{"id":"https://openalex.org/W3106775570","doi":"https://doi.org/10.3233/jcs-200070","title":"A large-scale analysis of HTTPS deployments: Challenges, solutions, and recommendations","display_name":"A large-scale analysis of HTTPS deployments: Challenges, solutions, and recommendations","publication_year":2020,"publication_date":"2020-11-27","ids":{"openalex":"https://openalex.org/W3106775570","doi":"https://doi.org/10.3233/jcs-200070","mag":"3106775570"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-200070","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-200070","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5046157506","display_name":"Qinwen Hu","orcid":"https://orcid.org/0000-0003-0087-7200"},"institutions":[{"id":"https://openalex.org/I154130895","display_name":"University of Auckland","ror":"https://ror.org/03b94tp07","country_code":"NZ","type":"education","lineage":["https://openalex.org/I154130895"]}],"countries":["NZ"],"is_corresponding":false,"raw_author_name":"Qinwen Hu","raw_affiliation_strings":["School of Computer Science, The University of Auckland, Auckland, New Zealand"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, The University of Auckland, Auckland, New Zealand","institution_ids":["https://openalex.org/I154130895"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074245801","display_name":"Muhammad Rizwan Asghar","orcid":"https://orcid.org/0000-0002-9607-376X"},"institutions":[{"id":"https://openalex.org/I154130895","display_name":"University of Auckland","ror":"https://ror.org/03b94tp07","country_code":"NZ","type":"education","lineage":["https://openalex.org/I154130895"]}],"countries":["NZ"],"is_corresponding":true,"raw_author_name":"Muhammad Rizwan Asghar","raw_affiliation_strings":["School of Computer Science, The University of Auckland, Auckland, New Zealand"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, The University of Auckland, Auckland, New Zealand","institution_ids":["https://openalex.org/I154130895"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5031053840","display_name":"Nevil Brownlee","orcid":"https://orcid.org/0000-0002-8920-4899"},"institutions":[{"id":"https://openalex.org/I154130895","display_name":"University of Auckland","ror":"https://ror.org/03b94tp07","country_code":"NZ","type":"education","lineage":["https://openalex.org/I154130895"]}],"countries":["NZ"],"is_corresponding":false,"raw_author_name":"Nevil Brownlee","raw_affiliation_strings":["School of Computer Science, The University of Auckland, Auckland, New Zealand"],"affiliations":[{"raw_affiliation_string":"School of Computer Science, The University of Auckland, Auckland, New Zealand","institution_ids":["https://openalex.org/I154130895"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5074245801"],"corresponding_institution_ids":["https://openalex.org/I154130895"],"apc_list":null,"apc_paid":null,"fwci":1.2167,"has_fulltext":false,"cited_by_count":19,"citation_normalized_percentile":{"value":0.8018247,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"29","issue":"1","first_page":"25","last_page":"50"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/transport-layer-security","display_name":"Transport Layer Security","score":0.8372408747673035},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7385905981063843},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7258931398391724},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5465356111526489},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.46303945779800415},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.4529043138027191},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3642065227031708},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3302024304866791},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.1669495403766632}],"concepts":[{"id":"https://openalex.org/C148176105","wikidata":"https://www.wikidata.org/wiki/Q206494","display_name":"Transport Layer Security","level":3,"score":0.8372408747673035},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7385905981063843},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7258931398391724},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5465356111526489},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.46303945779800415},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.4529043138027191},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3642065227031708},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3302024304866791},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.1669495403766632}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.3233/jcs-200070","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-200070","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6899999976158142,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":37,"referenced_works":["https://openalex.org/W189766157","https://openalex.org/W1439967542","https://openalex.org/W1495444061","https://openalex.org/W1533182289","https://openalex.org/W1733713784","https://openalex.org/W1881935562","https://openalex.org/W1964723977","https://openalex.org/W2019016802","https://openalex.org/W2042923641","https://openalex.org/W2077092541","https://openalex.org/W2077102410","https://openalex.org/W2112736324","https://openalex.org/W2129426180","https://openalex.org/W2130867912","https://openalex.org/W2142798909","https://openalex.org/W2145994642","https://openalex.org/W2146752727","https://openalex.org/W2273409753","https://openalex.org/W2274779708","https://openalex.org/W2300554