{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T04:11:21Z","timestamp":1776399081396,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":53,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,24]],"date-time":"2023-10-24T00:00:00Z","timestamp":1698105600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-2154962,CNS-2319421,CNS-2219867,CNS-1955227"],"award-info":[{"award-number":["CNS-2154962,CNS-2319421,CNS-2219867,CNS-1955227"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Consumer Reports Digital Lab Fellowship"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,24]]},"DOI":"10.1145\/3618257.3624815","type":"proceedings-article","created":{"date-parts":[[2023,10,23]],"date-time":"2023-10-23T00:19:52Z","timestamp":1698020392000},"page":"457-477","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Behind the Scenes: Uncovering TLS and Server Certificate Practice of IoT Device Vendors in the Wild"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7846-2649","authenticated-orcid":false,"given":"Hongying","family":"Dong","sequence":"first","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-9979-3975","authenticated-orcid":false,"given":"Hao","family":"Shu","sequence":"additional","affiliation":[{"name":"New York University, New York City, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6987-4262","authenticated-orcid":false,"given":"Vijay","family":"Prakash","sequence":"additional","affiliation":[{"name":"New York University, New York City, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-3938-8838","authenticated-orcid":false,"given":"Yizhe","family":"Zhang","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2831-6632","authenticated-orcid":false,"given":"Muhammad Talha","family":"Paracha","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7825-7226","authenticated-orcid":false,"given":"David","family":"Choffnes","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9283-3557","authenticated-orcid":false,"given":"Santiago","family":"Torres-Arias","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1794-6105","authenticated-orcid":false,"given":"Danny Yuxing","family":"Huang","sequence":"additional","affiliation":[{"name":"New York University, New York City, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6650-4373","authenticated-orcid":false,"given":"Yixin","family":"Sun","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,10,24]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"Why ninety-day lifetimes for certificates?","author":"Aas Josh","year":"2015","unstructured":"Josh Aas. 2015. Why ninety-day lifetimes for certificates? (2015). https:\/\/letsencrypt.org\/2015\/11\/09\/why-90-days.html."},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363192"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2488388.2488395"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00013"},{"key":"e_1_3_2_2_5_1","unstructured":"Manos Antonakakis Tim April Michael Bailey Matt Bernhard Elie Bursztein Jaime Cochran Zakir Durumeric J Alex Halderman Luca Invernizzi Michalis Kallitsis et al. 2017. Understanding the mirai botnet. In 26th {USENIX} security symposium ({USENIX} Security 17). 1093--1110."},{"key":"e_1_3_2_2_6_1","unstructured":"Apple. 2023 a. Apple's Certificate Transparency policy. (2023). https:\/\/support.apple.com\/en-us\/HT205280."},{"key":"e_1_3_2_2_7_1","unstructured":"Apple. 2023 b. Available trusted root certificates for Apple operating systems. (2023). https:\/\/support.apple.com\/en-us\/HT209143."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.15"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978301"},{"key":"e_1_3_2_2_10_1","volume-title":"Security and Privacy in Communication Networks: 15th EAI International Conference, SecureComm 2019, Orlando, FL, USA, October 23--25, 2019, Proceedings, Part II.","volume":"305","author":"Chen Songqing","year":"2019","unstructured":"Songqing Chen, Kim-Kwang Raymond Choo, Xinwen Fu, Wenjing Lou, and Aziz Mohaisen. 2019. Security and Privacy in Communication Networks: 15th EAI International Conference, SecureComm 2019, Orlando, FL, USA, October 23--25, 2019, Proceedings, Part II. Vol. 305. Springer Nature."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"crossref","unstructured":"T. Dierks and E. Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard). (Aug. 2008). http:\/\/www.ietf.org\/rfc\/rfc5246.txt Updated by RFCs 5746 5878 6176.","DOI":"10.17487\/rfc5246"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2020-0072"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"crossref","unstructured":"Zakir Durumeric Zane Ma Drew Springall Richard Barnes Nick Sullivan Elie Bursztein Michael Bailey J Alex Halderman and Vern Paxson. 