2016.
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | eng |
| Published: |
Massachusetts Institute of Technology
2016
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/1721.1/104028 |
| _version_ | 1826215358689705984 |
|---|---|
| author | Specter, Michael Alan |
| author2 | David D. Clark and Daniel J. Weitzner. |
| author_facet | David D. Clark and Daniel J. Weitzner. Specter, Michael Alan |
| author_sort | Specter, Michael Alan |
| collection | MIT |
| description | Thesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, Institute for Data, Systems, and Society, Technology and Policy Program, 2016. |
| first_indexed | 2024-09-23T16:25:47Z |
| format | Thesis |
| id | mit-1721.1/104028 |
| institution | Massachusetts Institute of Technology |
| language | eng |
| last_indexed | 2024-09-23T16:25:47Z |
| publishDate | 2016 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/1040282022-01-31T17:01:44Z The economics of cryptographic trust : understanding certificate authorities Specter, Michael Alan David D. Clark and Daniel J. Weitzner. Technology and Policy Program. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Massachusetts Institute of Technology. Engineering Systems Division Massachusetts Institute of Technology. Institute for Data, Systems, and Society Technology and Policy Program Institute for Data, Systems, and Society. Electrical Engineering and Computer Science. Engineering Systems Division. Technology and Policy Program. Thesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, Institute for Data, Systems, and Society, Technology and Policy Program, 2016. Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2016. Cataloged from PDF version of thesis. Includes bibliographical references (pages 71-75). Certificate Authorities (CAs) play a crucial role in HTTPS, the mechanism that secures all of the web's most important communication; if it has a log-in page, it must use HTTPS. However, recent history is littered with instances of CAs unabashedly undermining the trust model of the web in favor of economic gain, causing catastrophic harm to users in the process. The purpose of this thesis is to understand how well user, domain owner, and browser vendor controls function in order to evaluate methods of realigning CA incentives. Using a compendium of past incidents of CA failure as a series of natural experiments, along with a large dataset of all publicly available certificate collections, we find that it is possible to causally link a very slight increase in domain owners leaving a CA when a CA acts inappropriately. We further find that the technical architecture of the CA system leaves users without effective control over which CAs they trust, and that browsers face certain difficulty in distrusting larger CAs. The end result is a system where large CAs can unilaterally undermine the trust model of the web without clear repercussion. by Michael Alan Specter. S.M. in Technology and Policy S.M. 2016-08-26T14:39:45Z 2016-08-26T14:39:45Z 2016 2016 Thesis http://hdl.handle.net/1721.1/104028 957287604 eng M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582 75 pages application/pdf Massachusetts Institute of Technology |
| spellingShingle | Institute for Data, Systems, and Society. Electrical Engineering and Computer Science. Engineering Systems Division. Technology and Policy Program. Specter, Michael Alan The economics of cryptographic trust : understanding certificate authorities |
| title | The economics of cryptographic trust : understanding certificate authorities |
| title_full | The economics of cryptographic trust : understanding certificate authorities |
| title_fullStr | The economics of cryptographic trust : understanding certificate authorities |
| title_full_unstemmed | The economics of cryptographic trust : understanding certificate authorities |
| title_short | The economics of cryptographic trust : understanding certificate authorities |
| title_sort | economics of cryptographic trust understanding certificate authorities |
| topic | Institute for Data, Systems, and Society. Electrical Engineering and Computer Science. Engineering Systems Division. Technology and Policy Program. |
| url | http://hdl.handle.net/1721.1/104028 |
| work_keys_str_mv | AT spectermichaelalan theeconomicsofcryptographictrustunderstandingcertificateauthorities AT spectermichaelalan economicsofcryptographictrustunderstandingcertificateauthorities |