Can a TLS certificate be phishy?

Kaspar Hageman, Egon Kidmose, René Rydhof Hansen, Jens Myrup Pedersen

Publikation: Bidrag til bog/antologi/rapport/konference proceedingKonferenceartikel i proceedingForskningpeer review

2 Citationer (Scopus)
15 Downloads (Pure)


This paper investigates the potential of using digital certificates for the detection of phishing domains. This i motivated by phishing domains that have started to abuse the (erroneous) trust of the public in browser padloc symbols, and by the large-scale adoption of the Certificate Transparency (CT) framework. This publicl accessible evidence trail of Transport Layer Security (TLS) certificates has made the TLS landscape mor transparent than ever. By comparing samples of phishing, popular benign, and non-popular benign domains we provide insight into the TLS certificates issuance behavior for phishing domains, focusing on the selectio of the certificate authority, the validation level of the certificates, and the phenomenon of certificate sharin among phishing domains. Our results show that phishing domains gravitate to a relatively small selection o certificate authorities, and disproportionally to cPanel, and tend to rely on certificates with a low, and cheap validation level. Additionally, we demonstrate that the vast majority of certificates issued for phishing domain cover more than only phishing domains. These results suggest that a more pro-active role of CAs and puttin more emphasis on certificate revocation can have a crucial impact in the defense against phishing attacks.

TitelProceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021
RedaktørerSabrina De Capitani di Vimercati, Pierangela Samarati
Antal sider12
ForlagSCITEPRESS Digital Library
ISBN (Elektronisk)978-989-758-524-1
StatusUdgivet - 2021
Begivenhed18th International Conference on Security and Cryptography, SECRYPT 2021 - Virtual, Online
Varighed: 6 jul. 20218 jul. 2021


Konference18th International Conference on Security and Cryptography, SECRYPT 2021
ByVirtual, Online
SponsorInstitute for Systems and Technologies of Information, Control and Communication (INSTICC)
NavnInternational Conference on Security and Cryptography - SECRYPT - Proceedings

Bibliografisk note

Publisher Copyright:
Copyright © 2021 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved


Dyk ned i forskningsemnerne om 'Can a TLS certificate be phishy?'. Sammen danner de et unikt fingeraftryk.