2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE)

Unveiling SSL/TLS MITM Hosts in the Wild

Zhen Li Gang Xiong Li Guo

Institute of Information Engineering, Institute of Information Engineering, Institute of Information Engineering,
Chinese Academy of Sciences Chinese Academy of Sciences Chinese Academy of Sciences
School of Cyber Security, University School of Cyber Security, University School of Cyber Security, Univesity of
of Chinese Academy Sciences of Chinese Academy Sciences Chinese Academy Sciences
Beijing, China Beijing, China Beijing, China
lizhen@[Link] xionggang@[Link] guoli@[Link]

Abstract—The SSL man-in-the-middle (MITM) attack uses The latest version of OpenSSL can prevent Heartbleed [8]
forged X.509 certificates to impersonate each endpoint and from stealing server’s random memory that may contains
intercept encrypted connections between clients and servers. sensitive privacy: password, credit card number, phone
Prior researches have revealed the prevalence of MITM number, e-mails, etc. SSL clients authenticate servers’
attacks from SSL proxies, firewall, anti-virus, adware and identities by verifying their X.509 certificates. Depending on
malware. In this work, we design and implement a novel the public key infrastructure (PKI), certificates could be
method to discovery suspicious SSL MITM hosts in the wild. trusted after being verified by their superior intermediate
Our results show that hosts using untrusted certificates are
certificate authority (CA) certificates, which are signed by
vulnerable to MITM attacks. We find 322,831 forged
the browser/system built-in root certificates. A root
certificates, most of which are generated by TLS proxies and
corporate firewalls such as Lancom System, Fortinet,
certificate is self-signed by a root CA. If any of the trusted
Technicolor, Ubiquiti, and so on. The main reason of these CAs has a security problem, attackers can intercept every
forged certificates disclosed in public maybe origin from SSL connection encrypted by certificates signed by the CA
default configurations. At the end, we clarify the limitations of on the Internet.
our method and give suggestions to defend against SSL MITM SSL MITM attacks have been found on the Internet, for
attacks. example, in Iran, Syria and Kazakhstan. Huang et al. [12]
have designed a method to detect SSL MITM attacks in the
Keywords—SSL/TLS, proxy, forged certificates, MITM
website perspective. They deployed client-side Adobe Flash
applet on Facebook’s servers to get certificates by opening
I. INTRODUCTION raw network sockets and imitating SSL handshakes.
Nearly 90% of web pages have been loaded from Antivirus, firewalls, adware, malware, and parental control
HTTPS[1][2], which is based on the Secure Socket Layer software are using MITM to intercept SSL traffic for
(SSL) [3] and its successor Transport Layer Security (TLS) different purposes. O’Neill et al. [16] measured the
[4]. SSL/TLS provides end-to-end encryption that protects prevalence of TLS proxies using a Flash tool deployed with a
website, e-mail, and ftp transmission, etc. from network Google Adwords. However, Mozilla, Microsoft and Google
eavesdropping and intercepting. Basically, data transmitted announced that they planned to retire Adobe Flash in
in the connection is encrypted by symmetric cryptography, company products. Onwuzurike et al. [10] simulated MITM
client and server identity can be authenticated by public key attacks and find 91% mobile apps accepted forged
cryptography, Message Authentication Code (MAC) prevent certificates. Unfortunately, most users would ignore those
data loss and alteration. However, the final security of SSL warning caused by forged certificates incautiously [7][11].
depends on the shortest board of the bucket, such as Even worse, some commercial CAs (CNNIC, Comodo,
vulnerabilities of protocol specifications and its implement, DCSSI, DigiNotar, India CCA, Thawte, Togo, Trustwave,
X.509 certificates and the validating codes, the TurkTrust, and so on) have been found to sign illegitimate
implementation and configuration of a certain client, and so certificates or misused sub-CA [9][13]. These fraudulent
on. By exploiting these vulnerabilities, a criminal can certificates will be used to eavesdrop on the encrypted
implement an MITM attack by impersonating each endpoint communications of normal websites, without any security
of a connection, utilizing ARP spoofing, DNS poisoning, warning from browsers.
BGP hijacking, proxy redirecting, or other hacking
technologies. With the success of the MITM attack, the Durumeric et al. [14] scanned the whole ipv4 hosts
criminal can tamper interactive data without alarming the utilizing ZMap to perform SSL handshakes with all hosts
users. serving HTTPS on port 443 and 995. They then grabbed
certificates and built a certificate database named Censys[15].
With the development and evaluation of technology, lots There are 2.69 billion certificates in total, with 447 million
of vulnerabilities have been fixed through higher versions or trusted certificates and 134 million self-signed ones . It’s
targeted patches. Lower versions of SSL/TLS (SSL 3.0, TLS hard to distinguish MITM-generated and host untrusted
1.0, etc.) have been abandoned according to protocol certificates that have not been stored in advance. They also
vulnerabilities, such as Browser Exploit Against SSL/TLS analyzed the HTTPS certificate ecosystem, and uncovered
(BEAST) [5] and Padding Oracle on Downgraded Legacy the security risk, user-facing errors and potential
Encryption (POODLE) [6]. Weak cipher suites, such as vulnerabilities [16].
cipher block chain (CBC) [7] in TLS 1.0, have been disabled.

