{"id":"https://openalex.org/W2888934989","doi":"https://doi.org/10.1515/popets-2018-0031","title":"Exploiting TLS Client Authentication for Widespread User Tracking","display_name":"Exploiting TLS Client Authentication for Widespread User Tracking","publication_year":2018,"publication_date":"2018-08-29","ids":{"openalex":"https://openalex.org/W2888934989","doi":"https://doi.org/10.1515/popets-2018-0031","mag":"2888934989"},"language":"en","primary_location":{"id":"doi:10.1515/popets-2018-0031","is_oa":true,"landing_page_url":"https://doi.org/10.1515/popets-2018-0031","pdf_url":"https://content.sciendo.com/downloadpdf/journals/popets/2018/4/article-p51.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://content.sciendo.com/downloadpdf/journals/popets/2018/4/article-p51.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5088495992","display_name":"Lucas Foppe","orcid":null},"institutions":[{"id":"https://openalex.org/I189158971","display_name":"United States Naval Academy","ror":"https://ror.org/00znex860","country_code":"US","type":"education","lineage":["https://openalex.org/I1330347796","https://openalex.org/I189158971","https://openalex.org/I3130687028"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Lucas Foppe","raw_affiliation_strings":["U.S. Naval Academy"],"affiliations":[{"raw_affiliation_string":"U.S. Naval Academy","institution_ids":["https://openalex.org/I189158971"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5106037608","display_name":"Jeremy Martin","orcid":null},"institutions":[{"id":"https://openalex.org/I157637111","display_name":"Naval Academy","ror":"https://ror.org/05syseh24","country_code":"TR","type":"education","lineage":["https://openalex.org/I157637111"]},{"id":"https://openalex.org/I44896327","display_name":"Mitre (United States)","ror":"https://ror.org/03ks2a131","country_code":"US","type":"company","lineage":["https://openalex.org/I44896327"]}],"countries":["TR","US"],"is_corresponding":false,"raw_author_name":"Jeremy Martin","raw_affiliation_strings":["The MITRE Corporation, U.S. Naval Academy"],"affiliations":[{"raw_affiliation_string":"The MITRE Corporation, U.S. Naval Academy","institution_ids":["https://openalex.org/I44896327","https://openalex.org/I157637111"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072280100","display_name":"Travis Mayberry","orcid":null},"institutions":[{"id":"https://openalex.org/I189158971","display_name":"United States Naval Academy","ror":"https://ror.org/00znex860","country_code":"US","type":"education","lineage":["https://openalex.org/I1330347796","https://openalex.org/I189158971","https://openalex.org/I3130687028"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Travis Mayberry","raw_affiliation_strings":["U.S. Naval Academy"],"affiliations":[{"raw_affiliation_string":"U.S. Naval Academy","institution_ids":["https://openalex.org/I189158971"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059948636","display_name":"Erik C. Rye","orcid":"https://orcid.org/0000-0002-8151-8252"},"institutions":[{"id":"https://openalex.org/I189158971","display_name":"United States Naval Academy","ror":"https://ror.org/00znex860","country_code":"US","type":"education","lineage":["https://openalex.org/I1330347796","https://openalex.org/I189158971","https://openalex.org/I3130687028"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Erik C. Rye","raw_affiliation_strings":["U.S. Naval Academy"],"affiliations":[{"raw_affiliation_string":"U.S. Naval Academy","institution_ids":["https://openalex.org/I189158971"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055973820","display_name":"Lamont Brown","orcid":null},"institutions":[{"id":"https://openalex.org/I189158971","display_name":"United States Naval Academy","ror":"https://ror.org/00znex860","country_code":"US","type":"education","lineage":["https://openalex.org/I1330347796","https://openalex.org/I189158971","https://openalex.org/I3130687028"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lamont Brown","raw_affiliation_strings":["U.S. Naval Academy"],"affiliations":[{"raw_affiliation_string":"U.S. Naval Academy","institution_ids":["https://openalex.org/I189158971"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5088495992"],"corresponding_institution_ids":["https://openalex.org/I189158971"],"apc_list":null,"apc_paid":null,"fwci":0.6606,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.6905125,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"2018","issue":"4","first_page":"51","last_page":"63"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.75464928150177},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7354971170425415},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.6279280185699463},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.6018915772438049},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.5614944696426392},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.4818474054336548},{"id":"https://openalex.org/keywords/authentication-server","display_name":"Authentication server","score":0.4799776077270508},{"id":"https://openalex.org/keywords/public-key-certificate","display_name":"Public key certificate","score":0.47184351086616516},{"id":"https://openalex.org/keywords/man-in-the-middle-attack","display_name":"Man-in-the-middle attack","score":0.4659130871295929},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.4597148895263672},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.44451627135276794},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4350692331790924},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.24942049384117126},{"id":"https://openalex.org/keywords/public-key-cryptography","display_name":"Public-key