Alexandra Dirksen is an ICFP fellow in collaboration with Censored Planet. She is a PhD student at the Institute of Application Security (TU Braunschweig, Germany) and investigates the presence of covert state-level attackers on the Web PKI.
Web PKI is designed to protect users’ communications on the Internet from being intercepted by malicious actors. However, if a legitimate controller of a subset of the network infrastructure becomes malicious, they can abuse their power to circumvent the protection of web PKI and, for example, surveil internet users within their reach. This type of attack is called HTTPS Interception, and attempts to legalize this practice by governments have already been documented (for example, Mauritius, Kazakhstan, China). Thanks to the intervention of Web Browser providers, these attacks have been unsuccessful, as far as is known. During her fellowship, Alexandra plans to examine the global state of web PKI, specifically certificates deployed worldwide. She is working on a cross-regional collection of certificates, the close examination of which could reveal anomalies in the Web PKI. Such anomalies may also contain circumstantial evidence of further, previously unknown HTTPS interception attempts, which should be investigated further.