{"id":"https://openalex.org/W4285798199","doi":"https://doi.org/10.1145/3499428","title":"CDNs\u2019 Dark Side: Security Problems in CDN-to-Origin Connections","display_name":"CDNs\u2019 Dark Side: Security Problems in CDN-to-Origin Connections","publication_year":2022,"publication_date":"2022-07-19","ids":{"openalex":"https://openalex.org/W4285798199","doi":"https://doi.org/10.1145/3499428"},"language":"en","primary_location":{"id":"doi:10.1145/3499428","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3499428","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3499428","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3499428","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5008241298","display_name":"Behnam Shobiri","orcid":"https://orcid.org/0000-0002-7433-050X"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Behnam Shobiri","raw_affiliation_strings":["Concordia University, Montreal, QC, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University, Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055898168","display_name":"Mohammad Mannan","orcid":"https://orcid.org/0000-0002-9630-5858"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohammad Mannan","raw_affiliation_strings":["Concordia University, Montreal, QC, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University, Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085765243","display_name":"Amr Youssef","orcid":"https://orcid.org/0000-0002-4284-8646"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Amr Youssef","raw_affiliation_strings":["Concordia University, Montreal, QC, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University, Montreal, QC, Canada","institution_ids":["https://openalex.org/I60158472"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5008241298"],"corresponding_institution_ids":["https://openalex.org/I60158472"],"apc_list":null,"apc_paid":null,"fwci":2.5441,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":{"value":0.91303985,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"4","issue":"1","first_page":"1","last_page":"22"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7145116925239563},{"id":"https://openalex.org/keywords/man-in-the-middle-attack","display_name":"Man-in-the-middle attack","score":0.6342236995697021},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6149685978889465},{"id":"https://openalex.org/keywords/transport-layer-security","display_name":"Transport Layer Security","score":0.6130406260490417},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.6082889437675476},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.5208742618560791},{"id":"https://openalex.org/keywords/lightweight-directory-access-protocol","display_name":"Lightweight Directory Access Protocol","score":0.5125508308410645},{"id":"https://openalex.org/keywords/end-user","display_name":"End user","score":0.4766567349433899},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.47367316484451294},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.4574134051799774},{"id":"https://openalex.org/keywords/internet-access","display_name":"Internet access","score":0.4180234670639038},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.39945197105407715},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3290255069732666},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.18578976392745972}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7145116925239563},{"id":"https://openalex.org/C196491621","wikidata":"https://www.wikidata.org/wiki/Q554830","display_name":"Man-in-the-middle attack","level":3,"score":0.6342236995697021},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6149685978889465},{"id":"https://openalex.org/C148176105","wikidata":"https://www.wikidata.org/wiki/Q206494","display_name":"Transport Layer Security","level":3,"score":0.6130406260490417},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.6082889437675476},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.5208742618560791},{"id":"https://openalex.org/C181177684","wikidata":"https://www.wikidata.org/wiki/Q188816","display_name":"Lightweight Directory Access Protocol","level":3,"score":0.5125508308410645},{"id":"https://openalex.org/C91262260","wikidata":"https://www.wikidata.org/wiki/Q528074","display_name":"End user","level":2,"score":0.4766567349433899},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.47367316484451294},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.4574134051799774},{"id":"https://openalex.org/C83849155","wikidata":"https://www.wikidata.org/wiki/Q1472399","display_name":"Internet