Software Open Access

Security of Alerting Authorities in the WWW: Measuring Namespaces, DNSSEC, and Web PKI

Pouyan Fotouhi Tehrani; Eric Osterweil; Jochen H. Schiller; Thomas C. Schmidt; Matthias Wählisch


DCAT Export

<?xml version='1.0' encoding='utf-8'?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:adms="http://www.w3.org/ns/adms#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dct="http://purl.org/dc/terms/" xmlns:dctype="http://purl.org/dc/dcmitype/" xmlns:dcat="http://www.w3.org/ns/dcat#" xmlns:duv="http://www.w3.org/ns/duv#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:frapo="http://purl.org/cerif/frapo/" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#" xmlns:gsp="http://www.opengis.net/ont/geosparql#" xmlns:locn="http://www.w3.org/ns/locn#" xmlns:org="http://www.w3.org/ns/org#" xmlns:owl="http://www.w3.org/2002/07/owl#" xmlns:prov="http://www.w3.org/ns/prov#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" xmlns:schema="http://schema.org/" xmlns:skos="http://www.w3.org/2004/02/skos/core#" xmlns:vcard="http://www.w3.org/2006/vcard/ns#" xmlns:wdrs="http://www.w3.org/2007/05/powder-s#">
  <rdf:Description rdf:about="https://doi.org/10.5281/zenodo.4300947">
    <rdf:type rdf:resource="http://www.w3.org/ns/dcat#Dataset"/>
    <dct:type rdf:resource="http://purl.org/dc/dcmitype/Software"/>
    <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://doi.org/10.5281/zenodo.4300947</dct:identifier>
    <foaf:page rdf:resource="https://doi.org/10.5281/zenodo.4300947"/>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Pouyan Fotouhi Tehrani</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Weizenbaum Institute / Fraunhofer FOKUS</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Eric Osterweil</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>George Mason University</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Jochen H. Schiller</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Freie Universtiät Berlin</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Thomas C. Schmidt</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>HAW Hamburg</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Matthias Wählisch</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Freie Universtiät Berlin</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:title>Security of Alerting Authorities in the WWW: Measuring Namespaces, DNSSEC, and Web PKI</dct:title>
    <dct:publisher>
      <foaf:Agent>
        <foaf:name>Zenodo</foaf:name>
      </foaf:Agent>
    </dct:publisher>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#gYear">2020</dct:issued>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#date">2020-12-01</dct:issued>
    <dct:language rdf:resource="http://publications.europa.eu/resource/authority/language/ENG"/>
    <owl:sameAs rdf:resource="https://zenodo.org/record/4300947"/>
    <adms:identifier>
      <adms:Identifier>
        <skos:notation rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://zenodo.org/record/4300947</skos:notation>
        <adms:schemeAgency>url</adms:schemeAgency>
      </adms:Identifier>
    </adms:identifier>
    <dct:relation rdf:resource="https://doi.org/10.1145/3442381.3450033"/>
    <dct:isVersionOf rdf:resource="https://doi.org/10.5281/zenodo.4300946"/>
    <dct:description>&lt;p&gt;&lt;strong&gt;Security of Alerting Authorities in the WWW: Measuring Namespaces, DNSSEC, and Web PKI&lt;/strong&gt;&lt;/p&gt; &lt;p&gt;This repository contains the toolchain to measure DNS and Web PKI characteristics of&amp;nbsp;&lt;a href="https://www.fema.gov/emergency-managers/practitioners/integrated-public-alert-warning-system/public-safety-officials/alerting-authorities"&gt;Alerting Authorities&lt;/a&gt;&amp;nbsp;(AA) in the US as well as our measurements and raw data (e.g., collected certificates).&lt;/p&gt; &lt;p&gt;&lt;strong&gt;NOTE:&lt;/strong&gt; If you use our data or tools, please cite &lt;a href="https://doi.org/10.1145/3442381.3450033"&gt;our paper&lt;/a&gt; us as follows:&lt;/p&gt; &lt;pre&gt;&lt;em&gt;Pouyan Fotouhi Tehrani, Eric Osterweil, Jochen H. Schiller, Thomas C. Schmidt, and Matthias W&amp;auml;hlisch. Security of Alerting Authorities in the WWW: Measuring Namespaces, DNSSEC, and Web PKI. In Proceedings of the WebConference 2021 (WWW&amp;rsquo;21), ACM, New York, NY, USA&lt;/em&gt;&lt;/pre&gt; &lt;p&gt;&amp;nbsp;&lt;/p&gt; &lt;p&gt;&lt;strong&gt;Abstract&lt;/strong&gt;&lt;/p&gt; &lt;blockquote&gt; &lt;p&gt;During disasters, crisis, and emergencies the public relies on online services provided by official authorities to receive timely alerts, trustworthy information, and access to relief programs. It is therefore crucial for the authorities to reduce risks when accessing their online services. This includes catering to secure identification of service, secure resolution of name to network service, and content security and privacy as a minimum base for trustworthy communication.