-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
317 lines (304 loc) · 18.7 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="author" content="Pouyan Fotouhi Tehrani">
<link href="assets/css/bootstrap.min.css" rel="stylesheet">
<link href="assets/css/main.css" rel="stylesheet">
<link href="assets/css/fontawesome.all.min.css" rel="stylesheet">
<title>Secure Communication of Alerting Authorities | Security Now!</title>
</head>
<body class="d-flex bg-light" data-active-page="home">
<div class="container p-3 mx-auto">
<div class="row">
<header>
<div>
<h1 class="logo display-6 float-md-start mb-0">SecNow!</h1>
<nav class="nav nav-masthead justify-content-center float-md-end">
<a class="nav-link active" aria-current="page" href="/">Home</a>
<a class="nav-link" href="#reports">Alerting Authority Browser</a>
<a class="nav-link" href="#paper">Paper</a>
<a class="nav-link" href="#about">Contact</a>
</nav>
</div>
</header>
</div>
<div id="home">
<main class="row row-cols-sm-1 px-3 mb-3 mt-5">
<div class="box h-100 w-100">
<div class="box-title">Synopsis</div>
<div class="row row-cols-lg-1 row-cols-xl-2 px-3 mb-3 align-items-stretch">
<div class="col-sm-12">
<p class="fs-3 text-justify">
During disasters, crisis, and emergencies the public relies on online services provided
by official authorities to receive <u class="success">timely alerts, trustworthy
information, and access to relief programs</u>. It is therefore crucial for the
authorities to <u class="danger">reduce risks</u> when accessing their online services.
This includes catering to <u class="primary">secure identification of service, secure
resolution of name to network service, and content security and privacy</u> as a
minimum base for trustworthy communication.
</p>
<div id="goto-reports">
<a href="#reports" class="text-decoration-none link-dark">
<hr>
<p class="text-center">
<strong class="fs-2">
We analyzed Alerting Authorities in the US and published their <u
class="primary">assurance profiles here</u>.
</strong>
</p>
<hr>
</a>
</div>
</div>
<div class="col-sm-12">
<a href="assets/static/www2021-alerting-authorities.pdf"><img src="assets/img/main.png"
class="w-100"></a>
</div>
</div>
</div>
</main>
</div>
<div id="reports">
<main class="row row-cols-sm-1 row-cols-md-2 px-3 mb-3 align-items-stretch">
<div id="summary" class="col-sm-12 mt-5">
<div class="box h-100">
<div class="box-title">Summary</div>
<form>
<div class="mb-3">
<label for="hostnames" class="form-label">Alerting Authority</label>
<select id="hostnames" class="form-select" disabled>
<option>Select</option>
</select>
</div>
</form>
<div id="aa" class="text-break" hidden>
<strong><span id="aa-name"></span></strong> is accessible under <a id="aa-url" href=""></a>.
It's domain name <strong id="aa-hostname"></strong> is registered under .<strong
id="aa-pubsuf"></strong>, a <strong id="aa-pubsuf-type"></strong>.
It is <u id="aa-dnssec-not" class="danger">not</u> securely delegated (DNSSEC)<strong
id="aa-dnssec-parent-not"> and its top level domain <u class="danger">neither</u>
supports DNSSEC</strong>.
<div id="aa-ssl">
<span class="enabled">
Transport layer security is <u class="success">enabled</u> for this host <strong
class="valid">with a <u class="success">valid</u> certificate.</strong>
<span class="invalid">
but with an
<u class="danger">invalid</u>
certificate.
</span>
Provided certificate is a(n) <u id="aa-cert-type"></u> certificate.
</span>
<span class="disabled">
Transport layer security protocol (SSL/TLS) is <u class="danger">not</u> enabled
for this host!
