Security Economics in the HTTPS Value Chain
Even though the authors increasingly rely on HTTPS to secure Internet communications, several landmark incidents in recent years have illustrated that its security is deeply flawed. They present an extensive multi-disciplinary analysis that examines how the systemic vulnerabilities of the HTTPS authentication model could be addressed. They conceptualize the security issues from the perspective of the HTTPS value chain. They then discuss the breaches at several Certificate Authorities (CAs). Next, they explore the security incentives of CAs via the empirical analysis of the market for SSL certificates, based on the SSL Observatory dataset.