{"id":"https://openalex.org/W2013433855","doi":"https://doi.org/10.1145/2523649.2523665","title":"No attack necessary","display_name":"No attack necessary","publication_year":2013,"publication_date":"2013-12-09","ids":{"openalex":"https://openalex.org/W2013433855","doi":"https://doi.org/10.1145/2523649.2523665","mag":"2013433855"},"language":"en","primary_location":{"id":"doi:10.1145/2523649.2523665","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2523649.2523665","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 29th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5059280292","display_name":"Johanna Amann","orcid":null},"institutions":[{"id":"https://openalex.org/I1297971548","display_name":"International Computer Science Institute","ror":"https://ror.org/01ewh7m12","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1297971548"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Johanna Amann","raw_affiliation_strings":["International Computer Science Institute","[International Computer Science Institute]"],"affiliations":[{"raw_affiliation_string":"International Computer Science Institute","institution_ids":["https://openalex.org/I1297971548"]},{"raw_affiliation_string":"[International Computer Science Institute]","institution_ids":["https://openalex.org/I1297971548"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015612893","display_name":"Robin Sommer","orcid":null},"institutions":[{"id":"https://openalex.org/I1297971548","display_name":"International Computer Science Institute","ror":"https://ror.org/01ewh7m12","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1297971548"]},{"id":"https://openalex.org/I148283060","display_name":"Lawrence Berkeley National Laboratory","ror":"https://ror.org/02jbv0t02","country_code":"US","type":"facility","lineage":["https://openalex.org/I1330989302","https://openalex.org/I148283060","https://openalex.org/I39565521"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Robin Sommer","raw_affiliation_strings":["International Computer Science Institute and Lawrence Berkeley National Laboratory","International Computer Science Institute, and Lawrence Berkeley National Laboratory,"],"affiliations":[{"raw_affiliation_string":"International Computer Science Institute and Lawrence Berkeley National Laboratory","institution_ids":["https://openalex.org/I1297971548","https://openalex.org/I148283060"]},{"raw_affiliation_string":"International Computer Science Institute, and Lawrence Berkeley National Laboratory,","institution_ids":["https://openalex.org/I1297971548","https://openalex.org/I148283060"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056242950","display_name":"Matthias Vallentin","orcid":null},"institutions":[{"id":"https://openalex.org/I134446601","display_name":"Berkeley College","ror":"https://ror.org/02xewxa75","country_code":"US","type":"education","lineage":["https://openalex.org/I134446601"]},{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matthias Vallentin","raw_affiliation_strings":["UC Berkeley","UC BERKELEY"],"affiliations":[{"raw_affiliation_string":"UC Berkeley","institution_ids":["https://openalex.org/I134446601","https://openalex.org/I95457486"]},{"raw_affiliation_string":"UC BERKELEY","institution_ids":["https://openalex.org/I134446601"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5042465989","display_name":"Seth Hall","orcid":null},"institutions":[{"id":"https://openalex.org/I1297971548","display_name":"International Computer Science Institute","ror":"https://ror.org/01ewh7m12","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1297971548"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Seth Hall","raw_affiliation_strings":["International Computer Science Institute","[International Computer Science Institute]"],"affiliations":[{"raw_affiliation_string":"International Computer Science Institute","institution_ids":["https://openalex.org/I1297971548"]},{"raw_affiliation_string":"[International Computer Science Institute]","institution_ids":["https://openalex.org/I1297971548"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5059280292"],"corresponding_institution_ids":["https://openalex.org/I1297971548"],"apc_list":null,"apc_paid":null,"fwci":5.3197,"has_fulltext":false,"cited_by_count":37,"citation_normalized_percentile":{"value":0.95829432,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"179","last_page":"188"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7740999460220337},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.7399682998657227},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6608446836471558},{"id":"https://openalex.org/keywords/transport-layer-security","display_name":"Transport Layer Security","score":0.5413385033607483},{"id":"https://openalex.org/keywords/certificate-authority","display_name":"Certificate authority","score":0.5244279503822327},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.41223666071891785},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3753764033317566},{"id":"https://openalex.org/keywords/public-key-cryptography","display_name":"Public-key cryptography","score":0.2648116946220398},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.22366392612457275},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.1398194134235382}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7740999460220337},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.7399682998657227},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6608446836471558},{"id":"https://openalex.org/C148176105","wikidata":"https://www.wikidata.org/wiki/Q206494","display_name":"Transport