</span>
</div>
<!-- <hr>
<h4 id="verdict">Verdict:</h4>
<div class="verdict-body"></div> -->
</div>
</div>
</div>
<div id="details" class="col-sm-12 mt-5 show-help">
<div class="box h-100">
<div class="box-title">Details</div>
<div class="help d-flex align-items-center h-100 w-100 text-muted">
<div class="text-center text-uppercase w-100 fs-4"><i
class="d-none d-md-block fas fa-arrow-circle-left me-2"></i><i
class="d-block d-md-none fas fa-arrow-circle-up me-2"></i>Select an Alerting
Authority…</div>
</div>
<div id="assurance-id" class="card mb-2">
<div class="card-header">
<h5>Identification</h5>
</div>
<div class="card-body">
<p class="card-text"></p>
</div>
<template id="id-restricted-tld">
Your domain name is registered under a <u class="success">restricted top-level domain
(TLD)</u> and as such provides the first hint about its owner (e.g., <span
class="font-monospace">.edu</span> TLD is only reserved for higher education
institutes).
</template>
<template id="id-unrestricted-tld">
The usage of <u class="warning">unrestricted top level domain (TLD)</u> names is an
enabler for impersonation through name spoofing.
</template>
<template id="id-good-cert">
An <u class="success">organization or extended validation (OV/EV)</u> certificate
provides adequate identification information.
</template>
<template id="id-not-good-cert">
A <u class="warning">domain validation (DV)</u> certificate lacks identification
information.
</template>
<template id="id-not-good-cert-no-dnssec">
Moreover, <u class="danger">lack of DNSSEC</u> can lead to DV certificate misissuance.
</template>
<template id="id-no-dnssec">
Finally, <u class="danger">insecure domain names</u> (no DNSSEC) are susceptible to
hijacking and can lead to forwarding to malicious hosts regardless of the certificate
provided.
</template>
</div>
<div id="assurance-res" class="card mb-2">
<div class="card-header">
<h5>Resolution</h5>
</div>
<div class="card-body">
<p class="card-text"></p>
</div>
<template id="res-dnssec">
Using <u class="success">DNSSEC</u> you can make sure that security-aware resolvers
would detect any resolution manipulation attempts.
</template>
<template id="res-no-dnssec">
You don't seem to have DNSSEC enabled (verify <a class="dnsviz" href="">here</a>) and as
such susceptible to DNS hijacking.
</template>
<template id="res-no-dnssec-good-cert">
However, if users manage to reach the correct host, the provided <u
class="success">OV/EV</u> certificate can prove that correct binding of domain name
and its host.
</template>
</div>
<div id="assurance-trans" class="card mb-2">
<div class="card-header">
<h5>Transaction</h5>
</div>
<div class="card-body">
<p class="card-text"></p>
</div>
<template id="trans-verified-cert">
You are using a valid certificate and as such transactions with users are secure against
eavesdropping or manipulation.
</template>
<template id="trans-bad-cert">
The certificate that you are providing could not be verified (see <a class="ssllabs"
href="">here</a>), thus endangering the transaction security.
</template>
<template id="trans-no-ssl">
You failed to enable transport security protocol and as such transactions with users are
susceptible to eavesdropping or manipulation.
</template>
</div>
</div>
</div>
<div class="col-12">
<br />* You can also download the raw data and our toolchain <a
href="https://zenodo.org/record/4300947">on zenodo</a>.
</div>
</main>
</div>
<div id="paper">
<main class="h-100 row row-cols-sm-1 px-3 mb-3 mt-5">
<div class="box h-100 w-100">
<div class="box-title">Reference</div>
<div class="row row-cols-lg-1 row-cols-xl-2 px-3 mb-3 align-items-stretch h-100">
<div class="col-sm-12">
<p class="fs-3 text-justify">
You can download the full study <a
href="assets/static/www2021-alerting-authorities.pdf">here</a>.
