Risk Rating System of X.509 Certificates

Hawanna, Varsharani; Kulkarni, Vrushali; Rane, Rashmi; Mestri, P.; Panchal, S.

doi:10.1016/j.procs.2016.06.027

Cited by 7 publications

(5 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the proposed approach necessities a long time until a user has seen all required CAs, based on his browser history. In [33], a framework has been presented to evaluate a risk level of X.509 certificate based on certain trust criteria and characteristics. They use classification techniques with machine learning algorithm, which classify a certificate risk in three levels as high risk, medium risk and low risk [33].…”

Section: Related Workmentioning

confidence: 99%

“…In [33], a framework has been presented to evaluate a risk level of X.509 certificate based on certain trust criteria and characteristics. They use classification techniques with machine learning algorithm, which classify a certificate risk in three levels as high risk, medium risk and low risk [33]. Their framework is divided in three modules: Module 1 is used for collecting a trusted and untrusted x.509 certificate and storing it in trust store, Module 2 permits to collect trust criteria/attribute that are taken into account during risk level calculation, and Module 3 is used for a risk classification.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Calculating and Evaluating Trustworthiness of Certification Authority

Uahhabi

Bakkali

2022

Int. j. commun. netw. inf. secur.

View full text Add to dashboard Cite

In a public key infrastructure trust model, a trust is transferred along a set of certificates, issued by certificate authorities (CAs) considered as trustfully third parties, providing a trust chain among its entities. In order to deserve this trustworthiness, a CA should to apply the rigorous procedures for generating keys, checking the identities, and following reliable security practices. Any deficiency in these procedures may in?uence its trustworthiness. In this context, some authorities could be weaker than others. Then, relying parties (RPs) and certificate holders (CHs) need a mechanism to evaluate CA trustworthiness. In this paper, we provide them this mechanism to have information about its trustworthiness. In fact, we propose a trust level calculation algorithm that is based on three parameters which are the CA reputation, the quality of procedures described in the certi?cate policy and its security maturity level.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Calculating and Evaluating Trustworthiness of Certification Authority

Uahhabi

Bakkali

2022

Int. j. commun. netw. inf. secur.

View full text Add to dashboard Cite

show abstract

“…Hawanna et al [22] proposed a framework which assesses the risk associated with X.509 certificates. By using the random forest machine learning algorithm, this framework provides users with three risk levels -high risk, medium risk, and low risk, and mentions due to which parameter it bears the risk.…”

Section: A Security Of Ssl/tls Implementationsmentioning

confidence: 99%

DRLgencert: Deep Learning-Based Automated Testing of Certificate Verification in SSL/TLS Implementations

Chen

Diao

Zeng

et al. 2018

2018 IEEE International Conference on Software Maintenance and Evolution (ICSME)

View full text Add to dashboard Cite

The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are the foundation of network security. The certificate verification in SSL/TLS implementations is vital and may become the "weak link" in the whole network ecosystem. In previous works, some research focused on the automated testing of certificate verification, and the main approaches rely on generating massive certificates through randomly combining parts of seed certificates for fuzzing. Although the generated certificates could meet the semantic constraints, the cost is quite heavy, and the performance is limited due to the randomness.To fill this gap, in this paper, we propose DRLgencert, the first framework on applying deep reinforcement learning to the automated testing of certificate verification in SSL/TLS implementations. DRLgencert accepts ordinary certificates as input and outputs the newly generated certificates which could trigger discrepancies with high efficiency. Benefited by the deep reinforcement learning, when generating certificates, our framework could choose the best next action according to the result of a previous modification, instead of simple random combinations. At the same time, we developed a set of new techniques to support the overall design, like new feature extraction method for X.509 certificates, fine-grained differential testing, and so forth. Also, we implemented a prototype of DRLgencert and carried out a series of real-world experiments. The results show DRLgencert is quite efficient, and we obtained 84,661 discrepancy-triggering certificates from 181,900 certificate seeds, say around 46.5% effectiveness. Also, we evaluated six popular SSL/TLS implementations, including GnuTLS, MatrixSSL, MbedTLS, NSS, OpenSSL, and wolfSSL. DRLgencert successfully discovered 23 serious certificate verification flaws, and most of them were previously unknown.Our Approach. In this paper, we propose DRLgencert (using Deep Reinforcement Learning to generate certificates), the arXiv:1808.05444v1 [cs.CR]

show abstract

“…In [12], the authors suggest a framework used for assessing a certificate risk level on the basis of certain trust characteristics and criteria. The proposed framework permits user to make decision whether accept or not a certificate for a particular transaction by evaluating its risk level.…”

Section: Related Workmentioning

confidence: 99%