Mutually Agreed Norms for Routing Security (MANRS): an analysis of uptake in the EU - March 2022

The actions proposed by the Mutually Agreed Norms for Routing Security (MANRS) initiative aim to strengthen the security of the global Internet routing system, thus improving the interoperability, scalability, stability, and security of the Internet. This report provides an overview of the current level of adoption of routing standards, including MANRS actions, in Q1 2022 across EU Member States, as well as globally. The analysis of the level of uptake of routing standards has been carried out using publicly available data.JRC.E.3 - Cyber and Digital Citizens' Securit

Domain Name System Security Extensions (DNSSEC) standards: an analysis of uptake in the EU - March 2022

A high level of adoption of Domain Name System Security Extensions (DNSSEC) is essential to protect the integrity of the Domain Name System (DNS) Internet infrastructure to ensure the interoperability and security of the global cyberspace. This report provides an analysis of the level of adoption of DNSSEC in Q1 2022 across EU Member States and globally, using data publicly available as well as from measurements conducted by the European Commission’s Joint Research Centre. The report also presents an analysis of the following additional standards designed to protect the confidentiality of DNS communications, namely DNS over TLS (DoT), DNS over HTTPS (DoH) and DNS over QUIC (DoQ).JRC.E.3 - Cyber and Digital Citizens' Securit

Domain Name System Security Extensions (DNSSEC) standards: an analysis of uptake in the EU

A high level of adoption of Domain Name System Security Extensions (DNSSEC) is essential to protect the integrity of the Domain Name System (DNS) Internet infrastructure to ensure the interoperability and security of the global cyberspace. This report provides an analysis of the level of adoption of DNSSEC in Q3 2022 across EU Member States and globally. The report also presents an analysis of the usage of DNS resolvers in the EU and globally. Our findings show that the level of adoption of all standards is similar to the previous measurement period (Q1 2022), with a medium degree of users validating DNSSEC-signed responses in the order of 30 to 40%.JRC.T.2 - Cybersecurity and Digital Technologie

Mutually Agreed Norms for Routing Security (MANRS): an analysis of uptake in the EU

The actions proposed by the Mutually Agreed Norms for Routing Security (MANRS) initiative aim to strengthen the security of the global Internet routing system, thus improving the interoperability, scalability, stability, and security of the Internet. This report provides an overview of the current level of adoption of routing standards, including MANRS actions, in Q3 2022 across EU Member States, as well as globally. The analysis of the level of uptake of routing standards has been carried out using publicly available data. Our findings demonstrate that the level of adoption of MANRS actions is similar to the previous measurement period (Q1 2022), showing that EU-based network operators have a very high average degree of MANRS readiness while, on the other hand, the uptake of MANRS from Internet Exchange Points is low.JRC.T.2 - Cybersecurity and Digital Technologie

Web communication standards: an analysis of uptake in the EU - March 2022

The broad deployment of Hypertext Transfer Protocol (HTTP)-related standards (such as, HTTPS, HTTP/3 and HTTP security response headers) is imperative for ensuring the interoperability, security, scalability and stability of the Internet. This report studies the adoption rate of modern HTTP-related technologies, namely HTTP Secure (HTTPS), the latest version of HTTP, i.e., HTTP/3, and HTTP Strict Transport Security (HSTS) response header in Q1 2022 across EU Member States, as well as globally. The analysis of the level of uptake of HTTPS and HTTP/3 has been carried out using publicly available data, whereas the HSTS analysis is based on data both publicly available and from measurements conducted by the European Commission’s Joint Research Centre.JRC.E.3 - Cyber and Digital Citizens' Securit

Keep your memory dump shut: Unveiling data leaks in password managers

Password management has long been a persistently challenging task. This led to the introduction of password management software, which has been around for at least 25 years in various forms, including desktop and browser-based applications. This work assesses the ability of two dozen password managers, 12 desktop applications, and 12 browser-plugins, to effectively protect the confidentiality of secret credentials in six representative scenarios. Our analysis focuses on the period during which a Password Manager (PM) resides in the RAM. Despite the sensitive nature of these applications, our results show that across all scenarios, only three desktop PM applications and two browser plugins do not store plaintext passwords in the system memory. Oddly enough, at the time of writing, only two vendors recognized the exploit as a vulnerability, reserving CVE-2023-23349, while the rest chose to disregard or underrate the issue

Web communication standards: an analysis of uptake in the EU

The broad deployment of Hypertext Transfer Protocol (HTTP)-related standards (such as, HTTPS, HTTP/3 and HTTP security response headers) is imperative for ensuring the interoperability, security, scalability and stability of the Internet. This report studies the adoption rate of modern HTTP-related technologies, namely HTTP Secure (HTTPS), the latest version of HTTP, i.e., HTTP/3, and HTTP Strict Transport Security (HSTS) response header in Q3 2022 across EU Member States, as well as globally. The analysis of the level of uptake of web communication standards has been carried out using publicly available data. Our findings show that the level of adoption of all standards is similar to the previous measurement period (Q1 2022), with HTTPS having high adoption rates, whereas HTTP/3 and HSTS still showing low uptake.JRC.T.2 - Cybersecurity and Digital Technologie

IPv6 standard: an analysis of uptake in the EU - March 2022

The adoption of Internet Protocol version 6 (IPv6), the next version of the widely used IPv4, is key to ensure the interoperability, scalability, stability, and security of the Internet. This report provides an overview of the current level of adoption of the IPv6 protocol in Q1 2022 across EU Member States, compared to the global adoption status. The analysis uses a set of publicly available data sources for estimating the rate of adoption of IPv6 across two dimensions: (a) end-user adoption, i.e. end-user hosts capable of using IPv6 to connect to the Internet, and (b) server-side adoption, i.e. Internet services that can operate over IPv6.JRC.E.3 - Cyber and Digital Citizens' Securit

Email communication security standards: an analysis of uptake in the EU - March 2022

Ensuring the interoperability and security of email communications is one of the cornerstones of a resilient and open Internet. In this context, the wide adoption of key Internet security standards, such as StartTLS, SPF, DKIM, DMARC, DANE and DNSSEC, is essential for a safe cyberspace for everyone. This report assesses the level of uptake of the above set of standards in Q1 2022 across EU Member States, comparing it to the global status. The analysis uses data from publicly available data sources and assessment tools, as well as from measurements conducted by the European Commission’s Joint Research Centre.JRC.E.3 - Cyber and Digital Citizens' Securit

IPv6 standard: an analysis of uptake in the EU

The adoption of Internet Protocol version 6 (IPv6), the next version of the widely used IPv4, is key to ensure the interoperability, scalability, stability, and security of the Internet. This report provides an overview of the current level of adoption of the IPv6 protocol in Q3 2022 across EU Member States, compared to the global adoption status. The analysis uses a set of publicly available data sources for estimating the rate of adoption of IPv6 across two dimensions: (a) end-user adoption, i.e. end-user hosts capable of using IPv6 to connect to the Internet, and (b) server-side adoption, i.e. Internet services that can operate over IPv6. Our findings show that the level of adoption of IPv6 is similar to the previous measurement period (Q1 2022), with end-user adoption reaching 30% and server-side 14% in the EU. These adoption rates are low, especially on the server-side, considering also that IPv4 addresses have already been depleted.JRC.T.2 - Cybersecurity and Digital Technologie