Skip to main content
SpringerLink
Log in

Risk Evaluation of X.509 Certificates – A Machine Learning Application

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10063))

Included in the following conference series:

  • 1030 Accesses

Abstract

X.509 certificates empower to reveal the unique identity of the parties participating in the conversation. Right now, during online exchanges, many people and groups are using X.509 certificates to represent their identity, so the level of excellence and reliability of these certificates become dubious. Hence, we introduced a framework which computes risk associated with X.509 certificates with the assistance of certain trust criteria and attributes. For assessing risk related with certificate, we utilized Random Forest ensemble machine learning algorithm, which categorizes risk in three levels- High, Medium and Low. User needs to input the certificate and the system will predict the risk associated with that certificate. If predicted risk is high or medium, system will specify the parameter due to which it triggers risk. Our framework can be applied in browser-server communication and identifying real-time phishing websites which have Https URLs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Dan Ahmed, B.: A model for automatically evaluating trust in X.509 certificates. Cybernetica Research Report 2010, pp. 12–16 (2010)

    Google Scholar 

  2. Alexa.com. The Web Information Company. http://www.alexa.com

  3. Brubaker, C., Jana, S., Ray, B., Khurshid, S., Shmatikov, V.: Using frankencerts for automated adversarial testing of certificate validation in SSL/TLS implementations. In: Security and Privacy (SP) Symposium, pp. 114–129. IEEE, May 2014

    Google Scholar 

  4. Batarfi, O., Marshall, L.: Defining criteria for rating an entity’s trustworthiness based on its certificate policy. In: Proceedings of the First International Conference on Availability, Reliability and Security (ARES 2006). IEEE, April 2006

    Google Scholar 

  5. Curry, I.: Version 3 X. 509 Certificates. Entrust Technologies (1996)

    Google Scholar 

  6. Alfaro, E., Gamez, M., Garcia, N.: A adabag: an r package for classification with boosting and bagging. J. Stat. Softw. 54(2), August 2013

    Google Scholar 

  7. Ford, W., Chokhani, S., CygnaCom, Inc., VeriSign, Inc. Certificate Policy and Certification Practices Framework, RFC 2527, March 1999

    Google Scholar 

  8. Ghafarian, A.: An empirical study of network forensics analysis tools. In: ICCWS2014-9th International Conference on Cyber Warfare & Security, p. 366, March 2014

    Google Scholar 

  9. Googles article. Google calls out certificate authorities that can no longer be trusted. Infoworld 28 March 2016

    Google Scholar 

  10. Housley, R., Polk, W., Ford, W., Solo, D.: Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280 (2002)

    Google Scholar 

  11. Quinlan, J.R.: Bagging, boosting, and C4.5. In: AAAI (1996)

    Google Scholar 

  12. Breiman, L., Cutler, A.: Breiman and Cutler’s Random Forests for Classification and Regression, 7 October 2015

    Google Scholar 

  13. Breiman, L.: Random Forests, January 2001

    Google Scholar 

  14. Breiman, L.: Bagging predictors, Mach. Learn. 24(2), 123,140 (1996)

    Google Scholar 

  15. Mishari, M.A., Cristofaro, D.E., Defrawy, K.E., Tsudik, G.: Harvesting SSL certificate data to identify Web-fraud. arXiv preprint arXiv:0909.3688v4 [cs.CR], pp. 1–13, 13 January 2012

  16. Roger, D., Peng, R.: Programming for Data Science, Leanpub publication, published on 20 July 2015

    Google Scholar 

  17. Sanders C.: Practical packet analysis: Using Wireshark to solve real-world network problems, 2nd edn. No Starch Press (2011)

    Google Scholar 

  18. Samer, W.A., Romain, L., Francois, B.: A formal model of trust for calculating the quality of x. 509 certificate. Security and Communication Networks 2011, pp. 651–665 (2011)

    Google Scholar 

  19. Weaver, Gabriel, A., Rea, Scott, Smith, Sean, W.: A computational framework for certificate policy operations. In: Martinelli, Fabio, Preneel, Bart (eds.) EuroPKI 2009. LNCS, vol. 6391, pp. 17–33. Springer, Heidelberg (2010). doi:10.1007/978-3-642-16441-5_2

    Chapter  Google Scholar 

  20. Wazan, A.S., Laborde, R., Barrère, F., Benzekri, A.: The x. 509 trust model needs a technical and legal expert. In: 2012 IEEE International Conference on Communications (ICC), pp. 6895–6900, June 2012

    Google Scholar 

  21. Wazan, A.S., Laborde, R., Barrère, F., Benzekri, A.: Validating X. 509 certificates based on their quality. In: The 9th International Conference for IEEE Young Computer Scientists, ICYCS 2008, pp. 2055–2060, 281–304, November 2008

    Google Scholar 

  22. Webpage, Comparing Tree-Based Classification Methods via the Kaggle Otto Competition. http://www.r-bloggers.com/comparing-tree-based-classification-methods-via-the-kaggle-otto-competition/

  23. Dong, Z., Kapadia, A., Blythe, J., Jean Camp, L.: Beyond the Lock Icon: Real-time Detection of Phishing Websites Using Public Key Certificates. IEEE (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, MAEER’s MIT, Pune, 411038, India

    Varsharani Hawanna, Vrushali Kulkarni, Rashmi Rane & Pooja Joshi

Authors
  1. Varsharani Hawanna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vrushali Kulkarni
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rashmi Rane
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pooja Joshi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Varsharani Hawanna .

Editor information

Editors and Affiliations

  1. Colorado State University, Fort Collins, Colorado, USA

    Indrajit Ray

  2. Malaviya National Institute of Technology, Jaipur, India

    Manoj Singh Gaur

  3. University of Padua, Padua, Italy

    Mauro Conti

  4. IIIT Delhi, Delhi, India

    Dheeraj Sanghi

  5. IIT Madras, Madras, India

    V. Kamakoti

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Hawanna, V., Kulkarni, V., Rane, R., Joshi, P. (2016). Risk Evaluation of X.509 Certificates – A Machine Learning Application. In: Ray, I., Gaur, M., Conti, M., Sanghi, D., Kamakoti, V. (eds) Information Systems Security. ICISS 2016. Lecture Notes in Computer Science(), vol 10063. Springer, Cham. https://doi.org/10.1007/978-3-319-49806-5_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49806-5_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49805-8

  • Online ISBN: 978-3-319-49806-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation