{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,9]],"date-time":"2026-05-09T14:25:58Z","timestamp":1778336758347,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":55,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,2]],"date-time":"2022-11-02T00:00:00Z","timestamp":1667347200000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["BehavIoT CNS-1909020"],"award-info":[{"award-number":["BehavIoT CNS-1909020"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100010663","name":"H2020 European Research Council","doi-asserted-by":"publisher","award":["TRUST aWARE, Grant agreement No. 101021377"],"award-info":[{"award-number":["TRUST aWARE, Grant agreement No. 101021377"]}],"id":[{"id":"10.13039\/100010663","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Spanish National Grant ODIO","award":["PID2019-111429RB- C22"],"award-info":[{"award-number":["PID2019-111429RB- C22"]}]},{"name":"Consumer Reports"},{"name":"National Science Foundation","award":["ProperData SaTC- 1955227"],"award-info":[{"award-number":["ProperData SaTC- 1955227"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,2]]},"DOI":"10.1145\/3487552.3487830","type":"proceedings-article","created":{"date-parts":[[2021,11,1]],"date-time":"2021-11-01T17:35:11Z","timestamp":1635788111000},"page":"165-178","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":48,"title":["IoTLS"],"prefix":"10.1145","author":[{"given":"Muhammad Talha","family":"Paracha","sequence":"first","affiliation":[{"name":"Northeastern University"}]},{"given":"Daniel J.","family":"Dubois","sequence":"additional","affiliation":[{"name":"Northeastern University"}]},{"given":"Narseo","family":"Vallina-Rodriguez","sequence":"additional","affiliation":[{"name":"IMDEA Networks \/ ICSI \/ AppCensus Inc."}]},{"given":"David","family":"Choffnes","sequence":"additional","affiliation":[{"name":"Northeastern University"}]}],"member":"320","published-online":{"date-parts":[[2021,11,2]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"[n. d.]. 1493822 - Removal of \"Visa eCommerce Root\" CA from Mozilla Root Program. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1493822. ([n. d.]). (Accessed on 05\/16\/2021)."},{"key":"e_1_3_2_2_2_1","unstructured":"[n. d.]. 1552374 - Remove Certinomis - Root CA. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1552374. ([n. d.]). (Accessed on 05\/16\/2021)."},{"key":"e_1_3_2_2_3_1","unstructured":"[n. d.]. Apple Google Microsoft and Mozilla come together to end TLS 1.0 | Ars Technica. https:\/\/arstechnica.com\/gadgets\/2018\/10\/browser-vendors-unite-to-end-support-for-20-year-old-tls-1-0\/. ([n. d.]). (Accessed on 05\/14\/2021)."},{"key":"e_1_3_2_2_4_1","unstructured":"[n. d.]. CAB Forum | Certification Authorities Web Browsers and Interested Parties Working to Secure the Web. https:\/\/cabforum.org\/. ([n. d.]). (Accessed on 09\/27\/2021)."},{"key":"e_1_3_2_2_5_1","unstructured":"[n. d.]. ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF. https:\/\/media.defense.gov\/2021\/Jan\/05\/2002560140\/-1\/-1\/0\/ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF. ([n. d.]). (Accessed on 05\/25\/2021)."},{"key":"e_1_3_2_2_6_1","unstructured":"[n. d.]. Fire OS Overview | Amazon Fire TV. https:\/\/developer.amazon.com\/docs\/fire-tv\/fire-os-overview.html. ([n. d.]). (Accessed on 11\/21\/2020)."},{"key":"e_1_3_2_2_7_1","unstructured":"[n. d.]. Google Online Security Blog: Distrusting WoSign and StartCom Certificates. https:\/\/security.googleblog.com\/2016\/10\/distrusting-wosign-and-startcom.html. ([n. d.]). (Accessed on 05\/26\/2021)."},{"key":"e_1_3_2_2_8_1","unstructured":"[n. d.]. ioXt - The Global Standard for IoT Security. https:\/\/www.ioxtalliance.org\/. ([n. d.]). (Accessed on 05\/26\/2021)."},{"key":"e_1_3_2_2_9_1","unstructured":"[n. d.]. Microsoft Trusted Root Certificate Program: Participants - TechNet Articles - United States (English) - TechNet Wiki. https:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/31634.microsoft-trusted-root-certificate-program-participants.aspx. ([n. d.]). (Accessed on 05\/19\/2021)."},{"key":"e_1_3_2_2_10_1","unstructured":"[n. d.]