978-1-7281-8304-6/20/$31.00 ©2020 IEEE 141 Dalian, China

September 27-29, 2020

Authorized licensed use limited to: Raytheon Technologies. Downloaded on May 15,2021 at 12:25:48 UTC from IEEE Xplore. Restrictions apply.
 In this paper, we propose a novel method to find B. Discovering suspicious MITM Hosts
suspicious SSL-MITM hosts in the server perspective. Based Multiple websites can be hosted at the same IP address
on Censys, we collect suspicious MITM hosts from and port using different certificates. Therefore, an extension
certificate and ipv4 datasets. We then re-scan these hosts of the SSL/TLS ClientHello packet named server name
with 6 popular website domains and verify the possible indication [8] (SNI) is used to help the server to choose the
MITM attacks on the Internet. corresponding certificate and the web service required by the
The rest of this paper is organized as follows. Section 2 user. However, it is hard to enumerate all the hosted domains,
elaborates the novel method to collect hosts using untrusted the default certificate will be given instead when requesting
certificates, and discriminate SSL-proxy hosts as well. without SNI extension. Therefore, it is impossible to extract
Section 3 shows the result and analyzes suspicious host, and all certificates of the IPs hosting multiple websites though
reveals how those popular websites are involved in MITM. active scanning. Thus, we introduce a novel two-step method:
Section 4 gives defenses against MITM attacks. Finally, we (1) discovering suspicious servers, (2) probing and verifying
conclude and acknowledge in Section 6. them.
Firstly, we query all certificates tagged ‘unexpired’ in
II. METHOD TO DISCOVER SUSPICIOUS MITM HOSTS Google BigQuery database of Censys, and separate them into
In this section, we present a novel method for discovering two datasets: untrusted-cert and trusted-cert by the tag
suspicious SSL MITM hosts. We firstly introduce Censys, a ‘trusted’. We analyze the difference between the two datasets
search engine backed by Internet-wide active scanning. Then, in Section 4. Then, we focus on the untrusted and unexpired
we describe the details of our method, including how to find, certificates. We dissect useful fields that can be utilized to
probe, and verify suspicious MITM hosts. Finally, we find suspicious MITM hosts, such as subject common names,
elaborate the limitation of our method. DNS names and IP addresses in the field of subject
alternative name (SAN). We also cross-join unexpired-
untrusted certificates and ipv4 public hosts in last 10 days
A. Censys
based on the common key sha256 fingerprint. Domains are
Censys, which is a search engine backed by fast Internet- resolved to IPv4 addresses, then we obtain the suspicious
wide active scanning, helps researchers answer security- MITM hosts.
related questions about hosts, domains and certificates on the
Internet. Censys is driven by active scans of the whole IPv4 We use zgrab2 to probe the suspicious MITM hosts. 6
address space using ZMap daily. It grabs HTTP, HTTP popular websites are selected from Alexa global top 100 sites
Proxy, HTTPS, SMTP(s), IMAP(s), FTP, CWMP, SSH and on the web, which are [Link], [Link],
Modbus using pluggable scanners, extracts valuable network [Link], [Link], [Link], and [Link]. SNI,
protocol fields, tags records with additional detailed such as [Link], is set to get corresponding
metadata to generate structured data of each host, and certificates, which can be used to verified whether MITM is
collects these records to build a database engine Zdb. It implemented by the server. Hosts of each website domain are
pushes updated records to Google datastore, ElasticSearch, scanned twice to offset the impact of packet loss. Then we
and Google BigQuery in order to provide full-text searches, filter all the hosts that response with certificates untrusted by
historical queries and analytical queries on protocol banners browsers and matched with SNI .
and parsed derived fields (e.g., [Link] ). Finally, we modify zgrap2 to support self-defined HTTP
Censys exposes the data to researchers through four Host field, scan the filtered hosts and test them whether to
interfaces: a web-based query and reporting interface, a response the same or similar web page with the legitimate
programmatic REST API, public Google BigQuery tables hosts.
and raw downloadable scanning results. Till February 2020,
it has collected 2.7 billion X.509 certificates in total, C. Limitations
scanning an average of 4.8 million active hosts and 1.2 Here we give insight into the limitations of our detection
million active websites daily. It also has saved historical method. Actually it’s difficult to protect from professional
records of domains and ipv4 hosts since July, 2015. attacks and some even have to accept the MITM proxies to
Additional security-relevant attributes are tagged for each complying with the companies’ mandatory requirements.
certificate, and there are four useful tags for our work, Our method can discover the MITM hosts exposed in public
including ‘trusted’, ‘unexpired’, ‘was-trusted’, and ‘expired’. on the Internet. In contrast, it cannot identify MITM attacks
‘trusted’ means that certificate is or was trusted by one web committed in local networks, behind the firewalls, using geo-
browser at least, ‘was-trusted’ indicates that certificate was blocking and other access control list (ACL). Moreover, the
trusted once and is not trusted now. A certificate is tagged as attacker can evade our method by banning unexpected access.
‘expired’ when it is beyond the validation period at the Hidden hosts and atypical SSL/TLS ports cannot be
current time. These tags are updated every day. It should be discovered as well.
aware that there is a difference between WEB-API and raw
data interface. In WEB-API, ‘trusted’ indicates a certificate D. Ethical Considerations
is trusted at the post-processing time, excepting ones which
was trusted once. ‘trusted’ and ‘was-trusted’ are mutually Our experiment sticks to the recommended practices.
exclusive. We request research access to get more results Instead of scanning the whole IPv4 address space, we obtain
from Censys, whereas there is a limitation on number of the initial hosts from Censys. While probing the suspicious
results in WEB-API. hosts, we limit scanning speed below 10Mbps and 500
concurrent connections per second. We set up a web page
explaining the purpose and scope of our active scanning,
with the modification of the HTTP User-Agent field adding

