TY - GEN
T1 - Understanding the Security of Free Content Websites by Analyzing their SSL Certificates
T2 - 1st International Workshop on Cybersecurity and Social Sciences, CySSS 2022
AU - Alabduljabbar, Abdulrahman
AU - Ma, Runyu
AU - Choi, Soohyeon
AU - Jang, Rhongho
AU - Chen, Songqing
AU - Mohaisen, David
N1 - Publisher Copyright:
© 2022 ACM.
PY - 2022/5/30
Y1 - 2022/5/30
N2 - Online services that provide books, music, movies, etc., for free have existed on the Internet for decades. While there are some common beliefs and warnings that such online services may contain hidden security risks, many ordinary users still visit such websites, making them a convenient vehicle for subsequent exploitation. In this paper, we investigate and quantify through measurements the potential vulnerability of such free content websites (FCWs). For this purpose, we curated 834 FCWs offering books, games, movies, music, and software. For a comparison purpose, we also sampled a comparable number of premium content websites, where users need to pay for using the service for the same type of content. For our modality of analysis, we use SSL certificates. Namely, we explore SSL certificates' structural and fundamental differences between free and premium content websites. Through our analysis, we unveil that 36% of the free websites' certificates have major issues, with 17% invalid certificates, 7% expired, and 12% with mismatched domain names. Moreover, although surprisingly, we uncover the usage of ECDSA predominantly among the free websites. Among other observations, we notice that 38% of the FCWs use ECDSA-256, compared to only 20% of their premium counterparts, which provides better security guarantees (and performance) than the common algorithm option and key size (RSA-2048) in premium websites. Our observations raise concerns regarding the safety of using such free services from a transport standpoint and call for in-depth analysis of their risks.
AB - Online services that provide books, music, movies, etc., for free have existed on the Internet for decades. While there are some common beliefs and warnings that such online services may contain hidden security risks, many ordinary users still visit such websites, making them a convenient vehicle for subsequent exploitation. In this paper, we investigate and quantify through measurements the potential vulnerability of such free content websites (FCWs). For this purpose, we curated 834 FCWs offering books, games, movies, music, and software. For a comparison purpose, we also sampled a comparable number of premium content websites, where users need to pay for using the service for the same type of content. For our modality of analysis, we use SSL certificates. Namely, we explore SSL certificates' structural and fundamental differences between free and premium content websites. Through our analysis, we unveil that 36% of the free websites' certificates have major issues, with 17% invalid certificates, 7% expired, and 12% with mismatched domain names. Moreover, although surprisingly, we uncover the usage of ECDSA predominantly among the free websites. Among other observations, we notice that 38% of the FCWs use ECDSA-256, compared to only 20% of their premium counterparts, which provides better security guarantees (and performance) than the common algorithm option and key size (RSA-2048) in premium websites. Our observations raise concerns regarding the safety of using such free services from a transport standpoint and call for in-depth analysis of their risks.
KW - free content websites
KW - internet measurements
KW - ssl certificates
KW - web security
UR - http://www.scopus.com/inward/record.url?scp=85134482849&partnerID=8YFLogxK
U2 - 10.1145/3494108.3522769
DO - 10.1145/3494108.3522769
M3 - Conference contribution
AN - SCOPUS:85134482849
T3 - CySSS 2022 - Proceedings of the 1st Workshop on Cybersecurity and Social Sciences
SP - 19
EP - 25
BT - CySSS 2022 - Proceedings of the 1st Workshop on Cybersecurity and Social Sciences
PB - Association for Computing Machinery, Inc
Y2 - 30 May 2022
ER -