</p>
<p class="fs-3 text-justify">
If you cite this study, use <a href="https://zenodo.org/record/4300947">data or
tools</a>, please, refer as follows:
</p>
<p class="fs-4 text-justify font-monospace bg-white border p-3">
Pouyan Fotouhi Tehrani, Eric Osterweil, Jochen H. Schiller, Thomas C. Schmidt, Matthias
Wählisch, <a href="assets/static/www2021-alerting-authorities.pdf">Security of
Alerting Authorities in the WWW: Measuring Namespaces DNSSEC and Web PKI</a>, In: <u
class="warning">Proceedings of The Web Conference 2021 (WWW '21)</u>, New York, USA:
ACM, 2021.
</p>
</div>
<div class="col-sm-12">
<a href="assets/static/www2021-alerting-authorities.pdf"><img src="assets/img/main.png"
class="w-100"></a>
</div>
</div>
</div>
</main>
</div>
<div id="about">
<main class="row row-cols-sm-1 px-3 mb-3 mt-5">
<div class="box h-100 w-100">
<div class="box-title">Contact</div>
<div class="row row-cols-lg-1 row-cols-xl-2 px-3 mb-3 align-items-stretch">
<div class="col-sm-12">
<p class="fs-3 text-justify">
This project is the result of an interdisciplinary cooperation of <a
href="https://www.weizenbaum-institut.de/en/">Weizenbaum-Institut for the Networked
Society</a>, <a href="https://www.fokus.fraunhofer.de/en">Fraunhofer FOKUS</a>, <a
href="https://www.fu-berlin.de/en/index.html">Freie Universität Berlin</a>, <a
href="https://www.haw-hamburg.de/en/">Hamburg University of Applied Sciences</a>,
and <a href="https://www2.gmu.edu/">George Mason University</a>.
</p>
<br />
<p class="fs-4 text-justify">In case of questions, please, contact <a
href="https://www.weizenbaum-institut.de/en/portrait/p/pouyan-fotouhi-tehrani/">Pouyan
Fotouhi Tehrani</a>.</p>
</div>
<div class="col-sm-12">
<ul class="list-group">
<li class="list-group-item head">
<div class="head-img pft rounded-circle float-start"></div>
<p class="mt-4"><a
href="https://www.weizenbaum-institut.de/en/portrait/p/pouyan-fotouhi-tehrani/">Pouyan
Fotouhi Tehrani</a>
PhD-Candidate at <em>The
Weizenbaum Institute for the Networked Society.</em>
</p>
</li>
<li class="list-group-item head">
<div class="head-img eo rounded-circle float-start"></div>
<p class="mt-4">
<a href="https://cs.gmu.edu/~eoster/index.html">Eric Osterweil</a>
Assistant Professor, Department of Computer Science at <em>George Mason
University.</em>
</p>
</li>
<li class="list-group-item head">
<div class="head-img js rounded-circle float-start"></div>
<p class="mt-4">
<a
href="https://www.mi.fu-berlin.de/inf/groups/ag-tech/staff/0Current/schiller.html">Jochen
Schiller</a>
Professor, Instiute of Computer Science at <em>Freie Universität
Berlin.</em>
</p>
</li>
<li class="list-group-item head">
<div class="head-img tcs rounded-circle float-start"></div>
<p class="mt-4">
<a href="https://users.informatik.haw-hamburg.de/~schmidt/">Thomas C.
Schmidt</a>
Professor, Department of Informatik at <em>Hamburg
University of Applied Sciences.</em>
</p>
</li>
<li class="list-group-item head">
<div class="head-img mw rounded-circle float-start"></div>
<p class="mt-4">
<u><a
href="https://www.mi.fu-berlin.de/en/inf/groups/ilab/members/waehlisch.html">Matthias
Wählisch</a></u>
Professor, Institute of Computer Science at <em>Freie Universität
Berlin.</em>
</p>
</li>
</ul>
</div>
</div>
</div>
</main>
</div>
<script src="assets/js/main.js"></script>
<script src="assets/js/bootstrap.bundle.min.js"></script>
</div>
</body>
</html>