Layer Security","level":3,"score":0.5413385033607483},{"id":"https://openalex.org/C93636275","wikidata":"https://www.wikidata.org/wiki/Q196776","display_name":"Certificate authority","level":4,"score":0.5244279503822327},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.41223666071891785},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3753764033317566},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.2648116946220398},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.22366392612457275},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.1398194134235382},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2523649.2523665","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2523649.2523665","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 29th Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4399999976158142,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[{"id":"https://openalex.org/G2329014606","display_name":null,"funder_award_id":"ACI-1032889","funder_id":"https://openalex.org/F4320337563","funder_display_name":"Division of Advanced Cyberinfrastructure"},{"id":"https://openalex.org/G2914537823","display_name":null,"funder_award_id":"MURI W911NF-09-1-0553","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"},{"id":"https://openalex.org/G6671847480","display_name":null,"funder_award_id":"MURI W911NF-09-1-0553","funder_id":"https://openalex.org/F4320338295","funder_display_name":"Army Research Laboratory"}],"funders":[{"id":"https://openalex.org/F4320320875","display_name":"Deutscher Akademischer Austauschdienst","ror":"https://ror.org/039djdh30"},{"id":"https://openalex.org/F4320337563","display_name":"Division of Advanced Cyberinfrastructure","ror":"https://ror.org/04nh1dc89"},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"},{"id":"https://openalex.org/F4320338295","display_name":"Army Research Laboratory","ror":"https://ror.org/011hc8f90"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W37277103","https://openalex.org/W199125295","https://openalex.org/W1516506771","https://openalex.org/W1534216444","https://openalex.org/W1552100577","https://openalex.org/W1567409052","https://openalex.org/W1595861018","https://openalex.org/W1688446120","https://openalex.org/W1881935562","https://openalex.org/W1926951188","https://openalex.org/W2022302485","https://openalex.org/W2048465382","https://openalex.org/W2104899073","https://openalex.org/W2129830111","https://openalex.org/W2130867912","https://openalex.org/W2134101189","https://openalex.org/W2146752727","https://openalex.org/W2161954933","https://openalex.org/W2186028149","https://openalex.org/W2242951943","https://openalex.org/W2300554752","https://openalex.org/W2505013646","https://openalex.org/W2557281918"],"related_works":["https://openalex.org/W2917230272","https://openalex.org/W2160682843","https://openalex.org/W4253144255","https://openalex.org/W4388829360","https://openalex.org/W4225555599","https://openalex.org/W1029437559","https://openalex.org/W4381195491","https://openalex.org/W4293194180","https://openalex.org/W1976919795","https://openalex.org/W2940998278"],"abstract_inverted_index":{"Much":[0],"of":[1,29,58,65,70,80,111,129,159],"the":[2,8,19,51,63,66,97,127,157,160],"Internet's":[3],"end-to-end":[4],"security":[5,52,64,158],"relies":[6],"on":[7,106,152],"SSL/TLS":[9],"protocol":[10],"along":[11],"with":[12,103],"its":[13,26],"underlying":[14],"X.509":[15],"certificate":[16,67,98],"infrastructure.":[17],"However,":[18],"system":[20],"remains":[21],"quite":[22],"brittle":[23],"due":[24],"to":[25,61,89,91,96,155],"liberal":[27],"delegation":[28],"signing":[30],"authority:":[31],"a":[32,56,107],"single":[33],"compromised":[34],"certification":[35],"authority":[36],"undermines":[37],"trust":[38],"globally.":[39],"Several":[40],"recent":[41],"high-profile":[42],"incidents":[43],"have":[44,151],"demonstrated":[45],"this":[46,84],"shortcoming":[47],"convincingly.":[48],"Over":[49],"time,":[50],"community":[53],"has":[54],"proposed":[55],"number":[57],"counter":[59],"measures":[60],"increase":[62],"ecosystem;":[68],"many":[69],"these":[71],"efforts":[72],"monitor":[73],"for":[74],"what":[75,147],"they":[76],"consider":[77],"tell-tale":[78],"signs":[79],"man-in-the-middle":[81],"attacks.":[82],"In":[83],"work":[85],"we":[86],"set":[87,110],"out":[88],"understand":[90],"which":[92],"degree":[93],"benign":[94,140],"changes":[95],"ecosystem":[99],"share":[100],"structural":[101],"properties":[102],"attacks,":[104],"based":[105],"large-scale":[108],"data":[109],"more":[112],"than":[113],"17":[114],"billion":[115],"SSL":[116,161],"sessions.":[117],"We":[118,144],"find":[119],"that":[120],"common":[121],"intuition":[122],"falls":[123],"short":[124],"in":[125,139],"assessing":[126],"maliciousness":[128],"an":[130],"unknown":[131],"certificate,":[132],"since":[133],"their":[134],"typical":[135],"artifacts":[136],"routinely":[137],"occur":[138],"contexts":[141],"as":[142],"well.":[143],"also":[145],"discuss":[146],"impact":[148],"our":[149],"observations":[150],"proposals":[153],"aiming":[154],"improve":[156],"ecosystem.":[162]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":5},{"year":2016,"cited_by_count":5},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":6}],"updated_date":"2026-03-27T14:29:43.386196","created_date":"2025-10-10T00:00:00"}