中文摘要：

SSL协议由于易于部署以及集成在Web浏览器中的天然属性,被广泛应用于保障网页浏览、电子邮件、文件传输等应用服务的信息传输安全,其中最典型的应用是HTTPS.然而,实践中往往由于HTTPS服务的部署存在问题,比如服务器采用自签名X.509证书等,给用户带来严重的安全威胁,包括信息遭窃取、用户身份和行为隐私泄露等.本文从标识服务器身份的X.509证书出发,通过对真实环境HTTPS服务端证书的大范围测量和分析来揭示采用自签名证书的HTTPS服务存在的应用服务类型泄露问题,以及由此引起的用户网络行为隐私泄露威胁.针对大规模真实环境中用户网络行为的测量分析和海量日志挖掘结果表明,X.509自签名证书提供了较强区分服务器加密应用类型的身份信息,加密HTTPS应用服务器的身份隐藏手段在很大程度上可以通过统计行为分析来识破,提供相同或相似的特定应用服务的服务器的被正确分类的准确率最高可达95％.

英文摘要：

The SSL protocol has been widely used to secure web browsing,e-mail,file transfer and other applications due to its ease of deployment and the natural attribute of being built in web browsers,and HTTPS is the most typical example of its applications.However,improper implementation of HTTPS itself in practice,such as a server using self-signed X.509 certificate,may cause serious security threats to users,including information theft,user identity and behavior leakage,etc.This paper reveals HTTPS application type leakage issue and user behavior privacy risks caused by it from the perspective of X.509 certificates,through extensive real server certificates measurement and analysis.Experiments results of detailed analysis and data mining of real users＇ network behavior logs show that X.509 self-signed certificates provide strong identity information to distinguish different types of encrypted applications,the server identity hidden measures of encrypted web applications inside HTTPS can be largely broken by statistical analysis,and servers offering the same kind of or similar special application services can be correctly classified with an accuracy of 95％.