. mitmproxy - an interactive HTTPS proxy. https:\/\/mitmproxy.org\/. ([n. d.]). (Accessed on 05\/26\/2021)."},{"key":"e_1_3_2_2_11_1","unstructured":"[n. d.]. mitmproxy\/tls_passthrough.py at main \u2022 mitmproxy\/mitmproxy. https:\/\/github.com\/mitmproxy\/mitmproxy\/blob\/main\/examples\/contrib\/tls_passthrough.py. ([n. d.]). (Accessed on 05\/26\/2021)."},{"key":"e_1_3_2_2_12_1","unstructured":"[n. d.]. mozilla-central: certdata.txt. https:\/\/hg.mozilla.org\/mozilla-central\/file\/tip\/security\/nss\/lib\/ckfw\/builtins\/certdata.txt. ([n. d.]). (Accessed on 05\/19\/2021)."},{"key":"e_1_3_2_2_13_1","unstructured":"[n. d.]. net\/data\/ssl\/blocklist - chromium\/src - Git at Google. https:\/\/chromium.googlesource.com\/chromium\/src\/+\/refs\/heads\/main\/net\/data\/ssl\/blocklist\/. ([n. d.]). (Accessed on 05\/26\/2021)."},{"key":"e_1_3_2_2_14_1","unstructured":"[n. d.]. Number of IoT devices 2015-2025 | Statista. https:\/\/www.statista.com\/statistics\/471264\/iot-number-of-connected-devices-worldwide\/. ([n. d.]). (Accessed on 12\/02\/2020)."},{"key":"e_1_3_2_2_15_1","unstructured":"[n. d.]. platform\/libcore - Git at Google. https:\/\/android.googlesource.com\/platform\/libcore\/. ([n. d.]). (Accessed on 05\/19\/2021)."},{"key":"e_1_3_2_2_16_1","unstructured":"[n. d.]. Refs - platform\/system\/ca-certificates - Git at Google. https:\/\/android.googlesource.com\/platform\/system\/ca-certificates\/+refs. ([n. d.]). (Accessed on 05\/19\/2021)."},{"key":"e_1_3_2_2_17_1","unstructured":"[n. d.]. Revoking Trust in Two TurkTrust Certificates - Mozilla Security Blog. https:\/\/blog.mozilla.org\/security\/2013\/01\/03\/revoking-trust-in-two-turktrust-certficates\/. ([n. d.]). (Accessed on 05\/16\/2021)."},{"key":"e_1_3_2_2_18_1","unstructured":"[n. d.]. rfc2818. https:\/\/datatracker.ietf.org\/doc\/html\/rfc2818. ([n. d.]). (Accessed on 05\/22\/2021)."},{"key":"e_1_3_2_2_19_1","unstructured":"[n. d.]. rfc5280. https:\/\/datatracker.ietf.org\/doc\/html\/rfc5280. ([n. d.]). (Accessed on 05\/22\/2021)."},{"key":"e_1_3_2_2_20_1","unstructured":"[n. d.]. This POODLE Bites: Exploiting The SSL 3.0 Fallback. https:\/\/www.openssl.org\/~bodo\/ssl-poodle.pdf. ([n. d.]). (Accessed on 05\/03\/2021)."},{"key":"e_1_3_2_2_21_1","unstructured":"[n. d.]. TLS Cipher String \u2022 OWASP Cheat Sheet Series. https:\/\/web.archive.org\/web\/20190716105553\/https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/TLS_Cipher_String_Cheat_Sheet.html. ([n. d.]). (Accessed on 05\/16\/2021)."},{"key":"e_1_3_2_2_22_1","unstructured":"[n. d.]. TLS Fingerprinting in the Real World - Cisco Blogs. https:\/\/blogs.cisco.com\/security\/tls-fingerprinting-in-the-real-world. ([n. d.]). (Accessed on 11\/25\/2020)."},{"key":"e_1_3_2_2_23_1","unstructured":"[n. d.]. What You Need To Know About the SolarWinds Supply-Chain Attack | SANS Institute. https:\/\/www.sans.org\/blog\/what-you-need-to-know-about-the-solarwinds-supply-chain-attack\/. ([n. d.]). (Accessed on 04\/04\/2021)."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813707"},{"key":"e_1_3_2_2_25_1","volume-title":"USENIX Security Symposium. 173","author":"AlFardan Nadhem J","year":"2013","unstructured":"Nadhem J AlFardan, Daniel J Bernstein, Kenneth G Paterson, Bertram Poettering, and Jacob CN Schuldt. 2013. On the Security of RC4 in TLS and WPA. In USENIX Security Symposium. 173."},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00013"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131401"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.39"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978423"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SocialCom.2013.90"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.15"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.40"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"crossref","unstructured":"Zakir Durumeric Zane Ma Drew Springall Richard Barnes Nick Sullivan Elie Bursztein Michael Bailey J Alex Halderman and Vern Paxson. 