Abstract
X.509 certificates empower to reveal the unique identity of the parties participating in the conversation. Right now, during online exchanges, many people and groups are using X.509 certificates to represent their identity, so the level of excellence and reliability of these certificates become dubious. Hence, we introduced a framework which computes risk associated with X.509 certificates with the assistance of certain trust criteria and attributes. For assessing risk related with certificate, we utilized Random Forest ensemble machine learning algorithm, which categorizes risk in three levels- High, Medium and Low. User needs to input the certificate and the system will predict the risk associated with that certificate. If predicted risk is high or medium, system will specify the parameter due to which it triggers risk. Our framework can be applied in browser-server communication and identifying real-time phishing websites which have Https URLs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Dan Ahmed, B.: A model for automatically evaluating trust in X.509 certificates. Cybernetica Research Report 2010, pp. 12–16 (2010)
Alexa.com. The Web Information Company. http://www.alexa.com
Brubaker, C., Jana, S., Ray, B., Khurshid, S., Shmatikov, V.: Using frankencerts for automated adversarial testing of certificate validation in SSL/TLS implementations. In: Security and Privacy (SP) Symposium, pp. 114–129. IEEE, May 2014
Batarfi, O., Marshall, L.: Defining criteria for rating an entity’s trustworthiness based on its certificate policy. In: Proceedings of the First International Conference on Availability, Reliability and Security (ARES 2006). IEEE, April 2006
Curry, I.: Version 3 X. 509 Certificates. Entrust Technologies (1996)
Alfaro, E., Gamez, M., Garcia, N.: A adabag: an r package for classification with boosting and bagging. J. Stat. Softw. 54(2), August 2013
Ford, W., Chokhani, S., CygnaCom, Inc., VeriSign, Inc. Certificate Policy and Certification Practices Framework, RFC 2527, March 1999
Ghafarian, A.: An empirical study of network forensics analysis tools. In: ICCWS2014-9th International Conference on Cyber Warfare & Security, p. 366, March 2014
Googles article. Google calls out certificate authorities that can no longer be trusted. Infoworld 28 March 2016
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280 (2002)
Quinlan, J.R.: Bagging, boosting, and C4.5. In: AAAI (1996)
Breiman, L., Cutler, A.: Breiman and Cutler’s Random Forests for Classification and Regression, 7 October 2015
Breiman, L.: Random Forests, January 2001
Breiman, L.: Bagging predictors, Mach. Learn. 24(2), 123,140 (1996)
Mishari, M.A., Cristofaro, D.E., Defrawy, K.E., Tsudik, G.: Harvesting SSL certificate data to identify Web-fraud. arXiv preprint arXiv:0909.3688v4 [cs.CR], pp. 1–13, 13 January 2012
Roger, D., Peng, R.: Programming for Data Science, Leanpub publication, published on 20 July 2015
Sanders C.: Practical packet analysis: Using Wireshark to solve real-world network problems, 2nd edn. No Starch Press (2011)
Samer, W.A., Romain, L., Francois, B.: A formal model of trust for calculating the quality of x. 509 certificate. Security and Communication Networks 2011, pp. 651–665 (2011)
Weaver, Gabriel, A., Rea, Scott, Smith, Sean, W.: A computational framework for certificate policy operations. In: Martinelli, Fabio, Preneel, Bart (eds.) EuroPKI 2009. LNCS, vol. 6391, pp. 17–33. Springer, Heidelberg (2010). doi:10.1007/978-3-642-16441-5_2
Wazan, A.S., Laborde, R., Barrère, F., Benzekri, A.: The x. 509 trust model needs a technical and legal expert. In: 2012 IEEE International Conference on Communications (ICC), pp. 6895–6900, June 2012
Wazan, A.S., Laborde, R., Barrère, F., Benzekri, A.: Validating X. 509 certificates based on their quality. In: The 9th International Conference for IEEE Young Computer Scientists, ICYCS 2008, pp. 2055–2060, 281–304, November 2008
Webpage, Comparing Tree-Based Classification Methods via the Kaggle Otto Competition. http://www.r-bloggers.com/comparing-tree-based-classification-methods-via-the-kaggle-otto-competition/
Dong, Z., Kapadia, A., Blythe, J., Jean Camp, L.: Beyond the Lock Icon: Real-time Detection of Phishing Websites Using Public Key Certificates. IEEE (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Hawanna, V., Kulkarni, V., Rane, R., Joshi, P. (2016). Risk Evaluation of X.509 Certificates – A Machine Learning Application. In: Ray, I., Gaur, M., Conti, M., Sanghi, D., Kamakoti, V. (eds) Information Systems Security. ICISS 2016. Lecture Notes in Computer Science(), vol 10063. Springer, Cham. https://doi.org/10.1007/978-3-319-49806-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-49806-5_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49805-8
Online ISBN: 978-3-319-49806-5
eBook Packages: Computer ScienceComputer Science (R0)