Certificate Transparency Monitoring System for Cyber Risk Analysis
| dc.contributor.author | Mattioli, Lorenzo | |
| dc.contributor.department | fi=Tietotekniikan laitos|en=Department of Computing| | |
| dc.contributor.faculty | fi=Teknillinen tiedekunta|en=Faculty of Technology| | |
| dc.contributor.studysubject | fi=Information and Communication Technology|en=Information and Communication Technology| | |
| dc.date.accessioned | 2026-07-02T19:31:26Z | |
| dc.date.issued | 2026-06-23 | |
| dc.description.abstract | Domain-based attacks, such as phishing and brand impersonation, represent a critical and growing threat to modern organizations. Certificate Transparency (CT) logs offer a powerful source of early-stage detection intelligence, as every publicly trusted TLS certificate must be recorded in a public cryptographic ledger before it can be operationalized. However, existing monitoring solutions suffer from indexing backlogs, incomplete coverage, arbitrary result limitations, and an inherent opacity that prevents independent verification of their outputs. This thesis designs, implements and evaluates a cloud-native Certificate Transparency monitoring system tailored to enterprise cyber risk assessment. The architecture combines a Go-based ingestion engine, AWS S3 Express One Zone tile storage, and a DynamoDB domain index, enforcing cryptographic integrity through a verify-on-write model based on a patched Tesseract CT server. A seven-day stress test across 48 CT logs and 180 million certificates validated the system’s scalability, network resilience, and integrity guarantees, demonstrating that organizations can achieve full operational sovereignty over their CT-derived threat intelligence without relying on third-party providers. | |
| dc.format.extent | 131 | |
| dc.identifier.uri | https://www.utupub.fi/handle/11111/62669 | |
| dc.identifier.urn | URN:NBN:fi-fe20260701107638 | |
| dc.language.iso | eng | |
| dc.rights | fi=Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.|en=This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.| | |
| dc.rights.accessrights | avoin | |
| dc.subject | certificate transparency | |
| dc.subject | cyber risk assessment | |
| dc.subject | cryptographic verification | |
| dc.subject | cloud-native architecture | |
| dc.subject | operational sovereignty | |
| dc.title | Certificate Transparency Monitoring System for Cyber Risk Analysis | |
| dc.type.ontasot | fi=Diplomityö|en=Master's thesis| |
Tiedostot
1 - 1 / 1