Discovering HTTPSified Phishing Websites Using the TLS Certificates Footprints

Yuji Sakurai, Takuya Watanabe, Tetsuya Okuda, Mitsuaki Akiyama, Tatsuya Mori

研究成果: Conference contribution

2 被引用数 (Scopus)

抄録

With the recent rise of HTTPS adoption on the Web, attackers have begun "HTTPSifying"phishing websites. HTTPSifying a phishing website has the advantage of making the website appear legitimate and evading conventional detection methods that leverage URLs or web contents in the network. Further, adopting HTTPS could also contribute to generating intrinsic footprints and provide defenders with a great opportunity to monitor and detect websites, including phishing sites, as they would need to obtain a public-key certificate issued for the preparation of the websites. The potential benefits of certificate-based detection include (1) the comprehensive monitoring of all HTTPSified websites by using certificates immediately after their issuance, even if the attacker utilizes dynamic DNS (DDNS) or hosting services; this could be overlooked with the conventional domain-registration-based approaches; and (2) to detect phishing websites before they are published on the Internet. Accordingly, we address the following research question: How can we make use of the footprints of TLS certificates to defend against phishing attacks? For this, we collected a large set of TLS certificates corresponding to phishing websites from Certificate Transparency (CT) logs and extensively analyzed these TLS certificates. We demonstrated that a template of common names, which are equivalent to the fully qualified domain names, obtained through the clustering analysis of the certificates can be used for the following promising applications: (1) The discovery of previously unknown phishing websites with low false positives and (2) understanding the infrastructure used to generate the phishing websites. We use our findings on the abuse of free certificate authorities (CAs) for operating HTTPSified phishing websites to discuss possible solutions against such abuse and provide a recommendation to the CAs.

本文言語English
ホスト出版物のタイトルProceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020
出版社Institute of Electrical and Electronics Engineers Inc.
ページ522-531
ページ数10
ISBN(電子版)9781728185972
DOI
出版ステータスPublished - 2020 9
イベント5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020 - Virtual, Genoa, Italy
継続期間: 2020 9 72020 9 11

出版物シリーズ

名前Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020

Conference

Conference5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020
国/地域Italy
CityVirtual, Genoa
Period20/9/720/9/11

ASJC Scopus subject areas

  • コンピュータ ネットワークおよび通信
  • 情報システムおよび情報管理
  • 安全性、リスク、信頼性、品質管理

フィンガープリント

「Discovering HTTPSified Phishing Websites Using the TLS Certificates Footprints」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル