{"id":"https://openalex.org/W2890128393","doi":"https://doi.org/10.1145/3372802","title":"The Sorry State of TLS Security in Enterprise Interception Appliances","display_name":"The Sorry State of TLS Security in Enterprise Interception Appliances","publication_year":2020,"publication_date":"2020-05-29","ids":{"openalex":"https://openalex.org/W2890128393","doi":"https://doi.org/10.1145/3372802","mag":"2890128393"},"language":"en","primary_location":{"id":"doi:10.1145/3372802","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3372802","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3372802","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3372802","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082348165","display_name":"Louis Waked","orcid":null},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Louis Waked","raw_affiliation_strings":["Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada","Concordia Institute for Information Systems Engineering Concordia University Montreal Canada"],"affiliations":[{"raw_affiliation_string":"Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Concordia Institute for Information Systems Engineering Concordia University Montreal Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055898168","display_name":"Mohammad Mannan","orcid":"https://orcid.org/0000-0002-9630-5858"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohammad Mannan","raw_affiliation_strings":["Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada","Concordia Institute for Information Systems Engineering Concordia University Montreal Canada"],"affiliations":[{"raw_affiliation_string":"Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Concordia Institute for Information Systems Engineering Concordia University Montreal Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085765243","display_name":"Amr Youssef","orcid":"https://orcid.org/0000-0002-4284-8646"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Amr Youssef","raw_affiliation_strings":["Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada","Concordia Institute for Information Systems Engineering Concordia University Montreal Canada"],"affiliations":[{"raw_affiliation_string":"Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Concordia Institute for Information Systems Engineering Concordia University Montreal Canada","institution_ids":["https://openalex.org/I60158472"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5082348165"],"corresponding_institution_ids":["https://openalex.org/I60158472"],"apc_list":null,"apc_paid":null,"fwci":0.9706,"has_fulltext":true,"cited_by_count":9,"citation_normalized_percentile":{"value":0.76927625,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":"1","issue":"2","first_page":"1","last_page":"26"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7533484697341919},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.708001434803009},{"id":"https://openalex.org/keywords/transport-layer-security","display_name":"Transport Layer Security","score":0.686432421207428},{"id":"https://openalex.org/keywords/downgrade","display_name":"Downgrade","score":0.6572259068489075},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.45983025431632996},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.43213945627212524},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.42484864592552185},{"id":"https://openalex.org/keywords/man-in-the-middle-attack","display_name":"Man-in-the-middle attack","score":0.4246235489845276},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.4011005163192749},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3522472679615021},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.34969213604927063},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.33610373735427856},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.2353382706642151},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.16659331321716309}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7533484697341919},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.708001434803009},{"id":"https://openalex.org/C148176105","wikidata":"https://www.wikidata.org/wiki/Q206494","display_name":"Transport Layer Security","level":3,"score":0.686432421207428},{"id":"https://openalex.org/C2779628075","wikidata":"https://www.wikidata.org/wiki/Q1253258","display_name":"Downgrade","level":2,"score":0.6572259068489075},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.45983025431632996},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.43213945627212524},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.42484864592552185},{"id":"https://openalex.org/C196491621","wikidata":"https://www.wikidata.org/wiki/Q554830","display_name":"Man-in-the-middle attack","level":3,"score":0.4246235489845276},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.4011005163192749},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3522472679615021},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.34969213604927063},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.33610373735427856},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.2353382706642151},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.16659331321716309}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/3372802","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3372802","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3372802","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},{"id":"pmh:oai:arXiv.org:1809.08729","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1809.08729","pdf_url":"https://arxiv.org/pdf/1809.08729","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"mag:2890128393","is_oa":true,"landing_page_url":"https://arxiv.org/pdf/1809.08729","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"doi:10.48550/arxiv.1809.08729","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.1809.08729","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.1145/3372802","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3372802","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3372802","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.6299999952316284,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320334593","display_name":"Natural