Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor
Cryptography across industry sectors
Buchanan, William J; Woodward, Alan; Helme, Scott
Authors
Alan Woodward
Scott Helme
Abstract
Security adoption varies across industry sectors, where some companies such as Google, Apple and Microsoft are strong advocates of the adoption of HTTPS, while other companies, especially for news sites, have weak adoption. This paper provides a sample analysis of the Top 500 Websites within Alexa Top 1 Million sites for industry sectors, and analyses their HTTP responses, such as in the cryptography methods used and the usage of Content-Security-Policy. It concludes that the adoption of security is strongest within Computers industry sector, while it is much weaker within News and Sports. The paper also shows that the most popular method for creating a Secure Socket Layer tunnel is Elliptic Curve Diffie–Hellman with RSA for the key exchange, 256-bit AES GCM for the encryption of the stream and 384-bit SHA for hashing. It does highlight worrying signs of the usage of wellknown weak cryptography methods, such as for Diffie–Hellman, RC4, MD5 and DES. With the adoption of the Let’s Encrypt digital certificate, the paper shows that the industry sector that has most traction is in Adult sites, and its adoption is much lower in more business-focused industry areas.
Citation
Buchanan, W. J., Woodward, A., & Helme, S. (2017). Cryptography across industry sectors. Journal of Cyber Security Technology, 1(3-4), 145-162. https://doi.org/10.1080/23742917.2017.1327221
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Jun 1, 2017 |
| Publication Date | Jun 1, 2017 |
| Deposit Date | Jun 1, 2017 |
| Journal | Journal of Cyber Security Technology |
| Print ISSN | 2374-2917 |
| Electronic ISSN | 2374-2925 |
| Publisher | Taylor & Francis |
| Peer Reviewed | Peer Reviewed |
| Volume | 1 |
| Issue | 3-4 |
| Pages | 145-162 |
| DOI | https://doi.org/10.1080/23742917.2017.1327221 |
| Keywords | Cipher suite; HTTP headers; content security policy; HSTS; HPKP |
| Public URL | http://researchrepository.napier.ac.uk/Output/857161 |
You might also like
Securing IoT: Mitigating Sybil Flood Attacks with Bloom Filters and Hash Chains
(2024)
Journal Article
An omnidirectional approach to touch-based continuous authentication
(2023)
Journal Article
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search