{"id":"https://openalex.org/W4409671377","doi":"https://doi.org/10.1145/3696410.3714763","title":"ACME++: A Secure Authorization Mechanism for ACME Clients in the Web PKI Ecosystem","display_name":"ACME++: A Secure Authorization Mechanism for ACME Clients in the Web PKI Ecosystem","publication_year":2025,"publication_date":"2025-04-22","ids":{"openalex":"https://openalex.org/W4409671377","doi":"https://doi.org/10.1145/3696410.3714763"},"language":"en","primary_location":{"id":"doi:10.1145/3696410.3714763","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696410.3714763","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714763","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Web Conference 2025","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714763","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Tianyu Zhang","orcid":"https://orcid.org/0009-0009-5001-8368"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Tianyu Zhang","raw_affiliation_strings":["Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0009-5001-8368","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100399382","display_name":"Han Zhang","orcid":"https://orcid.org/0000-0003-4429-9959"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Han Zhang","raw_affiliation_strings":["Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0003-4429-9959","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103488614","display_name":"Yunze Wei","orcid":"https://orcid.org/0009-0004-8126-7248"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yunze Wei","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0004-8126-7248","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048578384","display_name":"Yahui Li","orcid":"https://orcid.org/0000-0002-0148-5965"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yahui Li","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-0148-5965","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047888843","display_name":"Xingang Shi","orcid":"https://orcid.org/0000-0001-6487-9526"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xingang Shi","raw_affiliation_strings":["Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-6487-9526","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100660344","display_name":"Jilong Wang","orcid":"https://orcid.org/0000-0002-4493-5145"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jilong Wang","raw_affiliation_strings":["Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-4493-5145","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100301881","display_name":"Xia Yin","orcid":"https://orcid.org/0009-0000-0037-2777"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xia Yin","raw_affiliation_strings":["Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0000-0037-2777","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China and Zhongguancun Laboratory, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.07481737,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1058","last_page":"1067"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10742","display_name":"Peer-to-Peer Network Technologies","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10742","display_name":"Peer-to-Peer Network Technologies","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11478","display_name":"Caching and Content Delivery","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/public-key-infrastructure","display_name":"Public key infrastructure","score":0.8442201018333435},{"id":"https://openalex.org/keywords/authorization","display_name":"Authorization","score":0.7647442817687988},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6313190460205078},{"id":"https://openalex.org/keywords/mechanism","display_name":"Mechanism (biology)","score":0.5553315877914429},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5451821088790894},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5044428110122681},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4124751687049866},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.41172122955322266},{"id":"https://openalex.org/keywords/public-key-cryptography","display_name":"Public-key cryptography","score":0.22765323519706726}],"concepts":[{"id":"https://openalex.org/C72648740","wikidata":"https://www.wikidata.org/wiki/Q658476","display_name":"Public key infrastructure","level":4,"score":0.8442201018333435},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.7647442817687988},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6313190460205078},{"id":"https://openalex.org/C89611455","wikidata":"https://www.wikidata.org/wiki/Q6804646","display_name":"Mechanism (biology)","level":2,"score":0.5553315877914429},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5451821088790894},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5044428110122681},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4124751687049866},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.41172122955322266},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.22765323519706726},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3696410.3714763","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696410.3714763","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714763","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Web Conference 2025","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3696410.3714763","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696410.3714763","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714763","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Web Conference 2025","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4409671377.pdf"},"referenced_works_count":27,"referenced_works":["https://openalex.org/W2077667328","https://openalex.org/W2146752727","https://openalex.org/W2151269705","https://openalex.org/W2289932791","https://openalex.org/W2487661922","https://openalex.org/W2538863639","https://openalex.org/W2751454702","https://openalex.org/W2791815824","https://openalex.org/W2889555490","https://openalex.org/W2889666008","https://openalex.org/W2914630606","https://openalex.org/W2957182033","https://openalex.org/W2969419280","https://openalex.org/W2986143645","https://openalex.org/W2989806326","https://openalex.org/W3015520480","https://openalex.org/W3016862388","https://openalex.org/W3101275604","https://openalex.org/W3214022747","https://openalex.org/W3217147004","https://openalex.org/W4200086011","https://openalex.org/W4233819588","https://openalex.org/W4298051233","https://openalex.org/W4308642220","https://openalex.org/W4385412367","https://openalex.org/W4387609111","https://openalex.org/W4387880483"],"related_works":["https://openalex.org/W2387152933","https://openalex.org/W2356023093","https://openalex.org/W4230009347","https://openalex.org/W2106808815","https://openalex.org/W2366509263","https://openalex.org/W2130867912","https://openalex.org/W2129544579","https://openalex.org/W2111823123","https://openalex.org/W4307864969","https://openalex.org/W2001146408"],"abstract_inverted_index":{"The":[0],"Automatic":[1],"Certificate":[2,29],"Management":[3],"Environment":[4],"(ACME)":[5],"protocol":[6,104],"automates":[7],"the":[8,18,26,59,67,86,107,116,129,145],"issuance":[9],"and":[10,111,126],"renewal":[11],"of":[12,20,136],"secure":[13,120],"socket":[14],"layer":[15],"certificates,":[16],"simplifying":[17],"management":[19],"large-scale":[21],"certificate":[22],"deployments.":[23],"To":[24,96],"reduce":[25],"load":[27],"on":[28],"Authority":[30],"(CA)":[31],"servers,":[32],"ACME":[33,68,117,130],"employs":[34],"a":[35,112],"caching":[36],"mechanism":[37,49],"that":[38,84,105,139],"stores":[39],"domain":[40,80],"validation":[41],"(DV)":[42],"results":[43],"for":[44,122],"30":[45],"days.":[46],"However,":[47],"this":[48,63,94],"allows":[50],"attackers":[51],"to":[52,93,115,144],"reuse":[53],"previously":[54],"authorized":[55],"results,":[56],"potentially":[57],"bypassing":[58],"DV":[60],"process.":[61],"In":[62],"paper,":[64],"we":[65,99],"introduce":[66],"Authz":[69,131],"Cache":[70,132],"Attack,":[71],"whereby":[72],"an":[73,102],"attacker":[74],"can":[75],"obtain":[76],"fraudulent":[77],"certificates":[78],"without":[79],"control.":[81],"We":[82],"demonstrate":[83],"even":[85],"prominent":[87],"CA,":[88],"Let's":[89],"Encrypt,":[90],"is":[91],"vulnerable":[92],"attack.":[95],"mitigate":[97],"this,":[98],"propose":[100],"ACME++,":[101],"enhanced":[103],"binds":[106],"client's":[108],"IP":[109],"address":[110],"unique":[113],"identifier":[114],"account,":[118],"ensuring":[119],"authorization":[121],"each":[123],"new":[124],"client":[125],"effectively":[127],"preventing":[128],"Attack.":[133],"Our":[134],"implementation":[135],"ACME++":[137],"shows":[138],"it":[140],"introduces":[141],"little":[142],"overhead":[143],"CA":[146],"server.":[147]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}