Research Article

TLS Trust Model Failures in Constrained Networks: A Case Study of In-Flight Connectivity Systems

by  Sri Sowmya Nemani
journal cover
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 187 - Issue 95
Published: April 2026
Authors: Sri Sowmya Nemani
10.5120/ijcafb2d289ee728
PDF

Sri Sowmya Nemani . TLS Trust Model Failures in Constrained Networks: A Case Study of In-Flight Connectivity Systems. International Journal of Computer Applications. 187, 95 (April 2026), 31-34. DOI=10.5120/ijcafb2d289ee728 

                        @article{ 10.5120/ijcafb2d289ee728,
                        author  = { Sri Sowmya Nemani },
                        title   = { TLS Trust Model Failures in Constrained Networks: A Case Study of In-Flight Connectivity Systems },
                        journal = { International Journal of Computer Applications },
                        year    = { 2026 },
                        volume  = { 187 },
                        number  = { 95 },
                        pages   = { 31-34 },
                        doi     = { 10.5120/ijcafb2d289ee728 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2026
                        %A Sri Sowmya Nemani
                        %T TLS Trust Model Failures in Constrained Networks: A Case Study of In-Flight Connectivity Systems%T 
                        %J International Journal of Computer Applications
                        %V 187
                        %N 95
                        %P 31-34
                        %R 10.5120/ijcafb2d289ee728
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

This paper examines how modern TLS trust models interact with constrained network environments, specifically in-flight connectivity (IFC) systems. Through systematic observational analysis of certificate handling on a major domestic airline, a critical gap was documented between operating-system-level certificate validation and application-level certificate pinning. The study identifies three co-occurring conditions that produce this failure: OS trust stores accepting any certificate chaining to a trusted root, applications mandating specific pinned certificates, and captive portals presenting valid certificates for the wrong domain. This research contributes to understanding how legitimate captive portal architectures can inadvertently trigger security warnings that confuse users, break application functionality, and desensitize users to genuine security threats, despite using properly configured PKI infrastructure.

References
  • McIntosh, S., et al. 2016. SSLint: A Tool for Detecting TLS Certificate Issues. Northwestern University Technical Report. https://www.mccormick.northwestern.edu/computer-science/documents/tech-reports/2016/
  • Reaves, B., et al. 2022. An Empirical Study of Certificate Pinning in Mobile Applications. ACM IMC 2022. https://www.cs.umd.edu/~dml/papers/cert_pinning_imc22.pdf
  • SES. 2017. Connected Planes and Smart Systems: A White Paper on Aviation Connectivity. https://www.ses.com/sites/default/files/2017-04/SES_WhitePaper_ConnectedPlanesSmartSystems_April2017_1.pdf
  • NASA. 2020. A Review of Cybersecurity Vulnerabilities for Urban Air Mobility. NASA Technical Report NTRS-20205011115.
  • Phatak, A., et al. 2017. Analysis of In-Flight Wi-Fi Systems. WWW 2017. https://users.cs.northwestern.edu/~jpr123/papers/www-flight.pdf
  • Florida A&M University. n.d. Risk Alert — Airplane WiFi Cyberattacks. Enterprise Risk Management Bulletin. https://www.famu.edu/administration/chief-operating-officer/enterprise_risk_management/
  • Panasonic Avionics. n.d. Next-Generation Wi-Fi Portal for Passenger Connectivity. https://na.panasonic.com/news/panasonic-avionics-launches-next-generation-wi-fi-portal
  • Viasat. n.d. Commercial Aviation In-Flight Connectivity Solutions. https://www.viasat.com/aviation/commercial-aviation/in-flight-connectivity/
  • Atlantis Press. 2021. Cybersecurity Challenges in Aviation Systems. BAMBEL 2021 Proceedings. https://www.atlantis-press.com/proceedings/bambel-21/125960318
  • Kotzias, P., et al. 2021. TLS Ecosystem Measurement Study. Computers & Security. https://www.sciencedirect.com/science/article/abs/pii/S0167404821003400
  • Springer. 2025. Security Challenges in Aviation Digital Networks. Journal of Digital Security. https://link.springer.com/article/10.1007/s12198-025-00311-0
  • Drago, I., et al. 2019. Analysis of TLS Certificate Validation Behavior. PMC6339064. https://pmc.ncbi.nlm.nih.gov/articles/PMC6339064/
  • ArXiv. 2025. TLS Trust Model Analysis in Constrained Systems. arXiv:2504.16897v2. https://arxiv.org/html/2504.16897v2
  • Ambrosin, M., et al. 2018. Network Interception and TLS Validation Conflicts. Ad Hoc Networks. https://www.sciencedirect.com/science/article/abs/pii/S1570870518303007
  • Kumari, W. and Kline, E. 2020. Captive-Portal Identification in DHCP and Router Advertisements (RAs). RFC 8910. IETF Standards Track. https://www.rfc-editor.org/rfc/rfc8910
  • Pauly, T. and Thakore, D. 2020. Captive Portal API. RFC 8908. IETF. https://datatracker.ietf.org/doc/html/rfc8908
  • Stanton, B., Theofanos, M.F., Prettyman, S.S. and Furman, S. 2016. Security Fatigue. IT Professional, 18(5), 26–32. DOI: 10.1109/MITP.2016.84.
  • Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N. and Cranor, L.F. 2009. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. 18th USENIX Security Symposium, pp. 399–432. Montreal, Canada.
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

TLS Transport Layer Security PKI Certificate Pinning Captive Portal In-Flight Connectivity Constrained Networks Security Fatigue

Powered by PhDFocusTM