A Quantitative Analysis of Security Keys and Commit Signing on Github

Author

Parker N. CollierFollow

Date of Award

5-2024

Degree Type

Thesis

Degree Name

Master of Science

Major

Computer Science

Major Professor

Scott I Routi

Committee Members

Doowon Kim, Audris Mockus

Abstract

This thesis analyzes the use and impact of security and signing keys on Github, the foremost public code development platform. These keys are used for developer authentication and code commit signing, but little research has been done on the usage of these keys. We set out to collect every available key associated with a Github user and performed quantitative analysis on the gathered data. Our data was gathered using Github’s publicly available REST and GraphQl API’s. We found that very few users create keys for signing commits, and there are a number of keys on the database that could be considered weak by modern standards. Personal keys for user identification is not widely accepted. A better understanding of how developers interact with these systems is needed to develop software that is both usable and secure.

Recommended Citation

Collier, Parker N., "A Quantitative Analysis of Security Keys and Commit Signing on Github. " Master's Thesis, University of Tennessee, 2024.
https://trace.tennessee.edu/utk_gradthes/11375