Show simple item record

dc.contributor.advisorDavid D. Clark and Daniel J. Weitzner.en_US
dc.contributor.authorSpecter, Michael Alanen_US
dc.contributor.otherTechnology and Policy Program.en_US
dc.date.accessioned2016-08-26T14:39:45Z
dc.date.available2016-08-26T14:39:45Z
dc.date.copyright2016en_US
dc.date.issued2016en_US
dc.identifier.urihttp://hdl.handle.net/1721.1/104028
dc.descriptionThesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, Institute for Data, Systems, and Society, Technology and Policy Program, 2016.en_US
dc.descriptionThesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2016.en_US
dc.descriptionCataloged from PDF version of thesis.en_US
dc.descriptionIncludes bibliographical references (pages 71-75).en_US
dc.description.abstractCertificate Authorities (CAs) play a crucial role in HTTPS, the mechanism that secures all of the web's most important communication; if it has a log-in page, it must use HTTPS. However, recent history is littered with instances of CAs unabashedly undermining the trust model of the web in favor of economic gain, causing catastrophic harm to users in the process. The purpose of this thesis is to understand how well user, domain owner, and browser vendor controls function in order to evaluate methods of realigning CA incentives. Using a compendium of past incidents of CA failure as a series of natural experiments, along with a large dataset of all publicly available certificate collections, we find that it is possible to causally link a very slight increase in domain owners leaving a CA when a CA acts inappropriately. We further find that the technical architecture of the CA system leaves users without effective control over which CAs they trust, and that browsers face certain difficulty in distrusting larger CAs. The end result is a system where large CAs can unilaterally undermine the trust model of the web without clear repercussion.en_US
dc.description.statementofresponsibilityby Michael Alan Specter.en_US
dc.format.extent75 pagesen_US
dc.language.isoengen_US
dc.publisherMassachusetts Institute of Technologyen_US
dc.rightsM.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission.en_US
dc.rights.urihttp://dspace.mit.edu/handle/1721.1/7582en_US
dc.subjectInstitute for Data, Systems, and Society.en_US
dc.subjectElectrical Engineering and Computer Science.en_US
dc.subjectEngineering Systems Division.en_US
dc.subjectTechnology and Policy Program.en_US
dc.titleThe economics of cryptographic trust : understanding certificate authoritiesen_US
dc.typeThesisen_US
dc.description.degreeS.M. in Technology and Policyen_US
dc.description.degreeS.M.en_US
dc.contributor.departmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
dc.contributor.departmentMassachusetts Institute of Technology. Engineering Systems Division
dc.contributor.departmentMassachusetts Institute of Technology. Institute for Data, Systems, and Society
dc.contributor.departmentTechnology and Policy Program
dc.identifier.oclc957287604en_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record