2017. The Security Impact of HTTPS Interception.. In NDSS.","DOI":"10.14722\/ndss.2017.23456"},{"key":"e_1_3_2_2_15_1","first-page":"1","article-title":"Hajime: Analysis of a decentralized internet worm for IoT devices","volume":"16","author":"Edwards Sam","year":"2016","unstructured":"Sam Edwards and Ioannis Profetis. 2016. Hajime: Analysis of a decentralized internet worm for IoT devices. Rapidity Networks, Vol. 16 (2016), 1--18.","journal-title":"Rapidity Networks"},{"key":"e_1_3_2_2_16_1","unstructured":"Let's Encrypt. 2022. ACME Client Implementations. (2022). https:\/\/letsencrypt.org\/docs\/client-options\/."},{"key":"e_1_3_2_2_17_1","volume-title":"https:\/\/www4.enphase.com\/en-us\/legal\/open-source-license-compliance-envoy-3.8.x","author":"Energy Enphase","year":"2023","unstructured":"Enphase Energy. 2023. Envoy 3.8.X. (2023). https:\/\/www4.enphase.com\/en-us\/legal\/open-source-license-compliance-envoy-3.8.x."},{"key":"e_1_3_2_2_18_1","volume-title":"Mbed TLS ChangeLog. (2023). Retrieved","author":"Firmware Trusted","year":"2023","unstructured":"Trusted Firmware. 2023. Mbed TLS ChangeLog. (2023). Retrieved September 2023 from https:\/\/review.trustedfirmware.org\/plugins\/gitiles\/mirror\/mbed-tls\/\/7c94d8bcab1ed7e7a0079c67aa41731243de6f54\/ChangeLog"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"crossref","unstructured":"Sergey Frolov and Eric Wustrow. 2019. The use of TLS in Censorship Circumvention.. In NDSS.","DOI":"10.14722\/ndss.2019.23511"},{"key":"e_1_3_2_2_20_1","unstructured":"Google. 2023 a. Certificate Lifetimes. (2023). https:\/\/chromium.googlesource.com\/chromium\/src\/\/HEAD\/net\/docs\/certificate_lifetimes.md."},{"key":"e_1_3_2_2_21_1","unstructured":"Google. 2023 b. Chromium.IsSecureTLSCipherSuite function. (2023). https:\/\/chromium.googlesource.com\/chromium\/src\/net\/\/master\/ssl\/."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068856"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3397333"},{"key":"e_1_3_2_2_24_1","volume-title":"The distribution of the flora in the alpine zone. 1. New phytologist","author":"Jaccard Paul","year":"1912","unstructured":"Paul Jaccard. 1912. The distribution of the flora in the alpine zone. 1. New phytologist, Vol. 11, 2 (1912), 37--50."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278568"},{"key":"e_1_3_2_2_26_1","volume-title":"Evolution of SSL\/TLS Indicators and Warnings in Web Browsers. In Security Protocols XXVII: 27th International Workshop","author":"Kraus Lydia","year":"2020","unstructured":"Lydia Kraus, Martin Ukrop, Vashek Matyas, and Tobias Fiebig. 2020. Evolution of SSL\/TLS Indicators and Warnings in Web Browsers. In Security Protocols XXVII: 27th International Workshop, Cambridge, UK, April 10-12, 2019, Revised Selected Papers 27. Springer, 267--280."},{"key":"e_1_3_2_2_27_1","volume-title":"2023 a. API\/ABI changes review for mbed TLS. (2023). Retrieved","author":"Laboratory ABI","year":"2023","unstructured":"ABI Laboratory. 2023 a. API\/ABI changes review for mbed TLS. (2023). Retrieved September 2023 from https:\/\/abi-laboratory.pro\/index.php?view=timeline&l=mbedtls"},{"key":"e_1_3_2_2_28_1","volume-title":"2023 b. API\/ABI changes review for wolfSSL. (2023). Retrieved","author":"Laboratory ABI","year":"2023","unstructured":"ABI Laboratory. 2023 b. API\/ABI changes review for wolfSSL. (2023). Retrieved September 2023 from https:\/\/abi-laboratory.pro\/?view=timeline&l=wolfssl"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","unstructured":"Ben Laurie Adam Langley and Emilia Kasper. 2013. Certificate Transparency. RFC 6962. (June 2013). https:\/\/doi.org\/10.17487\/RFC6962","DOI":"10.17487\/RFC6962"},{"key":"e_1_3_2_2_30_1","volume-title":"Retrieved","author":"Limited Sectigo","year":"2023","unstructured":"Sectigo Limited. 2023. Crt.sh. (2023). Retrieved September 2023 from https:\/\/crt.sh\/"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815685"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487813"},{"key":"e_1_3_2_2_33_1","volume-title":"https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/install\/certificate-stores","author":"Stores Certificate","year":"2023","unstructured":"Microsoft. 2023. Certificate Stores. (2023). https:\/\/docs.microsoft.com\/en-us\/windows-hardware\/drivers\/install\/certificate-stores."