On the Detection of Fake Certificates via Attribute Correlation

Abstract

Transport Layer Security (TLS) and its predecessor, SSL, are important cryptographic protocol suites on the Internet. They both implement public key certificates and rely on a group of trusted certificate authorities (i.e., CAs) for peer authentication. Unfortunately, the most recent research reveals that, if any one of the pre-trusted CAs is compromised, fake certificates can be issued to intercept the corresponding SSL/TLS connections. This security vulnerability leads to catastrophic impacts on SSL/TLS-based HTTPS, which is the underlying protocol to provide secure web services for e-commerce, e-mails, etc. To address this problem, we design an attribute dependency-based detection mechanism, called SSLight. SSLight can expose fake certificates by checking whether the certificates contain some attribute dependencies rarely occurring in legitimate samples. We conduct extensive experiments to evaluate SSLight and successfully confirm that SSLight can detect the vast majority of fake certificates issued from any trusted CAs if they are compromised. As a real-world example, we also implement SSLight as a Firefox add-on and examine its capability of exposing existent fake certificates from DigiNotar and Comodo, both of which have made a giant impact around the world.

1. Introduction

Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are built upon an X.509 public key infrastructure [1] and used as a base in important secure protocols and applications on the Internet, such as HTTPS, VPN and SMTPS. Within an X.509 infrastructure, certificate authorities (CAs) are in charge of checking other entities’ identity and issuing X.509 certificates to verified entities, which may be another CA or end entity. The root CAs issue certificates to themselves, and the certificates of intermediate CAs are issued from other CAs. As a result, any end entity’s certificate can be chained back to a root CA certificate through zero or several intermediate CA certificates, which form a certification path [1]. SSL/TLS employ end entity certificates to authenticate peer identities [2,3]. In particular, the end entity obtains a legitimate identity if its certificate can be chained back to a trusted CA along its certification path. The X.509 public key infrastructure also defines necessary fields and syntax present in X.509 certificates [2]. In this paper, we refer to the fields as attributes.

HTTPS uses SSL/TLS to encrypt HTTP connections, thus providing secure web services to a range of web applications, including online business, finance, healthcare, mailing services, and so on. In HTTPS connections, browsers authenticate web server identities based on a group of pre-agreed root and intermediate CAs. This validation process basically depends on two requirements. One is whether the web server’s certificate is issued by one of the trusted CAs. The other is whether the certificate’s common name (i.e., CN) is bound to the web server’s domain name. If both requirements are fulfilled, browsers confirm this web server’s identity as legitimate. Otherwise, an alert will be displayed to make users aware that the certificate may be fake, and the web access is held immediately to prevent any potential attacks.

However, if one of the trusted CAs is compromised, fake certificates can be issued and used to hijack targeted HTTPS connections [4,5]. Browsers are not aware of the underlying attacks launched by this kind of fake certificate, because they trust the compromised CA by default and cannot distinguish which trusted CA is the legal one to issue which certificate. As reported from the SSL Observatory project [6], there are more than 600 certificate authorities that browsers should trust by default [7]. As a result, attackers are only required to compromise one of these CAs, which they are capable of breaking into. Such a threat consequently forces mainstream browsers to revoke their trust on these compromised CAs that have been discovered, such as DigiNotar [8–10] and Comodo [11]. However, this temporary countermeasure is followed by a side effect that browsers no longer trust the legitimate certificates that were already issued from DigiNotar and Comodo, as well. To make things worse, browsers lose the chance to withdraw their trust of the compromised CAs if they are not discovered.

To address these problems, online detection systems, such as Perspectives [12], HTTPS Everywhere [13] and Google Certificate Catalog [14], have been proposed. They conduct a direct bit-to-bit comparison between the examined certificate and its legitimate sample obtained from the Internet. As these systems check certificate identities on-line, attackers, who can use fake certificates to hijack users’ HTTPS tunnels, are more likely to be able to intercept or block the corresponding connections to these on-line services, as well. The Sovereign Keys Project [15], on the other hand, provides a systematic solution for this structural insecurity. However, the implementation of sovereign keys involves cooperation among different CAs and web/DNS servers, thus making it hard to be practically deployed.