142

Authorized licensed use limited to: Raytheon Technologies. Downloaded on May 15,2021 at 12:25:48 UTC from IEEE Xplore. Restrictions apply.
“(research only, Any questions, mail to for 90 days signed by Let’s Encrypt. In contrast, untrusted
active_scann_abuse@[Link])”. We do not exploit certificates prefer much longer validity period, as more than
websites’ vulnerabilities or access any protected resources. 60% can be valid in 10 years or longer.
Information collected in our work will be deleted in 3
months. Public Key: Table II and Table III show that most of the
certificates are using RSA, including 99.3% of untrusted
certificates and 83.3% of trusted ones. A considerable part of
III. ANALYSIS OF MITM HOSTS certificates are using RSA-512/768/1024, which are proved
to be unsafe, especially for 512. None of the trusted
A. Trusted and untrusted certificates certificates use RSA-512 as the public key algorithm.
We retrieve 150,756,347 untrusted certificates and There’s no doubt that most of RSA certificates choose 2048-
493,033,229 trusted certificates from Censys Bigquery bit length public key. ECDSA is gradually applied in X.509
Dataset, which has stored 2.69 billion certificates collected certificates, most of which are using 256-bit public key.
by active scanning since 2015. ‘trusted’ means certificates
are/were accepted by latest Apple, Microsoft, or Mozilla TABLE I. RSA KEY LENGTH
NSS browsers without errors or warnings. We analyze
differences between two datasets in active interval, validity RSA Length Untrusted Trusted
length, signature algorithm, and issuer organization. 512 259499 0
768 3073508 0
1024 32962863 807
1040 772638 0
2048 109371403 367510145
3072 937707 2237978
4096 2261678 40729895
other 45087 5543

TABLE II. ECDSA KEY LENGTH

ECDSA Length Untrusted Trusted
224 5 0
256 906129 77364607
384 111959 5183074
521 1861 371

