Who ya gonna call? (Alerting Authorities): Measuring Namespaces, Web Certificates, and DNSSEC

by   Pouyan Fotouhi Tehrani, et al.

During disasters, crisis, and emergencies the public relies on online services provided by official authorities to receive timely alerts, trustworthy information, and access to relief programs. It is therefore crucial for the authorities to reduce risks when accessing their online services. This includes catering to secure identification of service, secure resolution of name to network service, and content security and privacy as a minimum base for trustworthy communication. In this paper, we take a first look at Alerting Authorities (AA) in the US and investigate security measures related to trustworthy and secure communication. We study the domain namespace structure, DNSSEC penetration, and web certificates. We introduce an integrative threat model to better understand whether and how the online presence and services of AAs are harmed. As an illustrative example, we investigate 1,388 Alerting Authorities, backed by the United States Federal Emergency Management Agency (US FEMA). We observe partial heightened security relative to the global Internet trends, yet find cause for concern as about 80 trustworthy service provision. Our analysis shows two major shortcomings: About 50 on others, 55 and less than 0.4 lead to DNS poisoning and possibly to certificate misissuance. Furthermore, 15 of all hosts provide none or invalid certificates, thus cannot cater to confidentiality and data integrity, 64 certificates that lack any identity information, and shared certificates have gained on popularity, which leads to fate-sharing and can be a cause for instability.



There are no comments yet.


page 1

page 2

page 3

page 4


HTTPA: HTTPS Attestable Protocol

Hypertext Transfer Protocol Secure (HTTPS) protocol has become integral ...

A Study of Password Security Factors among Bangladeshi Government Websites

The Government of Bangladesh is aggressively transforming its public ser...

Privacy Enhanced DigiLocker using Ciphertext-Policy Attribute-Based Encryption

Recently, Government of India has taken several initiatives to make Indi...

SafeEmail A safe and reliable email communication system without any spam

Using multi group asymmetric public and private keys, this paper propose...

Implementing DMZ in Improving Network Security of Web Testing in STMIK AKBA

The aims of this research are to design and to implement network securit...

A Survey of HTTPS Traffic and Services Identification Approaches

HTTPS is quickly rising alongside the need of Internet users to benefit ...

WSEmail: A Retrospective on a System for Secure Internet Messaging Based on Web Services

Web services offer an opportunity to redesign a variety of older systems...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.