{"id":"https://openalex.org/W7106288429","doi":"https://doi.org/10.1145/3730567.3764503","title":"Inside Certificate Chains Beyond Public Issuers: Structure and Usage Analysis from a Campus Network","display_name":"Inside Certificate Chains Beyond Public Issuers: Structure and Usage Analysis from a Campus Network","publication_year":2025,"publication_date":"2025-10-28","ids":{"openalex":"https://openalex.org/W7106288429","doi":"https://doi.org/10.1145/3730567.3764503"},"language":null,"primary_location":{"id":"doi:10.1145/3730567.3764503","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3730567.3764503","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM Internet Measurement Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3730567.3764503","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Hongying Dong","orcid":"https://orcid.org/0000-0002-7846-2649"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Hongying Dong","raw_affiliation_strings":["University of Virginia, Charlottesville, Virginia, USA"],"raw_orcid":"https://orcid.org/0000-0002-7846-2649","affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, Virginia, USA","institution_ids":["https://openalex.org/I51556381"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yizhe Zhang","orcid":"https://orcid.org/0009-0008-3938-8838"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yizhe Zhang","raw_affiliation_strings":["University of Virginia, Charlottesville, Virginia, USA"],"raw_orcid":"https://orcid.org/0009-0008-3938-8838","affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, Virginia, USA","institution_ids":["https://openalex.org/I51556381"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Hyeonmin Lee","orcid":"https://orcid.org/0000-0003-0361-6532"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hyeonmin Lee","raw_affiliation_strings":["University of Virginia, Charlottesville, Virginia, USA"],"raw_orcid":"https://orcid.org/0000-0003-0361-6532","affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, Virginia, USA","institution_ids":["https://openalex.org/I51556381"]}]},{"author_position":"last","author":{"id":null,"display_name":"Yixin Sun","orcid":"https://orcid.org/0000-0001-6650-4373"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yixin Sun","raw_affiliation_strings":["University of Virginia, Charlottesville, Virginia, USA"],"raw_orcid":"https://orcid.org/0000-0001-6650-4373","affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, Virginia, USA","institution_ids":["https://openalex.org/I51556381"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I51556381"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.66450231,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"909","last_page":"918"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.34619998931884766,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.34619998931884766,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10651","display_name":"IPv6, Mobility, Handover, Networks, Security","score":0.2538999915122986,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12203","display_name":"Mobile Agent-Based Network Management","score":0.08590000122785568,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/public-key-certificate","display_name":"Public key certificate","score":0.8008000254631042},{"id":"https://openalex.org/keywords/certificate-authority","display_name":"Certificate authority","score":0.7771000266075134},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.7763000130653381},{"id":"https://openalex.org/keywords/issuer","display_name":"Issuer","score":0.7605999708175659},{"id":"https://openalex.org/keywords/root-certificate","display_name":"Root certificate","score":0.5455999970436096},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5080999732017517},{"id":"https://openalex.org/keywords/authorization-certificate","display_name":"Authorization certificate","score":0.4871000051498413},{"id":"https://openalex.org/keywords/transparency","display_name":"Transparency (behavior)","score":0.4864000082015991},{"id":"https://openalex.org/keywords/certification","display_name":"Certification","score":0.47360000014305115}],"concepts":[{"id":"https://openalex.org/C167529545","wikidata":"https://www.wikidata.org/wiki/Q274758","display_name":"Public key certificate","level":4,"score":0.8008000254631042},{"id":"https://openalex.org/C93636275","wikidata":"https://www.wikidata.org/wiki/Q196776","display_name":"Certificate authority","level":4,"score":0.7771000266075134},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.7763000130653381},{"id":"https://openalex.org/C138170105","wikidata":"https://www.wikidata.org/wiki/Q1337949","display_name":"Issuer","level":2,"score":0.7605999708175659},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6632000207901001},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5690000057220459},{"id":"https://openalex.org/C62057728","wikidata":"https://www.wikidata.org/wiki/Q7366568","display_name":"Root certificate","level":5,"score":0.5455999970436096},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5080999732017517},{"id":"https://openalex.org/C175093008","wikidata":"https://www.wikidata.org/wiki/Q758251","display_name":"Authorization