cryptography","score":0.23952233791351318},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.13163530826568604}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.75464928150177},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7354971170425415},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.6279280185699463},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.6018915772438049},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.5614944696426392},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.4818474054336548},{"id":"https://openalex.org/C2777331311","wikidata":"https://www.wikidata.org/wiki/Q784561","display_name":"Authentication server","level":3,"score":0.4799776077270508},{"id":"https://openalex.org/C167529545","wikidata":"https://www.wikidata.org/wiki/Q274758","display_name":"Public key certificate","level":4,"score":0.47184351086616516},{"id":"https://openalex.org/C196491621","wikidata":"https://www.wikidata.org/wiki/Q554830","display_name":"Man-in-the-middle attack","level":3,"score":0.4659130871295929},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.4597148895263672},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.44451627135276794},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4350692331790924},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.24942049384117126},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.23952233791351318},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.13163530826568604},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1515/popets-2018-0031","is_oa":true,"landing_page_url":"https://doi.org/10.1515/popets-2018-0031","pdf_url":"https://content.sciendo.com/downloadpdf/journals/popets/2018/4/article-p51.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:19faf921855c421faee8a5c108ab3202","is_oa":true,"landing_page_url":"https://doaj.org/article/19faf921855c421faee8a5c108ab3202","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Proceedings on Privacy Enhancing Technologies, Vol 2018, Iss 4, Pp 51-63 (2018)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1515/popets-2018-0031","is_oa":true,"landing_page_url":"https://doi.org/10.1515/popets-2018-0031","pdf_url":"https://content.sciendo.com/downloadpdf/journals/popets/2018/4/article-p51.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6399999856948853}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2888934989.pdf","grobid_xml":"https://content.openalex.org/works/W2888934989.grobid-xml"},"referenced_works_count":28,"referenced_works":["https://openalex.org/W124941384","https://openalex.org/W1533194311","https://openalex.org/W1555215938","https://openalex.org/W1577337059","https://openalex.org/W1714781699","https://openalex.org/W1899760619","https://openalex.org/W1984097153","https://openalex.org/W1987283229","https://openalex.org/W2005465532","https://openalex.org/W2027004105","https://openalex.org/W2042923641","https://openalex.org/W2060692877","https://openalex.org/W2070670160","https://openalex.org/W2077128025","https://openalex.org/W2085246080","https://openalex.org/W2104599106","https://openalex.org/W2153156723","https://openalex.org/W2168790756","https://openalex.org/W2266218113","https://openalex.org/W2274774510","https://openalex.org/W2344904546","https://openalex.org/W2394784643","https://openalex.org/W2560475746","https://openalex.org/W2745118957","https://openalex.org/W2962944260","https://openalex.org/W2963562852","https://openalex.org/W4210531213","https://openalex.org/W4292106049"],"related_works":["https://openalex.org/W4388829360","https://openalex.org/W1543100705","https://openalex.org/W4381195491","https://openalex.org/W4225555599","https://openalex.org/W1029437559","https://openalex.org/W4253144255","https://openalex.org/W4293194180","https://openalex.org/W2365438736","https://openalex.org/W2187680011","https://openalex.org/W2231252935"],"abstract_inverted_index":{"Abstract":[0],"TLS,":[1],"and":[2],"SSL":[3],"before":[4],"it,":[5],"has":[6,24,39,75],"long":[7],"supported":[8],"the":[9,31,48,71,105,130],"option":[10],"for":[11,47],"clients":[12],"to":[13,15,66,79],"authenticate":[14],"servers":[16],"using":[17],"their":[18,77,136],"own":[19],"certificates,":[20],"but":[21],"this":[22,41,81],"capability":[23],"not":[25,88],"been":[26],"widely":[27,127],"used.":[28],"However,":[29],"with":[30],"development":[32],"of":[33,45,117,135],"its":[34],"Push":[35],"Notification":[36],"Service,":[37],"Apple":[38,74],"deployed":[40,128],"technology":[42],"on":[43],"millions":[44],"devices":[46,69],"first":[49],"time.":[50],"Wachs":[51],"et":[52],"al.":[53],"[42]":[54],"determined":[55],"iOS":[56],"client":[57],"certificates":[58],"could":[59],"be":[60,156],"used":[61],"by":[62,90,129],"passive":[63],"network":[64,161],"adversaries":[65],"track":[67],"individual":[68],"across":[70],"internet.":[72],"Subsequently,":[73],"patched":[76],"software":[78],"fix":[80],"vulnerability.":[82],"We":[83],"show":[84,109],"these":[85,110],"countermeasures":[86],"are":[87,102],"effective":[89],"demonstrating":[91],"three":[92],"novel":[93],"active":[94],"attacks":[95,111,141],"against":[96,113],"TLS":[97,118],"Client":[98,119],"Certificate":[99,120],"Authentication":[100],"that":[101,154],"successful":[103],"despite":[104],"defenses.":[106],"Additionally,":[107],"we":[108],"work":[112],"all":[114],"known":[115],"instances":[116],"Authentication,":[121],"including":[122],"smart":[123],"cards":[124],"like":[125],"those":[126],"Estonian":[131],"government":[132],"as":[133,146,148],"part":[134],"Digital":[137],"ID":[138],"program.":[139],"Our":[140],"include":[142],"in-path":[143],"man-in-the-middle":[144],"versions":[145],"well":[147],"a":[149],"more":[150],"powerful":[151],"on-path":[152],"attack":[153],"can":[155],"carried":[157],"out":[158],"without":[159],"full":[160],"control.":[162]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2019,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}