752","https://openalex.org/W2338858629","https://openalex.org/W2469403219","https://openalex.org/W2525077961","https://openalex.org/W2546510801","https://openalex.org/W2612544399","https://openalex.org/W2733681384","https://openalex.org/W2748329336","https://openalex.org/W2764109621","https://openalex.org/W2793701237","https://openalex.org/W2796848669","https://openalex.org/W2867344892","https://openalex.org/W2910017804","https://openalex.org/W2941866758","https://openalex.org/W2963312316","https://openalex.org/W3022392740","https://openalex.org/W4210531213","https://openalex.org/W4211072556"],"related_works":["https://openalex.org/W2336008669","https://openalex.org/W2952321600","https://openalex.org/W2058269521","https://openalex.org/W4235923014","https://openalex.org/W1452942402","https://openalex.org/W2369049846","https://openalex.org/W2359232568","https://openalex.org/W2100090372","https://openalex.org/W4361205702","https://openalex.org/W199384068"],"abstract_inverted_index":{"HTTPS":[0,24,50,84,178,193,200,258,291,367,378,398],"refers":[1],"to":[2,27,69,75,127,274,288,293,325,383,394],"an":[3],"application-specific":[4],"implementation":[5],"that":[6,64,113,183,244,251,268,309,329,350,365,376,408],"runs":[7],"HyperText":[8],"Transfer":[9],"Protocol":[10],"(HTTP)":[11],"on":[12,359],"top":[13,89],"of":[14,34,87,117,170,279,340,353,404,411],"Secure":[15],"Socket":[16],"Layer":[17,21],"(SSL)":[18],"or":[19],"Transport":[20],"Security":[22],"(TLS).":[23],"is":[25,414],"used":[26,174],"provide":[28],"encrypted":[29],"communication":[30,297],"and":[31,37,46,154,160,198,222,224,237,277,284,301,317,321,374,390,399],"secure":[32,296,402],"identification":[33],"web":[35],"servers":[36,119],"clients,":[38],"for":[39],"different":[40,196,226],"purposes":[41],"such":[42,228],"as":[43,229],"online":[44,230],"banking":[45,233],"e-commerce.":[47],"However,":[48],"many":[49,59,310],"vulnerabilities":[51,66,259],"have":[52,61,253],"been":[53,254,272],"disclosed":[54],"in":[55,120,210,344],"recent":[56],"years.":[57],"Although":[58,240],"studies":[60,336],"pointed":[62],"out":[63],"these":[65,342],"can":[67],"lead":[68],"serious":[70],"consequences,":[71],"domain":[72,413],"administrators":[73],"seem":[74],"ignore":[76],"them.":[77],"In":[78],"this":[79,263],"study,":[80,265],"we":[81,97,165,208,249,266,307,348,406],"evaluate":[82],"the":[83,121,167,171,189,245,275,290,304,334,345,351,370,384,401,409],"security":[85,108,168,338],"level":[86,169],"Alexa\u2019s":[88],"1":[90],"million":[91],"domains":[92,123,187,201,207,286,311,354,368,379],"from":[93],"two":[94],"perspectives.":[95],"First,":[96],"explore":[98],"which":[99],"popular":[100],"sites":[101],"are":[102,124,312,380],"still":[103,125,247,313,381],"affected":[104],"by":[105,175],"those":[106],"well-known":[107],"issues.":[109],"Our":[110,180,361],"results":[111,181,242,363],"show":[112,243,375],"less":[114,184],"than":[115,185],"0.1%":[116],"HTTPS-enabled":[118],"measured":[122,177],"vulnerable":[126,382,412],"known":[128,386],"attacks":[129,396],"including":[130],"Rivest":[131],"Cipher":[132],"4":[133],"(RC4),":[134],"Compression":[135],"Ratio":[136],"Info-Leak":[137],"Mass":[138],"Exploitation":[139],"(CRIME),":[140],"Padding":[141],"Oracle":[142],"On":[143],"Downgraded":[144],"Legacy":[145],"Encryption":[146],"(POODLE),":[147],"Factoring":[148],"RSA":[149],"Export":[150],"Keys":[151],"(FREAK),":[152],"Logjam,":[153],"Decrypting":[155],"Rivest\u2013Shamir\u2013Adleman":[156],"(RSA)":[157],"using":[158,314,341],"Obsolete":[159],"Weakened":[161],"eNcryption":[162],"(DROWN).":[163],"Second,":[164],"assess":[166],"digital":[172],"certificates":[173,194],"each":[176],"domain.":[179],"highlight":[182],"0.52%":[186],"use":[188,202,276,330,369],"expired":[190],"certificate,":[191],"0.42%":[192],"contain":[195],"hostnames,":[197],"2.59%":[199],"a":[203,295],"self-signed":[204],"certificate.":[205],"The":[206],"investigate":[209],"our":[211,241],"study":[212],"cover":[213],"5":[214],"regions":[215],"(including":[216],"ARIN,":[217],"RIPE":[218],"NCC,":[219],"APNIC,":[220],"LACNIC,":[221],"AFRINIC)":[223],"61":[225],"categories":[227],"shopping":[231],"websites,":[232,234,236],"educational":[235],"government":[238],"websites.":[239,302],"problem":[246],"exists,":[248],"find":[250],"changes":[252],"taking":[255],"place":[256],"when":[257],"were":[260],"discovered.":[261],"Through":[262],"three-year":[264],"found":[267,349,407],"more":[269,283,285],"attention":[270],"has":[271],"paid":[273],"configuration":[278,403],"HTTPS.":[280],"For":[281],"example,":[282],"begin":[287],"enable":[289],"protocol":[292,358,373],"ensure":[294],"channel":[298],"between":[299],"users":[300],"From":[303],"first":[305],"measurement,":[306],"observed":[308],"TLS":[315,357,371],"1.0":[316],"1.1,":[318],"SSL":[319,322],"2.0,":[320],"3.0":[323],"protocols":[324],"support":[326],"user":[327],"clients":[328],"outdated":[331],"systems.":[332],"As":[333,388],"previous":[335],"revealed":[337],"risks":[339],"protocols,":[343],"subsequent":[346],"studies,":[347],"majority":[352],"updated":[355],"their":[356],"time.":[360],"2020":[362],"suggest":[364],"most":[366],"1.2":[372],"some":[377],"existing":[385],"attacks.":[387],"academics":[389],"industry":[391],"professionals":[392],"continue":[393],"disclose":[395],"against":[397],"recommend":[400],"HTTPS,":[405],"number":[410],"gradually":[415],"decreasing":[416],"every":[417],"year.":[418]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":3}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}