Digital Key Research Hub

Our goal is to analyze the deployment and management of digital keys across various systems and gain insights to enhance Internet security.

Here, we provide summary of our research along with corresponding artifacts, including analysis code and datasets.

All research is conducted by the network security research group, supervised by Yixin Sun at the University of Virginia.

---

List of projects:

• Certificate chain structure and usage analysis (IMC'25): We aim to analyze the structure and usage of TLS certificate chains issued by non-public issuers using one year of campus network traffic. Our study uncovers previously unexamined chain configurations beyond public CAs, identifies unnecessary certificates that may cause validation inconsistencies, and highlights a shift toward automated, standards-aligned certificate management (e.g., Let’s Encrypt).

• DNS HTTPS record measurement (IMC'24): We aim to analyze the deployment trends and characteristics of HTTPS records by scanning Tranco domains (server-side). Additionally, we examine browser support for HTTPS records and identify related client-side behaviors.

• Mutual TLS and certificate analysis (IMC'24): We aim to investigate the prevalence and characteristics of mutual TLS connections, including potential services and patterns of certificate usage. Additionally, we examine security concerns, non-standard behaviors in certificate sharing, and privacy implications of sensitive information in mutual TLS certificates.

• IoT TLS and certificate analysis (IMC'23): We aim to investigate the TLS configurations and server certificate management practices of IoT device vendors. Using a large-scale, crowdsourced dataset of IoT device network traffic, we analyze the customization and heterogeneity of TLS libraries, potential security vulnerabilities, and private CA practices in IoT PKI, aiming to highlight security risks and encourage best practices.

Members:

• Yixin Sun, Assistant Professor, University of Virginia
• Yizhe Zhang, PhD Candidate, University of Virignia
• Hyeonmin Lee, Postdoctoral Research Associate, University of Virginia
• Hongying Dong, PhD, University of Virginia (now graduated)