In this paper, we propose SSLight, an attribute dependency-based detection mechanism, to help browsers identify fake certificates issued from compromised CAs. SSLight basically relies on a probabilistic model built on a set of legitimate samples. Fake certificates thus can be detected as dependencies between some of their attributes that rarely occur among the legitimate samples. For example, as Australian CAs have never signed any legitimate certificates to American servers, a certificate is more likely to be a fake one if it is issued by an Australian CA, but possessed by an American server. As a result, SSLight is capable of exposing fake certificates from compromised CAs, even if they are not discovered, and mitigating the false alarm on legitimate certificates, as well. SSLight does not require instant on-line checking, helping it circumvent potential network interceptions. Moreover, SSLight is a lightweight solution that does not need cooperation from remote servers or CAs.

In sum, we have made three contributions in this paper.

• We have designed SSLight, a novel attribute dependency-based detection mechanism, to enhance SSL/TLS’s authentication. SSLight is capable of exposing fake certificates issued from trusted, but compromised, CAs.
• SSLight is built on a training set with 830,306 legitimate certificate samples. We have conducted extensive experiments to evaluate SSLight’s detection capability. The experimental results show that SSLight can detect the vast majority of fake certificates issued from any compromised CA with a relatively low false positive rate.
• We have implemented SSLight as a Firefox add-on and use it to detect real-world fake certificates from DigiNotar and Comodo, both of which have made a catastrophic impact around the world. SSLight achieves a relatively high detection rate on these real-world examples.

The remainder of the paper is organized as follows. Section 2 explains the attributes and the attribute dependency in X.509 certificates. Section 3 presents the threat model. Section 4 elaborates on the design of SSLight. In Section 5, SSLight is thoroughly evaluated and implemented as a Firefox add-on to examine real-world examples. Before concluding this paper, in Section 8, we discuss the limitations of our proposal in Section 6 and review related works in Section 7.

2. Background

This section presents the details of the attributes in X.509 certificates and the concept of attribute dependency.

2.1. Attributes in X.509 Certificates

SSL/TLS employ the X.509 v3 certificate format to profile their X.509 certificates with necessary fields, called attributes, and corresponding usages [2]. These attributes can be classified into two groups, basic certificate attributes and certificate extension attributes [2], both of which are encoded following the ASN.1 distinguished encoding rules (DER) [16] in order to facilitate signature calculation. Basic certificate attributes contain basic information related to the owner and its issuer. In particular, two basic certificate attributes, Subject and Issuer, include several sub-fields defined in the X.500 specification [17]. In this paper, we refer to these sub-fields as attributes, too. Certificate extension attributes, on the other hand, associate additional information with the owner and for managing relationships between CAs [2].

To receive a valid certificate, an entity, maybe a CA or a web server in this paper, first uses its private key to generate a certificate signing request (CSR) [18]. This CSR is subsequently sent to a trustworthy organization, actually another CA, for validation. After checking the entity’s identity, the organization issues a signed certificate back to the requested entity. This issuing process always involves human interactions to fill in the certificate’s attributes with necessary personal information. For example, if the entity is a CA located in America, the attribute CA and Country should be set to TRUE and US, respectively. As the contents in any attribute are involved in the signature calculation, they cannot be changed when the certificate is already signed. Any certificate is located in a certification path, in which an end entity certificate can be traced back to a root CA certificate through zero or several intermediate CA certificates [1]. From the bottom to the top of each certification path, the upper certificate is owned by a CA, which uses a private key to sign a lower certificate, and the top-most CA signs its certificate itself. With this signing chain, the trust assigned to the top-most certificate can be propagated to the bottom one. In this way, the browsers can only install hundreds of CA certificates and then trust billions of web sites later.

