loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Kaspar Hageman 1 ; Egon Kidmose 1 ; René Rydhof Hansen 2 and Jens Myrup Pedersen 1

Affiliations: 1 Department of Electronic System, Aalborg University, Denmark ; 2 Department of Computer Science, Aalborg University, Denmark

Keyword(s): Phishing, Digital Certificate, Certificate Transparency, TLS.

Abstract: This paper investigates the potential of using digital certificates for the detection of phishing domains. This is motivated by phishing domains that have started to abuse the (erroneous) trust of the public in browser padlock symbols, and by the large-scale adoption of the Certificate Transparency (CT) framework. This publicly accessible evidence trail of Transport Layer Security (TLS) certificates has made the TLS landscape more transparent than ever. By comparing samples of phishing, popular benign, and non-popular benign domains, we provide insight into the TLS certificates issuance behavior for phishing domains, focusing on the selection of the certificate authority, the validation level of the certificates, and the phenomenon of certificate sharing among phishing domains. Our results show that phishing domains gravitate to a relatively small selection of certificate authorities, and disproportionally to cPanel, and tend to rely on certificates with a low, and cheap, validation level. Additionally, we demonstrate that the vast majority of certificates issued for phishing domains cover more than only phishing domains. These results suggest that a more pro-active role of CAs and putting more emphasis on certificate revocation can have a crucial impact in the defense against phishing attacks. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.15.190.144

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Hageman, K.; Kidmose, E.; Hansen, R. and Pedersen, J. (2021). Can a TLS Certificate Be Phishy?. In Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-524-1; ISSN 2184-7711, SciTePress, pages 38-49. DOI: 10.5220/0010516600380049

@conference{secrypt21,
author={Kaspar Hageman. and Egon Kidmose. and René Rydhof Hansen. and Jens Myrup Pedersen.},
title={Can a TLS Certificate Be Phishy?},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT},
year={2021},
pages={38-49},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010516600380049},
isbn={978-989-758-524-1},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT
TI - Can a TLS Certificate Be Phishy?
SN - 978-989-758-524-1
IS - 2184-7711
AU - Hageman, K.
AU - Kidmose, E.
AU - Hansen, R.
AU - Pedersen, J.
PY - 2021
SP - 38
EP - 49
DO - 10.5220/0010516600380049
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic