Detection of Rogue Certificates from Trusted Certificate Authorities Using Deep Neural Networks
Abstract
Rogue certificates are valid certificates issued by a legitimate certificate authority (CA) that are nonetheless untrustworthy; yet trusted by web browsers and users. With the current public key infrastructure, there exists a window of vulnerability between the time a rogue certificate is issued and when it is detected. Rogue certificates from recent compromises have been trusted for as long as weeks before detection and revocation. Previous proposals to close this window of vulnerability require changes in the infrastructure, Internet protocols, or end user experience. We present a method for detecting rogue certificates from trusted CAs developed from a large and timely collection of certificates. This method automates classification by building machine-learning models with Deep Neural Networks (DNN). Despite the scarcity of rogue instances in the dataset, DNN produced a classification method that is proven both in simulation and in the July 2014 compromise of the India CCA. We report the details of the classification method and illustrate that it is repeatable, such as with datasets obtained from crawling. We describe the classification performance under our current research deployment.
Document Details
- Document Type
- Pub Defense Publication
- Publication Date
- Sep 17, 2016
- Source ID
- 10.1145/2975591
Entities
People
- Kevin Kane
- L. Jean Camp
- Zheng Dong
Organizations
- Indiana University
- Microsoft
- Microsoft Research
- National Science Foundation
- United States Army Research Laboratory