The left side of Figure 1 shows an example of a Google certificate. It is an end entity certificate and includes 15 basic certificate attributes, in which five belong to Subject attributes, three are Issuer attributes and five are certificate extension attributes. We observe much information from these attributes, like: the certificate’s valid period is from the 18 December 2009 to 2011; the public key algorithm is RSA; the key length is 1024 bits; it is an American certificate, but issued by a South Africa CA, etc. In this paper, we assume the attributes that have not appeared in a certificate contain an empty value by default. The right side of this figure shows the corresponding certification path in which the Google certificate is located. The root CA, Verisign Class 3, issues a CA certificate to an intermediate CA, Thawte SGC, which signs the end entity certificate to Google.

2.2. Attribute Dependency

We define attribute dependency as the conditional probability distribution for all of the possible values of an attribute given a certain value in another attribute (the formalized definition is presented in Equation (5) in Section 4.1). These conditional probabilities can be calculated based on a set of legitimate certificates. According to whether the two attributes are from the same certificate or different certificates along with a certification path, we group attribute dependencies into two types, certificate attribute dependency and certification path attribute dependency. As a certificate’s Issuer attributes indicate its issuer’s Subject attributes along with a certification path, the dependency between an Issuer attribute and another attribute in the same certificate can be considered as a certification path attribute dependency. The certificate attribute dependency represents the relationship inside a certificate, while the certification path attribute dependency reflects the relationship between two different certificates from the same certification path.

Figure 2a illustrates an example for the certificate attribute dependency. Two attributes, countryName and Public Key Length, in a server certificate are considered. The countryName is assumed to have possible values US, CN and Empty, while the Public Key Length includes 1024, 2048 and Empty. Each arrow line indicates a conditional probability for a value of the attribute Public Key Length given a certain value in the countryName. We observe three certificate attribute dependencies, ➀, ➁ and ➂, in which the certain value of the countryName is US, CN and Empty, respectively. Figure 2b, on the other hand, shows an instance of the certification path attribute dependency between the attribute countryName in a server certificate and a CA certificate, both of which are located at the same certification path. The two countryName attributes are assumed to possess possible values US, CN and Empty. As can be seen, there are three certification path attribute dependencies, ➃, ➄ and ➅.

3. Threat Model

Figure 3 demonstrates the security threat involved in this paper using the real-world compromised CAs, DigiNotar and Comodo. We use Firefox Version 5.0.1 for this demonstration, because Firefox has announced withdrawing its trust in DigiNotar and Comodo since Version 6.0.1 [11,19,20]. Since we cannot compromise the real DigiNotar and Comodo, we set up two private CAs in our laboratory to impersonate them instead. We then add the two private CA certificates into the trusted authorities list in Firefox; thus, they can be used as the real compromised DigiNotar and Comodo. To hijack HTTPS connections to the Google mail service, we deploy a man-in-the-middle SSL proxy [21] with fake Google certificates in our laboratory and configured Firefox to access HTTPS sessions through this proxy by default. As shown in Figure 3a, the legitimate Google certificate issued by Thawte SGC CA has been accepted by Firefox. However, Figure 3a,b demonstrates that Firefox also accepts fake Google certificates from DigiNotar and Comodo by default. As a result, users are not aware of underlying attacks when they access Gmail through HTTPS connections, and their account information will be leaked. Note that we obtain the same results in other major browsers, such as IE and Chrome.

