{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T04:41:25Z","timestamp":1769920885301,"version":"3.49.0"},"reference-count":24,"publisher":"Association for Computing Machinery (ACM)","issue":"10","license":[{"start":{"date-parts":[[2024,9,26]],"date-time":"2024-09-26T00:00:00Z","timestamp":1727308800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2024,10]]},"abstract":"Web access involves various protocols to resolve domain names to IP addresses, establish data exchange channels with Web servers, and to authenticate communication partners. Each protocol has its own set of requirements and security measures. In addition to technical features, operating the Web also introduces organizational and political aspects which are important to consider when deploying a secure basis for Web-based communication.<\/jats:p>\n \n In this paper, we propose an algorithmic security model based on the widely deployed technologies DNS(SEC) and Web PKI to cover the three dimensions\n identification<\/jats:italic>\n ,\n resolution<\/jats:italic>\n , and\n transaction<\/jats:italic>\n . Our model enables quantification and qualification of the security assurance provided by an online service provider. To verify the applicability of our model, we investigate the online presence of\n Alerting Authorities<\/jats:italic>\n in the U.S., selected\n German Emergency Service<\/jats:italic>\n providers, and\n UN member states<\/jats:italic>\n . We observe partially enhanced security relative to global Internet trends, yet find cause for concern as only about 6% of unique hosts cater to secure resolution. About 46% of investigated organizations use shared certificates with 1% of all organizations having no or invalid certificates. Two thirds of organizations are not uniquely identifiable and as such lack the basic requirement of trustworthy communication.\n <\/jats:p>","DOI":"10.1145\/3623292","type":"journal-article","created":{"date-parts":[[2024,8,5]],"date-time":"2024-08-05T23:15:18Z","timestamp":1722899718000},"page":"83-90","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["A Security Model for Web-Based Communication"],"prefix":"10.1145","volume":"67","author":[{"given":"Pouyan Fotouhi","family":"Tehrani","sequence":"first","affiliation":[{"name":"Weizenbaum Institute \/ Fraunhofer FOKUS, Berlin, Germany"}]},{"given":"Eric","family":"Osterweil","sequence":"additional","affiliation":[{"name":"George Mason University, Fairfax, VA, USA"}]},{"given":"Thomas C.","family":"Schmidt","sequence":"additional","affiliation":[{"name":"HAW Hamburg, Hamburg, Germany"}]},{"given":"Matthias","family":"W\u00e4hlisch","sequence":"additional","affiliation":[{"name":"TU Dresden, Dresden, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,9,26]]},"reference":[{"key":"e_1_3_1_2_2","first-page":"2473","volume-title":"Proc. of the 2019 ACM SIGSAC CCS","author":"Aas J.","year":"2019","unstructured":"Aas, J. et al. Let\u2019s Encrypt: An automated certificate authority to encrypt the entire Web. In Proc. of the 2019 ACM SIGSAC CCS. ACM Press, New York, NY, USA, 2019, 2473\u20132487."},{"key":"e_1_3_1_3_2","first-page":"257","volume-title":"Proc. of 22nd USENIX Security Symp.","author":"Akhawe D.","year":"2013","unstructured":"Akhawe, D. and Felt, A.P. Alice in warningland: A large-scale field study of browser security warning effectiveness. In Proc. of 22nd USENIX Security Symp. USENIX Association, 2013, 257\u2013272."},{"key":"e_1_3_1_4_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978301"},{"key":"e_1_3_1_5_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(01)00710-6"},{"key":"e_1_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/2987443.2987454"},{"key":"e_1_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241291"},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131373"},{"key":"e_1_3_1_9_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23305"},{"key":"e_1_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_1_11_2","first-page":"174","volume-title":"Proc. of the 2015 10th ARES","author":"Fadai T.","year":"2015","unstructured":"Fadai, T., Schrittwieser, S., Kieseberg, P., and Mulazzani, M. Trust me, I\u2019m a root CA! Analyzing SSL root CAs in modern browsers and operating systems. In Proc. of the 2015 10th ARES. IEEE Press, 2015, 174\u2013179."},{"key":"e_1_3_1_12_2","first-page":"1","volume-title":"Proc. of 15th SOUPS","author":"Felt A.P.","year":"2019","unstructured":"Felt, A.P. et al. Rethinking connection security indicators. In Proc. of 15th SOUPS. USENIX Association, 2019, 1\u201314."},{"key":"e_1_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450033"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3338466.3358917"},{"key":"e_1_3_1_15_2","first-page":"427","volume-title":"Proc. of the ACM IMC \u201911","author":"Holz R.","year":"2011","unstructured":"Holz, R., Braun, L., Kammenhuber, N., and Carle, G. The SSL landscape \u2013 A thorough analysis of the X.509 PKI using active and passive measurement. In Proc. of the ACM IMC \u201911. ACM Press, New York, NY, USA, 2011, 427\u2013444."},{"key":"e_1_3_1_16_2","unstructured":"ICANN Research. TLD DNSSEC Report Jan. 2022."},{"key":"e_1_3_1_17_2","first-page":"1339","volume-title":"Proc. of the 26th USENIX Security Symp.","author":"Krombholz K.","year":"2017","unstructured":"Krombholz, K., Mayer, W., Schmiedecker, M., and Weippl, E. \u2018I have no idea what I\u2019m doing\u2019 \u2013 on the usability of deploying HTTPS. In Proc. of the 26th USENIX Security Symp. USENIX Association, 2017, 1339\u20131356."},{"key":"e_1_3_1_18_2","unstructured":"NIST. Estimating USG IPv6 & DNSSEC External Service Deployment Status Feb. 2022."},{"key":"e_1_3_1_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2022.3195406"},{"key":"e_1_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376298"},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363188"},{"key":"e_1_3_1_22_2","first-page":"5","volume-title":"Proc. of 16th SOUPS","author":"Roberts R.","year":"2020","unstructured":"Roberts, R. et al. Mental models of domain names and URLs. In Proc. of 16th SOUPS. USENIX Association, Aug. 2020, 5."},{"key":"e_1_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00046"},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1177\/1542316619868984"},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36516-4_13"}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3623292","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3623292","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:26Z","timestamp":1750178186000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3623292"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,26]]},"references-count":24,"journal-issue":{"issue":"10","published-print":{"date-parts":[[2024,10]]}},"alternative-id":["10.1145\/3623292"],"URL":"https:\/\/doi.org\/10.1145\/3623292","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"value":"0001-0782","type":"print"},{"value":"1557-7317","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,9,26]]},"assertion":[{"value":"2024-09-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}