Signature Algorithm: Even though MD5 and SHA1

have been deprecated in TLS 1.2[19], there’s still a small
Fig. 1. Active interval for trusted and untrusted certificates
portion of trusted certificates using them. In untrusted
certificates, the proportion rise to 37.6%. Gratifyingly,
Active Interval. We calculate the interval between
compared to [17], it decreased in untrusted certificates and
added_at and updated_at in Censys certificate table. Figure 1
almost disappeared in trusted ones. Both them prefer to
summarizes the active interval of trusted certificates and
choose SHA256-RSA. RSA-RSS, which is experimental
untrusted ones which are unexpired. About 54% certificates
supported in TLS1.3 (released in August 2018), is more
appear in one day are trusted, they are issued the previous
chosen in untrusted certificates than trusted one.
day. Table I shows that Let’s Encrypt has issued 271 million
unexpired certificates in total and occupies 55.1 percent.
Cloudflare has contributed 15.5% trusted certificates because
of their strategy of encrypted hosting websites. Also, we can
conclude that active time of trusted certificates is longer than
untrusted ones.

Fig. 3. X.509 certificate signature algorithm

Issuer Organization: Table II shows that 55.1% of

trusted certificates are issued by Let’s Encrypt, which
Fig. 2. Validity of certificates
provides free certificates for the public. It’s easy to sign a
Validity Length: Every certificate is valid in a period of domain validated certificate using Certbot ACME client.
time, otherwise SSL/TLS clients will not accept them. Figure Cloudflare has signed 15.5% trusted certificates for websites
2shows that the life cycle of less than 80% trusted hosted in the cloud. Table III describes that 67.9%
certificates ends in one year. Further, 60% of them are valid certificates have an empty string in the field of issuer

143

Authorized licensed use limited to: Raytheon Technologies. Downloaded on May 15,2021 at 12:25:48 UTC from IEEE Xplore. Restrictions apply.
organization. Others can be classified to firewall whether an MITM attack is implemented on the server. Table
manufactures(Fortinet, LANCOM, Technicolor, etc.), home V shows the forged certificates that we finally obtained from
wireless routers (DLink, TPLink, ASUSWRT, Netgear, etc), 70182 IPs, 90% of which are issued by Lancom System,
data storage (Synology, Western Digital, etc.), virtual hosts following by TitanHQ, Sophos, Mitel Networks, and Digital
(VMWare, Bitnami, etc.); VPNs (such as Sanfor;), Anti- Arts Inc. Most of them are firewall manufacturers.
Virus (such as McAfee) and MITM proxies (mitmproxy,
findler, etc). TABLE VI. ISSUER ORGANIZATIONS OF FAKE CERTIFICATES
Issuer Organization Issued Certs
TABLE III. ISSUER ORGANIZATION OF TRUSTED CERTIFICATES LANCOM Systems 273337
Issuer Organization Issued Certs Percentage Sophos 75939
Let's Encrypt 271661604 55.1 LANCOM Systems GmbH 14699
CloudFlare, Inc. 76523749 15.5 TitanHQ 4503
cPanel, Inc. 39629542 8.0 - 1838
DigiCert Inc 28662558 5.8 Digital Arts Inc. 807
Sectigo Limited 23888084 4.8 the-ranch 344
[Link], Inc. 10381096 2.1 XX 341
Plex, Inc. 6870430 1.4 Securly, Inc 358
Amazon 6521812 1.3 Mitel Networks 123
Microsoft Corporation 6084211 1.2
Others 22799188 4.6
We analyze the issued date of these forged certificates,
about 30 certificates were generated at the time of probing,
TABLE IV. ISSUED ORGANIZATIONS OF UNTRUSTED CERTIFICATES well 11,294 certificates issued at ‘2014-12-11T09:57:33Z’,