access","level":3,"score":0.4180234670639038},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.39945197105407715},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3290255069732666},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.18578976392745972},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C2777683733","wikidata":"https://www.wikidata.org/wiki/Q201456","display_name":"Directory","level":2,"score":0.0},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3499428","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3499428","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3499428","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3499428","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3499428","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3499428","source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4285798199.pdf","grobid_xml":"https://content.openalex.org/works/W4285798199.grobid-xml"},"referenced_works_count":11,"referenced_works":["https://openalex.org/W1653792747","https://openalex.org/W2029693536","https://openalex.org/W2042923641","https://openalex.org/W2077092541","https://openalex.org/W2536707834","https://openalex.org/W2538863639","https://openalex.org/W2909956961","https://openalex.org/W2915352631","https://openalex.org/W3008219187","https://openalex.org/W3030227670","https://openalex.org/W4250671054"],"related_works":["https://openalex.org/W2801930800","https://openalex.org/W2572573095","https://openalex.org/W2151675848","https://openalex.org/W199411532","https://openalex.org/W201856942","https://openalex.org/W2293668274","https://openalex.org/W3111192035","https://openalex.org/W3024892169","https://openalex.org/W2499317297","https://openalex.org/W4285798199"],"abstract_inverted_index":{"Content":[0],"Delivery":[1],"Networks":[2],"(CDNs)":[3],"play":[4],"a":[5,18,89,179],"vital":[6],"role":[7],"in":[8,25,83,118,125,161,259,273],"today\u2019s":[9],"Internet":[10],"ecosystem.":[11],"To":[12],"reduce":[13],"the":[14,66,69,84,96,99,119,126,145,162,184,207,213,231,252,260,279,284],"latency":[15],"of":[16,40,187,278],"loading":[17],"website\u2019s":[19],"content,":[20],"CDNs":[21,61,190],"deploy":[22],"edge":[23],"servers":[24],"different":[26],"geographic":[27],"locations.":[28],"CDN":[29,90,97],"providers":[30],"also":[31,255],"offer":[32],"important":[33],"security":[34,67,79,140,159,220],"features":[35],"including":[36],"protection":[37],"against":[38],"Denial":[39],"Service":[41],"(DoS)":[42],"attacks,":[43],"Web":[44],"Application":[45],"Firewalls":[46],"(WAFs),":[47],"and":[48,51,68,88,94,98,136,171,182,196,235,245],"recently,":[49],"issuing":[50],"managing":[52],"certificates":[53],"for":[54,173,205],"their":[55,274],"customers.":[56],"Many":[57],"popular":[58],"websites":[59,258],"use":[60],"to":[62,132,138,149,219,229,251,269],"benefit":[63],"from":[64],"both":[65],"performance":[70],"advantages.":[71],"For":[72],"HTTPS":[73],"websites,":[74],"Transport":[75],"Layer":[76],"Security":[77],"(TLS)":[78],"choices":[80],"may":[81],"differ":[82],"connections":[85,128,216,250,276],"between":[86,95],"end-users":[87],"(front-end":[91],"or":[92,103,112,134],"user-to-CDN),":[93],"origin":[100,232,285],"server":[101],"(back-end":[102],"CDN-to-Origin).":[104],"Modern":[105],"browsers":[106,133],"can":[107,147],"stop/warn":[108],"users":[109],"if":[110],"weak":[111],"insecure":[113,237],"TLS/HTTPS":[114,158],"options":[115],"are":[116,129,217,266],"used":[117],"front-end":[120],"connections.":[121],"However,":[122],"such":[123,165,240],"problems":[124],"back-end":[127,163,185,214,275],"not":[130,143],"visible":[131],"end-users,":[135],"lead":[137,148],"serious":[139],"issues":[141,160,166,221],"(e.g.,":[142],"validating":[144],"certificate":[146,169],"MitM":[150],"attacks).":[151],"In":[152],"this":[153],"article,":[154],"we":[155,199,210],"primarily":[156],"analyze":[157],"communication;":[164],"include":[167,227],"inadequate":[168],"validation":[170],"support":[172],"vulnerable":[174,218,268],"TLS":[175,215],"configurations.":[176],"We":[177,254],"develop":[178],"test":[180],"framework":[181],"investigate":[183],"connection":[186],"14":[188,208],"leading":[189],"(including":[191],"Cloudflare,":[192],"Microsoft":[193],"Azure,":[194],"Amazon,":[195],"Fastly),":[197],"where":[198],"could":[200],"create":[201],"an":[202],"account.":[203],"Surprisingly,":[204],"all":[206],"CDNs,":[209],"found":[211],"that":[212,265],"prevented/warned":[222],"by":[223,283],"modern":[224],"browsers;":[225],"examples":[226],"failing":[228],"validate":[230],"server\u2019s":[233],"certificate,":[234],"using":[236],"cipher":[238],"suites":[239],"as":[241],"RC4,":[242],"MD5,":[243],"SHA-1,":[244],"even":[246],"allowing":[247],"plain":[248],"HTTP":[249],"origin.":[253],"identified":[256],"168,795":[257],"Alexa":[261],"top":[262],"1":[263],"million":[264],"potentially":[267],"Man-in-the-Middle":[270],"(MitM)":[271],"attacks":[272],"regardless":[277],"origin/CDN":[280],"configurations":[281],"chosen":[282],"owner.":[286]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":2}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}