certificate","level":5,"score":0.4871000051498413},{"id":"https://openalex.org/C2780233690","wikidata":"https://www.wikidata.org/wiki/Q535347","display_name":"Transparency (behavior)","level":2,"score":0.4864000082015991},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.4796000123023987},{"id":"https://openalex.org/C46304622","wikidata":"https://www.wikidata.org/wiki/Q374814","display_name":"Certification","level":2,"score":0.47360000014305115},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4722000062465668},{"id":"https://openalex.org/C72648740","wikidata":"https://www.wikidata.org/wiki/Q658476","display_name":"Public key infrastructure","level":4,"score":0.4645000100135803},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.4505000114440918},{"id":"https://openalex.org/C139089976","wikidata":"https://www.wikidata.org/wiki/Q2142273","display_name":"Trusted third party","level":2,"score":0.4359999895095825},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.4341999888420105},{"id":"https://openalex.org/C2983583741","wikidata":"https://www.wikidata.org/wiki/Q16785388","display_name":"Third party","level":2,"score":0.3831999897956848},{"id":"https://openalex.org/C67405866","wikidata":"https://www.wikidata.org/wiki/Q6007261","display_name":"Implicit certificate","level":5,"score":0.3756999969482422},{"id":"https://openalex.org/C154800190","wikidata":"https://www.wikidata.org/wiki/Q16941470","display_name":"Trust anchor","level":4,"score":0.37119999527931213},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.3546000123023987},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.3215000033378601},{"id":"https://openalex.org/C83849155","wikidata":"https://www.wikidata.org/wiki/Q1472399","display_name":"Internet access","level":3,"score":0.3027999997138977},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.2915000021457672},{"id":"https://openalex.org/C205383636","wikidata":"https://www.wikidata.org/wiki/Q14746","display_name":"Merkle tree","level":4,"score":0.26980000734329224},{"id":"https://openalex.org/C147296133","wikidata":"https://www.wikidata.org/wiki/Q196765","display_name":"Revocation list","level":5,"score":0.2669000029563904},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.2563000023365021}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3730567.3764503","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3730567.3764503","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM Internet Measurement Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3730567.3764503","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3730567.3764503","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM Internet Measurement Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5937991142272949}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W2019016802","https://openalex.org/W2104899073","https://openalex.org/W2130867912","https://openalex.org/W2550748725","https://openalex.org/W2794584163","https://openalex.org/W3107552365","https://openalex.org/W3186737188","https://openalex.org/W4206147779","https://openalex.org/W4210531213","https://openalex.org/W4225961979","https://openalex.org/W4298051233","https://openalex.org/W4392964577","https://openalex.org/W4401609400","https://openalex.org/W4403981049"],"related_works":[],"abstract_inverted_index":{"Digital":[0],"certificates":[1,61,114,142],"are":[2,43,116,143],"crucial":[3],"for":[4],"securing":[5],"Internet":[6],"communications.":[7],"Certificates":[8],"issued":[9,62,117],"by":[10,18,40,63,118,138],"trusted":[11],"Certificate":[12,129],"Authorities":[13],"(CAs)":[14],"can":[15],"be":[16,38],"validated":[17],"following":[19],"the":[20,93,111,146],"chain":[21,34,95],"of":[22,25,83,113],"trust,":[23],"consisting":[24],"leaf,":[26],"intermediate,":[27],"and":[28,49,77,97,123,154],"root":[29,75],"certificates.":[30],"However,":[31],"such":[32,109],"certificate":[33,58,94,147],"structure":[35],"may":[36,150],"not":[37,44,67],"followed":[39],"issuers":[41,64,119],"who":[42],"subject":[45],"to":[46,125,152],"public":[47,70,121],"monitoring":[48],"auditing.":[50],"This":[51],"paper":[52],"takes":[53],"a":[54,80,88],"first":[55],"look":[56],"at":[57],"chains":[59],"involving":[60],"that":[65,115],"do":[66],"appear":[68],"in":[69,101,145],"databases":[71,122],"(e.g.,":[72],"major":[73],"browsers'":[74],"stores":[76],"CCADB).":[78],"Utilizing":[79],"year's":[81],"worth":[82],"TLS":[84,102],"traffic":[85],"collected":[86],"from":[87],"campus":[89],"network,":[90],"we":[91,105,133],"dissect":[92],"structures":[96],"analyze":[98],"their":[99],"usage":[100],"connections.":[103],"While":[104],"observe":[106],"positive":[107],"acts":[108],"as":[110],"logging":[112],"outside":[120],"anchored":[124],"trust":[126],"roots":[127],"into":[128],"Transparency":[130],"(CT)":[131],"logs,":[132],"also":[134],"identify":[135],"potential":[136],"misconfigurations":[137],"servers":[139],"where":[140],"unnecessary":[141],"included":[144],"chains,":[148],"which":[149],"lead":[151],"validation":[153],"connection":[155],"failures.":[156]},"counts_by_year":[],"updated_date":"2025-11-23T05:13:22.807545","created_date":"2025-11-23T00:00:00"}