Abstract
This paper investigates the potential of using digital certificates for the detection of phishing domains. This i motivated by phishing domains that have started to abuse the (erroneous) trust of the public in browser padloc symbols, and by the large-scale adoption of the Certificate Transparency (CT) framework. This publicl accessible evidence trail of Transport Layer Security (TLS) certificates has made the TLS landscape mor transparent than ever. By comparing samples of phishing, popular benign, and non-popular benign domains we provide insight into the TLS certificates issuance behavior for phishing domains, focusing on the selectio of the certificate authority, the validation level of the certificates, and the phenomenon of certificate sharin among phishing domains. Our results show that phishing domains gravitate to a relatively small selection o certificate authorities, and disproportionally to cPanel, and tend to rely on certificates with a low, and cheap validation level. Additionally, we demonstrate that the vast majority of certificates issued for phishing domain cover more than only phishing domains. These results suggest that a more pro-active role of CAs and puttin more emphasis on certificate revocation can have a crucial impact in the defense against phishing attacks.
Original language | English |
---|---|
Title of host publication | Proceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021 |
Editors | Sabrina De Capitani di Vimercati, Pierangela Samarati |
Number of pages | 12 |
Publisher | SCITEPRESS Digital Library |
Publication date | 2021 |
Pages | 38-49 |
ISBN (Electronic) | 978-989-758-524-1 |
DOIs | |
Publication status | Published - 2021 |
Event | 18th International Conference on Security and Cryptography, SECRYPT 2021 - Virtual, Online Duration: 6 Jul 2021 → 8 Jul 2021 |
Conference
Conference | 18th International Conference on Security and Cryptography, SECRYPT 2021 |
---|---|
City | Virtual, Online |
Period | 06/07/2021 → 08/07/2021 |
Sponsor | Institute for Systems and Technologies of Information, Control and Communication (INSTICC) |
Series | International Conference on Security and Cryptography - SECRYPT - Proceedings |
---|---|
ISSN | 2184-7711 |
Bibliographical note
Funding Information:This research is carried out under the SecDNS project, funded by Innovation Fund Denmark. We thank Cen-sys.io for sharing their CT log data with us, and we are thankful for the APWG for granting us access to their eCX platform.
Publisher Copyright:
Copyright © 2021 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved
Keywords
- Certificate Transparency
- Digital Certificate
- Phishing
- TLS