Sciences and Engineering Research Council of Canada","ror":"https://ror.org/01h531d29"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2890128393.pdf","grobid_xml":"https://content.openalex.org/works/W2890128393.grobid-xml"},"referenced_works_count":13,"referenced_works":["https://openalex.org/W1439967542","https://openalex.org/W1495444061","https://openalex.org/W1708992266","https://openalex.org/W1969343610","https://openalex.org/W2103239853","https://openalex.org/W2247093032","https://openalex.org/W2307188943","https://openalex.org/W2536707834","https://openalex.org/W2612070316","https://openalex.org/W2612544399","https://openalex.org/W2621197184","https://openalex.org/W2650293344","https://openalex.org/W2805984568"],"related_works":["https://openalex.org/W2912907958","https://openalex.org/W2805984568","https://openalex.org/W2885574771","https://openalex.org/W2761748950","https://openalex.org/W1497641109","https://openalex.org/W2963945982","https://openalex.org/W2109528881","https://openalex.org/W3105355360","https://openalex.org/W2053123811","https://openalex.org/W2290776461","https://openalex.org/W3212981206","https://openalex.org/W2789844390","https://openalex.org/W2185893991","https://openalex.org/W42320735","https://openalex.org/W3012446380","https://openalex.org/W2959474188","https://openalex.org/W2041950790","https://openalex.org/W2768404925","https://openalex.org/W2099085467","https://openalex.org/W2952464168"],"abstract_inverted_index":{"Network":[0],"traffic":[1,27],"inspection,":[2],"including":[3],"TLS":[4,51,80,86,143,168,177,273],"traffic,":[5,97],"in":[6,99,108,137,147,153,166,275],"enterprise":[7,21,173,276],"environments":[8],"is":[9,264],"widely":[10,271],"practiced.":[11],"Reasons":[12],"for":[13],"doing":[14],"so":[15],"are":[16,110],"primarily":[17],"related":[18],"to":[19,60,72,141,159,259,265],"improving":[20],"security":[22,178,230],"(e.g.,":[23,33,64,133,145],"phishing":[24],"and":[25,29,38,67,88,91,104,127,163,188,196,217,227,249,277,287],"malicious":[26],"detection)":[28],"meeting":[30],"legal":[31],"requirements":[32],"preventing":[34],"unauthorized":[35],"data":[36],"leakage":[37],"copyright":[39],"violations).":[40],"To":[41,175],"analyze":[42,176,201],"TLS-encrypted":[43],"data,":[44],"network":[45,154,180,204],"appliances":[46,155,205,238],"implement":[47,83],"a":[48,61,65,85,89,93,122,128,184,207,212,222],"Man-in-the-Middle":[49],"(MITM)":[50],"proxy":[52,81],"by":[53,270],"acting":[54,68],"as":[55,69,102,119,121,146],"the":[56,70,73,79,151,267],"intended":[57],"web":[58,75,125,131],"server":[59,90,132],"requesting":[62],"client":[63,71,87],"browser)":[66],"actual/outside":[74],"server.":[76],"As":[77,139],"such,":[78],"must":[82,115],"both":[84],"handle":[92],"large":[94],"amount":[95],"of":[96,161,179,209,224],"preferably":[98],"real-time.":[100],"However,":[101],"protocol":[103],"implementation":[105],"layer":[106],"vulnerabilities":[107],"TLS/HTTPS":[109],"quite":[111],"frequent,":[112],"these":[113],"proxies":[114,144,152,274],"be":[116],"at":[117,243],"least":[118],"secure":[120],"modern,":[123],"up-to-date":[124],"browser":[126],"properly":[129],"configured":[130],"an":[134],"A+":[135],"rating":[136],"SSLlabs.com).":[138],"opposed":[140],"client-end":[142,195],"several":[148,229],"anti-virus":[149],"products),":[150],"may":[156],"serve":[157],"hundreds":[158],"thousands":[160],"clients,":[162],"any":[164],"vulnerability":[165],"their":[167,257],"implementations":[169],"can":[170],"significantly":[171],"downgrade":[172],"security.":[174],"appliances,":[181],"we":[182,234],"develop":[183],"comprehensive":[185],"framework,":[186],"combining":[187],"extending":[189],"tests":[190],"from":[191],"existing":[192],"work":[193],"on":[194],"network-based":[197],"interception":[198],"studies.":[199],"We":[200],"13":[202],"representative":[203],"over":[206],"period":[208],"more":[210],"than":[211],"year":[213],"(including":[214],"versions":[215],"before":[216],"after":[218],"notifying":[219],"affected":[220],"vendors,":[221],"total":[223],"17":[225],"versions)":[226],"uncover":[228],"issues.":[231],"For":[232],"instance,":[233],"found":[235],"that":[236],"four":[237],"perform":[239],"no":[240],"certificate":[241],"validation":[242],"all,":[244],"three":[245],"use":[246],"pre-generated":[247],"certificates,":[248],"eleven":[250],"accept":[251],"certificates":[252],"signed":[253],"using":[254],"MD5,":[255],"exposing":[256],"clients":[258],"MITM":[260],"attacks.":[261],"Our":[262],"goal":[263],"highlight":[266],"risks":[268],"introduced":[269],"used":[272],"government":[278],"environments,":[279],"potentially":[280],"affecting":[281],"many":[282],"systems":[283],"hosting":[284],"security,":[285],"privacy,":[286],"financially":[288],"sensitive":[289],"data.":[290]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":2}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}