2017. The Security Impact of HTTPS Interception.. In NDSS.","DOI":"10.14722\/ndss.2017.23456"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2015.93"},{"key":"e_1_3_2_2_37_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Felt Adrienne Porter","year":"2017","unstructured":"Adrienne Porter Felt, Richard Barnes, April King, Chris Palmer, Chris Bentzel, and Parisa Tabriz. 2017. Measuring HTTPS adoption on the web. In 26th USENIX Security Symposium (USENIX Security 17). 1323--1338."},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"crossref","unstructured":"Sergey Frolov and Eric Wustrow. 2019. The use of TLS in Censorship Circumvention.. In NDSS.","DOI":"10.14722\/ndss.2019.23511"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"e_1_3_2_2_40_1","unstructured":"Cristian Hesselman Jelte Jansen Marco Davids and Ricardo de O Schmidt. 2017. SPIN: a user-centric security extension for in-home networks. Technical Report. SIDN Labs Technical report SIDN-TR-2017-002."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411740.3411742"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39884-1_28"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278568"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815685"},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2021-0075"},{"key":"e_1_3_2_2_46_1","volume-title":"This POODLE bites: exploiting the SSL 3.0 fallback. Security Advisory","author":"M\u00f6ller Bodo","year":"2014","unstructured":"Bodo M\u00f6ller, Thai Duong, and Krzysztof Kotowicz. 2014. This POODLE bites: exploiting the SSL 3.0 fallback. Security Advisory (2014)."},{"key":"e_1_3_2_2_47_1","volume-title":"Why Eve and Mallory Still Love Android: Revisiting TLS (In) Security in Android Applications. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Oltrogge Marten","year":"2021","unstructured":"Marten Oltrogge, Nicolas Huaman, Sabrina Amft, Yasemin Acar, Michael Backes, and Sascha Fahl. 2021. Why Eve and Mallory Still Love Android: Revisiting TLS (In) Security in Android Applications. In 30th USENIX Security Symposium (USENIX Security 21)."},{"key":"e_1_3_2_2_48_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"O'Neill Mark","year":"2018","unstructured":"Mark O'Neill, Scott Heidbrink, Jordan Whitehead, Tanner Perdue, Luke Dickinson, Torstein Collett, Nick Bonner, Kent Seamons, and Daniel Zappala. 2018. The Secure Socket API: TLS as an Operating System Service. In 27th USENIX Security Symposium (USENIX Security 18). 799--816."},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2994459.2994473"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45472-5_20"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3143361.3143400"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355577"},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3419394.3423650"},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2674005.2675015"},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2020-0021"}],"event":{"name":"IMC '21: ACM Internet Measurement Conference","location":"Virtual Event","acronym":"IMC '21","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication","SIGMETRICS ACM Special Interest Group on Measurement and Evaluation","USENIX Assoc USENIX Assoc"]},"container-title":["Proceedings of the 21st ACM Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3487552.3487830","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3487552.3487830","content-type":"text\/html","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3487552.3487830","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3487552.3487830","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,15]],"date-time":"2025-12-15T17:21:38Z","timestamp":1765819298000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3487552.3487830"}},"subtitle":["understanding TLS usage in consumer IoT devices"],"short-title":[],"issued":{"date-parts":[[2021,11,2]]},"references-count":55,"alternative-id":["10.1145\/3487552.3487830","10.1145\/3487552"],"URL":"https:\/\/doi.org\/10.1145\/3487552.3487830","relation":{},"subject":[],"published":{"date-parts":[[2021,11,2]]},"assertion":[{"value":"2021-11-02","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}