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354198"},{"key":"e_1_3_2_2_35_1","unstructured":"Mozilla. 2023 a. Common CA Database. (2023). https:\/\/www.ccadb.org\/."},{"key":"e_1_3_2_2_36_1","unstructured":"Mozilla. 2023 b. Mozilla's CA Certificate Program. (2023). https:\/\/wiki.mozilla.org\/CA."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487830"},{"key":"e_1_3_2_2_38_1","volume-title":"https:\/\/zeek.org\/","author":"Project The Zeek","year":"2020","unstructured":"The Zeek Project. 2020. Zeek. (2020). https:\/\/zeek.org\/."},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3143361.3143400"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355577"},{"key":"e_1_3_2_2_41_1","volume-title":"RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3. (2018). Retrieved","author":"Rescorla Eric","year":"2023","unstructured":"Eric Rescorla. 2018. RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3. (2018). Retrieved September 2023 from https:\/\/datatracker.ietf.org\/doc\/html\/rfc8446\/"},{"key":"e_1_3_2_2_42_1","volume-title":"https:\/\/ciphersuite.info\/","author":"Rudolph Hans Christian","year":"2022","unstructured":"Hans Christian Rudolph and Nils Grundmann. 2022. Ciphersuite Info. (2022). https:\/\/ciphersuite.info\/."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1086\/359059"},{"key":"e_1_3_2_2_44_1","volume-title":"Luigi Alfredo Grieco, and Alberto Coen-Porisini","author":"Sicari Sabrina","year":"2015","unstructured":"Sabrina Sicari, Alessandra Rizzardi, Luigi Alfredo Grieco, and Alberto Coen-Porisini. 2015. Security, privacy and trust in Internet of Things: The road ahead. Computer networks, Vol. 76 (2015), 146--164."},{"key":"e_1_3_2_2_45_1","unstructured":"Certificate Transparency. 2023. Google's Certificate Transparency project. (2023). https:\/\/certificate.transparency.dev\/."},{"key":"e_1_3_2_2_46_1","volume-title":"The impact of dos attacks onresource-constrained iot devices: A study on the mirai attack. arXiv preprint arXiv:2104.09041","author":"Tushir Bhagyashri","year":"2021","unstructured":"Bhagyashri Tushir, Hetesh Sehgal, Rohan Nair, Behnam Dezfouli, and Yuhong Liu. 2021. The impact of dos attacks onresource-constrained iot devices: A study on the mirai attack. arXiv preprint arXiv:2104.09041 (2021)."},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.110609"},{"key":"e_1_3_2_2_48_1","volume-title":"Retrieved","author":"WIKIPEDIA.","year":"2023","unstructured":"WIKIPEDIA. 2023. OpenSSL. (2023). Retrieved September 2023 from https:\/\/en.wikipedia.org\/wiki\/OpenSSL"},{"key":"e_1_3_2_2_49_1","unstructured":"Ben Wilson. 2020. Reducing TLS Certificate Lifespans to 398 Days. (2020). https:\/\/blog.mozilla.org\/security\/2020\/07\/09\/reducing-tls-certificate-lifespans-to-398-days\/."},{"key":"e_1_3_2_2_50_1","volume-title":"wolfSSL change log. (2023). Retrieved","author":"SSL.","year":"2023","unstructured":"wolfSSL. 2023. wolfSSL change log. (2023). Retrieved September 2023 from https:\/\/github.com\/wolfSSL\/wolfssl\/blob\/master\/ChangeLog.md"},{"key":"e_1_3_2_2_51_1","unstructured":"Wyze. 2021. Open Source Software. (2021). https:\/\/support.wyze.com\/hc\/en-us\/articles\/360012546832-Open-Source-Software."},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-30505-9_2"},{"key":"e_1_3_2_2_53_1","volume-title":"OpenSSL verion 1.0.0: Security vulnerabilities. (2023). Retrieved","author":"\u00d6zkan Serkan","year":"2023","unstructured":"Serkan \u00d6zkan. 2023. OpenSSL verion 1.0.0: Security vulnerabilities. (2023). Retrieved September 2023 from https:\/\/www.cvedetails.com\/vulnerability-list\/vendor_id-217\/product_id-383\/version_id-453965\/Openssl-Openssl-1.0.0.html\/"}],"event":{"name":"IMC '23: ACM Internet Measurement Conference","location":"Montreal QC Canada","acronym":"IMC '23","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 2023 ACM on Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624815","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3618257.3624815","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3618257.3624815","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T13:16:44Z","timestamp":1755868604000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3618257.3624815"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,24]]},"references-count":53,"alternative-id":["10.1145\/3618257.3624815","10.1145\/3618257"],"URL":"https:\/\/doi.org\/10.1145\/3618257.3624815","relation":{},"subject":[],"published":{"date-parts":[[2023,10,24]]},"assertion":[{"value":"2023-10-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}