&lt;/p&gt; &lt;p&gt;In this paper, we take a first look at Alerting Authorities (AA) in the US and investigate security measures related to trustworthy and secure communication. We study the domain namespace structure, DNSSEC penetration, and web certificates. We introduce an integrative threat model to better understand whether and how the online presence and services of AAs are harmed. As an illustrative example, we investigate 1,388 Alerting Authorities, backed by the United States Federal Emergency Management Agency (US FEMA). We observe partial heightened security relative to the global Internet trends, yet find cause for concern as about 80% of service providers fail to deploy measures of trustworthy service provision. Our analysis shows two major shortcomings. First, how the DNS ecosystem is leveraged: about 50% of organizations do not own their dedicated domain names and are dependent on others, 55% opt for unrestricted-use namespaces, which simplifies phishing, and less than 0.4% of unique AA domain names are secured by DNSSEC, which can lead to DNS poisoning and possibly to cer tificate misissuance. Second, how Web PKI certificates are utilized: 15% of all hosts provide none or invalid certificates, thus cannot cater to confidentiality and data integrity, 64% of the hosts provide domain validation certification that lack any identity information, and shared certificates have gained on popularity, which leads to fate-sharing and can be a cause for instability.&lt;/p&gt; &lt;/blockquote&gt; &lt;p&gt;&lt;strong&gt;Repository structure&lt;/strong&gt;&lt;/p&gt; &lt;ul&gt; &lt;li&gt;&lt;strong&gt;Toolchain&lt;/strong&gt; (&lt;code&gt;1_aa-dns-webpki-source.zip&lt;/code&gt;): the source code used for our data collection. For more information see the included&amp;nbsp;&lt;code&gt;README.md&lt;/code&gt;&amp;nbsp;and the manual under&amp;nbsp;&lt;code&gt;docs&lt;/code&gt;&amp;nbsp;in the archive.&lt;/li&gt; &lt;li&gt;&lt;strong&gt;Measurements&lt;/strong&gt; (&lt;code&gt;2_aa-dns-webpki-measurements.zip&lt;/code&gt;): &lt;ul&gt; &lt;li&gt;&lt;code&gt;auths-filtered-dns-merged.csv&lt;/code&gt;: table containing information about each AA with respective DNS characteristics.&lt;/li&gt; &lt;li&gt;&lt;code&gt;auths-active-certs.csv&lt;/code&gt;: table containing information about current (at the time of study) information about SSL/TLS characteristics of AA hosts.&lt;/li&gt; &lt;li&gt;&lt;code&gt;auths-active-certs-analyzed.csv&lt;/code&gt;: table containing detailed information about active certificates in use by AA hosts.&lt;/li&gt; &lt;li&gt;auths-ct-logged-certs-analyzed.csv: table containing detailed information about CT-logged certificates use by AA hosts.&lt;/li&gt; &lt;/ul&gt; &lt;/li&gt; &lt;li&gt;&lt;strong&gt;Raw data&lt;/strong&gt; (&lt;code&gt;3_aa-dns-webpki-raw.zip&lt;/code&gt;): &lt;ul&gt; &lt;li&gt;&lt;code&gt;active-certs.gz&lt;/code&gt;: current certificates in use by AA hosts.&lt;/li&gt; &lt;li&gt;&lt;code&gt;ct-certs.gz&lt;/code&gt;: CT-logged certificates used by AA hosts.&lt;/li&gt; &lt;/ul&gt; &lt;/li&gt; &lt;/ul&gt;</dct:description>
    <dct:accessRights rdf:resource="http://publications.europa.eu/resource/authority/access-right/PUBLIC"/>
    <dct:accessRights>
      <dct:RightsStatement rdf:about="info:eu-repo/semantics/openAccess">
        <rdfs:label>Open Access</rdfs:label>
      </dct:RightsStatement>
    </dct:accessRights>
    <dcat:distribution>
      <dcat:Distribution>
        <dct:license rdf:resource="https://creativecommons.org/licenses/by/4.0/legalcode"/>
        <dcat:accessURL rdf:resource="https://doi.org/10.5281/zenodo.4300947"/>
      </dcat:Distribution>
    </dcat:distribution>
    <dcat:distribution>
      <dcat:Distribution>
        <dcat:accessURL>https://doi.org/10.5281/zenodo.4300947</dcat:accessURL>
        <dcat:byteSize>164468</dcat:byteSize>
        <dcat:downloadURL rdf:resource="https://zenodo.org/record/4300947/files/1_aa-dns-webpki--source.zip">https://zenodo.org/record/4300947/files/1_aa-dns-webpki--source.zip</dcat:downloadURL>
        <dcat:mediaType>application/zip</dcat:mediaType>
      </dcat:Distribution>
    </dcat:distribution>
    <dcat:distribution>
      <dcat:Distribution>
        <dcat:accessURL>https://doi.org/10.5281/zenodo.4300947</dcat:accessURL>
        <dcat:byteSize>643463</dcat:byteSize>
        <dcat:downloadURL rdf:resource="https://zenodo.org/record/4300947/files/2_aa-dns-webpki--measurements.zip">https://zenodo.org/record/4300947/files/2_aa-dns-webpki--measurements.zip</dcat:downloadURL>
        <dcat:mediaType>application/zip</dcat:mediaType>
      </dcat:Distribution>
    </dcat:distribution>
    <dcat:distribution>
      <dcat:Distribution>
        <dcat:accessURL>https://doi.org/10.5281/zenodo.4300947</dcat:accessURL>
        <dcat:byteSize>31165712</dcat:byteSize>
        <dcat:downloadURL rdf:resource="https://zenodo.org/record/4300947/files/3_aa-dns-webpki--raw.zip">https://zenodo.org/record/4300947/files/3_aa-dns-webpki--raw.zip</dcat:downloadURL>
        <dcat:mediaType>application/zip</dcat:mediaType>
      </dcat:Distribution>
    </dcat:distribution>
  </rdf:Description>
</rdf:RDF>
131
19
views
downloads
All versions This version
Views 131131
Downloads 1919
Data volume 222.5 MB222.5 MB
Unique views 106106
Unique downloads 1111

Share

Cite as