4,736 ones at ‘2019-01-24T00:15:40Z’, and 1,076 at ‘2009-
Issuer Organization Issued Certs Percentage 04-14T07:26:09Z’. The first two of certificates were issued
“No Organization” 102392500 67.9
by Lancom System. We tested them using nonexistent
Fortinet 5088923 3.4
LANCOM Systems 3826141 2.5 domains and the validity period of corresponding certificates
LANCOM Systems GmbH 2142036 1.4 given by them are chosen from time above. Therefore it is
Technicolor 2001052 1.3 hard to infer whether those certificates are generated due to
Ubiquiti Networks Inc. 1988243 1.3 our active scanning. Other certificates are issued at different
2Wire 1698896 1.1 time, indicating that some TLS connections had been
Archer C5 1157531 0.8 attacked by MITM before.
Acme Co 1144120 0.8
Others 29316905 19.4 Finally, we probe these MITM services with HTTP
B. Supspicious MITM Hosts in the Wild requests, and test whether these services are used in public.
Therefore, we modify zgrab2 by adding optional Host. 7 IPs
We start to find suspicious unexpired certificates which give the similar response compared to the true websites. The
are untrusted by Apple, Microsoft and Mozilla NSS browsers. HTTP response codes are listed in Table VI. Most hosts
150.8 million certificates, named responded with HTTP 40x errors, which indicates it is just
dataset_unexpired_untrusted, have been obtained by using unauthorized. Though Fortinet issued more untrusted
query filter ([Link]: “unexpired”) and ([Link]: certificates than Lancom System, there’s much less forged
“untrusted”) and ([Link]: “unexpired”) and ([Link]: ones discovered from Fortinet. Thus, we speculate that
“trusted”). firewalls produced by Lancom System enable MITM
We also get 114.6 million hosts supporting TLS protocol functions on uplink port by default, and corporate technical
from Google BigQuery table ipv4_public.current, which support engineers forgot to shutdown it.
gives active IPv4 hosts of last 10 days. 8.5 million hosts
using untrusted and unexpired certificates are found by TABLE VII. HTTP RESPONSE FOR MITM HOSTS
joining two tables with certificate SHA-256 fingerprints. We
HTTP Response Code Number
also extract domains and IPs from the certificates of 403 17534
dataset_unexpired_untrusted, including common names in 200 11188
subject field, and subject alt names in SAN extensions. 404 177
302 174
503 136
TABLE V. FAKE CERTIFICATES COLLECTED BY DIFFERENT METHODS 400 78
[Huang [O’Neill 2016]
Websites [Ours] IV. DEFENSE AGAINST MITM ATTACKS
2014]
[Link] 48042 - 11764 We have found suspicious MITM services and got forged
[Link] 47597 - -
[Link] 48399 - -
SSL certificates in the real-world. In this section, we give
[Link] 48481 - - some advices that defend MITM attacks.
[Link] 47605 6845 -
[Link] 48730 - - A. HTTP Strict Transport Security
We utilize zgrab2 to probe the suspicious SSL/TLS It is a web security policy mechanism that a HTTP
servers with 6 popular website domains which are selected response header is sent to browsers, indicating that domains
from Alexa top 100 sites, including [Link], and subdomains are protected for a set period of time.
[Link], [Link], [Link], [Link], and Websites can prevent attackers from SSL stripping, and the
[Link]. SNI, such as [Link], is set to get browsers will stop the communication when receiving
corresponding certificates, which can be used to verify invalid and untrusted certificates, well users cannot ignore

