Tracking Invalid Certificates

The previous study (Measuring and Applying Invalid SSL Certificates: The Silent Majority) showed that 88% of the certificates scanned from IPv4 spaces are invalid. However, this study was conducted 4 years ago where CAs mainly issue certificates and administrators configure TLS settings manually. Now, the certificate ecosystem has been completely changed as the majority of certificates are issued in an automated way overcoming many barriers such as financial or configuration cost.

It would be interesting to see how the ecosystem of invalid certificates has been changed since last few years.

Security protocols reachability via IPv4 and IPv6

Due to the shortage of IPv4 spaces, IPv6 address was introduced and Google reported that about 35% of the users access Google over IPv6. On a security perspective, Internet resources are dependent each other and some security protocols such as TLS, DNSSEC (authoritative servers), DANE (SMTP servers and their TLSA records) may not have been supported over IPv6 yet. It would be interesting to study the security protocol deployment through the lens of IPv6 spaces.

Turning DNS Resolvers into Distributed Databases

DNSSEC as a C&C communication

Other PKI protocols not covered in the Class

There are some security protocols which are not covered from the class, which includes

Other works for Reproducibility

You can reproduce the results by an earlier publication; You must compare the original work that has been published before and your analylsis and discuss the results.

The topic has be related with PKI and here are some examples published at IMC'19. https://conferences.sigcomm.org/imc/2019/posters/ (Note: please do not work on the DNSSEC study that Spencer Roth conducted)