144

Authorized licensed use limited to: Raytheon Technologies. Downloaded on May 15,2021 at 12:25:48 UTC from IEEE Xplore. Restrictions apply.
SSL errors or continue to visit the insecure contents. ACKNOWLEDGMENT
However, HSTS will not protect against attackers that use This work is supported by The National Natural Science
abused certificates, which are trusted by the browser. Foundation of China (No.61702501 and No.U1636217), The
National Key R&D Program of China
B. Public Key Pinning (No.2016YFB0801200 and No.2016QY05X1000) and The
The Public Key Pinning Extension for HTTP (HPKP) is a Key research and Development Program for Guangdong
security feature that allows websites to bind their specific Province under grant (No.2019B010137003).
cryptographic public key, thus unauthorized forged
certificates would be rejected. Similar with HSTS, a HTTP REFERENCES
header is sent to client browser which will store information
[1] Google Transparency Report, Google,
for a given period. Both HSTS and HPKP are a Trust-on- [Link]
First-Use technique, clients must securely visit the real [2] Let‘s Encrypt Stats, [Link]
website before connecting to untrusted networks. Due to
[3] A. O. Freier, P. Karlton, and P. C. Kocher, “The Secure Sockets
security risk, HPKP may be abused instead. Each pin is Layer (SSL) Protocol Version 3.0,” RFC 6101 (Historic), Internet
bound to a unique identity, if it is not in control, the website Engineering Task Force, Aug. 2011
will be lost. This feature has been no longer recommended. [4] T. Dierks and E. Rescorla, “The Transport Layer Security (TLS)
Protocol Version 1.2,” RFC 5246 (Proposed Standard), Internet
C. SSL Pinning Engineering Task Force, Aug. 2008
[5] CVE-2011-3389, [Link]
Similar to HPKP, mobile APPs can be configured to bin/[Link]?name=CVE-2011-3389
reject all but only one or a few predefined certificates, called [6] CVE-2014-3566 [Link]
SSL Pinning. When the an APP connects to a server, it bin/[Link]?name=CVE-2014-3566
verifies certificates given in SSL connections with the pinned [7] D. Akhawe and A. P. Felt, “Alice in warningland: A large-scale field
certificates, connection can be established if and only if they study of browser security warning effectiveness,” in Proceedings of
match. SSL Pinning can protect APPs from attacking by the 22nd USENIX Security Symposium, 2013.
installing a root certificate into system’s trust store [8] CVE-2014-0160, [Link]
intentionally through a malicious web page, and prevent bin/[Link]?name=cve-2014-0160
reverse engineers from adding a custom root CA and [9] Certificate Blocklist
[Link]
intercept the encrypted communication. Mostly, SSL Pinning f46fccb115a0fd65f0305894e3031/net/data/ssl/blocklist/[Link]
information is distributed with application through a trusted
[10] Lucky Onwuzurike and Emiliano De Cristofaro. 2015. Danger is my
third-party, such as Apple App Store and Google Play. middle name: experimenting with SSL vulnerabilities in Android apps.
In Proceedings of the 8th ACM Conference on Security & Privacy in
D. Certificate Transparency Logs Wireless and Mobile Networks (WiSec ’15). Association for
Computing Machinery, New York, NY, USA, Article 15, 1–6.
Certificate Transparency (CT) extends TLS operation [11] J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor,
with logs, auditors, and monitors. Each newly issued “Crying wolf: an empirical study of SSL warning effectiveness,” in
certificate is appended to CT logs which are maintained by a Proceedings of the 18th USENIX Security Symposium, 2009.
binary Merkle Hash Tree, CT logs can be verified in public [12] Lin Shung Huang, Alex Rice, Erling Ellingsen, and Collin Jackson.
and will not be tampered. It tells clients that the certificate is 2014. Analyzing Forged SSL Certificates in the Wild. In Proceedings
logged and valid, or it will be rejected as untrusted and the of the 2014 IEEE Symposium on Security and Privacy (SP ’14). IEEE
Computer Society, USA, 83–97
connection will be blocked. CT mechanism does not mean
[13] H. Adkins, “An update on attempted man-in-the-middle attacks,”
that the current connection is really security, but it can [Link] on-
supervise certificate authority, which should be more attempted- man- in- [Link].
responsible and do not sign unauthorized forged certificates. [14] Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2013. ZMap:
fast internet-wide scanning and its security applications. In
V. CONCLUSIONS Proceedings of the 22nd USENIX conference on Security (SEC’13).
USENIX Association, USA, 605–620.
In this paper, we introduced a novel two-step method for [15] Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J.
discovering suspicious SSL MITM attacks in the wild. We Alex Halderman. 2015. A Search Engine Backed by Internet-Wide
discovered suspicious hosts using ‘untrusted’ tag from Scanning. In Proceedings of the 22nd ACM SIGSAC Conference on
Computer and Communications Security (CCS ’15). Association for
Censys, re-scanned them with targeted website domains, Computing Machinery, New York, NY, USA, 542–553
extracted the corresponding certificates which are untrusted,
[16] Mark O’Neill, Scott Ruoti, Kent Seamons, and Daniel Zappala. 2016.
and tested whether they were MITM attacking hosts in TLS Proxies: Friend or Foe? In Proceedings of the 2016 Internet
public. Our results revealed that MITM attacks had happened Measurement Conference (IMC ’16). Association for Computing
targeting at [Link], [Link], [Link], [Link], Machinery, New York, NY, USA, 551–557
[Link], and [Link]. In this work, we found more [17] Z. Durumeric, J. Kasten, M. Bailey, and J. A. Halderman. Analysis of
forged certificates than prior researches. We strongly urge the HTTPS certificate ecosystem. In Internet Measurement
company technical support engineers to safeguard the Conference, 2013
firewalls and shutdown unnecessary services in public to [18] S. Blake-Wilson, M. Nystrom, D. Hopwood, J. Mikkelsen, T. Wright,
2003, Tranport Layer Security Extension.
keep employees away from MITM attacks. We also [Link]
recommend websites to deploy multiple defenses, such as [19] Deprecating MD5 and SHA1 in TLS 1.2,
HSTS, CT, and SSL Pinning. [Link]
[Link]

145

Authorized licensed use limited to: Raytheon Technologies. Downloaded on May 15,2021 at 12:25:48 UTC from IEEE Xplore. Restrictions apply.