In this paper, attackers are assumed to be able to intrude any CAs trusted by browsers and hijack any connections to and from the browsers. Note that attackers cannot modify the attributes in any trusted CA certificate because the CA certificates are pre-installed in browsers. Although attackers can exploit the compromised CA to issue fake certificates with arbitrary attributes, SSLight, or human beings, can easily detect these naive fake certificates through certificate attribute dependency. In this case, sophisticated attackers duplicate attributes from the legitimate certificate to its corresponding fake one, thus circumventing this kind of detection. Moreover, as sophisticated attackers can use the compromised CA to issue any number of intermediate CAs with arbitrary attributes, the detection based on the dependency between attributes from different CA certificates in the same certification path can be easily evaded. In this paper, SSLight focuses on the usage of the dependency between attributes from the server certificate and any of its CA certificates along with the same certification path to be against sophisticated attackers who:

• cannot do any modification in the trusted CA certificates;
• can duplicate attributes from legitimate certificates to the corresponding fake ones;
• can issue any number of intermediate CAs with arbitrary attributes using the trusted, but compromised, CA;
• can hijack or block any connections to and from the browsers.

The last item indicates that SSLight can work under the worst network conditions, in which any information from the Internet may be faked.

4. SSLight

In this section, we first build up a probabilistic model based on attribute dependencies among legitimate samples and then elaborate on the design of SSLight on top of this model. As a consequence, we introduce two factors, attack range reduction and false positive, to evaluate SSLight’s detection capability.

4.1. Probabilistic Model

Let a web server q’s legitimate certificate be $C_q^1$, which is associated with a certification path, defined as:

$$\mathrm{\Gamma }(C_q^1)=\{C_q^i,i\in [1,N_q]\},$$

(1)

where $N_q=\Vert \mathrm{\Gamma }(C_q^1)\Vert$ is the depth of the path $\mathrm{\Gamma }(C_q^1)$. $C_q^i\in \mathrm{\Gamma }(C_q^1)$represents the i-th level certificate and $C_q^{i+1}$ issues $C_q^i$ i ∈ [1,N_q−1]. Hence, $C_q^1$ is a server certificate, and $C_q^{N_q}$is a root CA certificate that is self-signed. Other $C_q^i,i\in [2,N_q-1]$ are intermediate CA certificates along with the certification path.

Proposition 1. Even if$C_{q1}^{i>1}\in \mathrm{\Gamma }(C_{q1}^1)$ and$C_{q2}^{i>1}\in \mathrm{\Gamma }(C_{q2}^1)$, where$(\mathrm{\Gamma }{C}_{q1}^1)\ne \mathrm{\Gamma }(C_{q2}^1)$, we may still have$C_{q1}^{i>1}=C_{q2}^{i>1}$, because the same CA can issue certificates to different entities.

Based on Equation (1), we thus define a non-empty training set including legitimate certificate samples as:

$$ℂ=\{\mathrm{\Gamma }(C_q^1),q\in \left[1,Q\right]\},$$

(2)

where Q = ||ℂ|| is the size of the legitimate sample set ℂ. In this paper, we assume that browsers pre-agree to trust $\forall C_q^{i>1}\in ℂ$ and cannot trust $C_e^{i>1}\notin ℂ$.

In ℂ, we use $N_{max}=\underset{\mathrm{\Gamma }(C_q^1\in ℂ)}{max}\Vert \mathrm{\Gamma }(C_q^1)\Vert$ to represent the maximum certification path depth. Let ${\mathbb{A}}^i=\{A_j^i\}$ for ∀i ∈ [1, N_max] be the set of considered attributes in the i-th level certificate, and $\Vert {\mathbb{A}}^i\Vert$ is the size of set ${\mathbb{A}}^i$. For $\forall A_j^i\in {\mathbb{A}}^i,{\mathbb{V}}_j^i=\{V_k^{j,i}\}$ is the set of values that attribute $A_j^i$ may take, and $\Vert {\mathbb{V}}_j^i\Vert$ represents the number of these possible values. As a consequence, we define the subset ℂ (i, j, k) ⊆ ℂ to include certification paths $\mathrm{\Gamma }(C_q^1)$ in which the value of $A_j^i$, denoted as $A_j^{i,q}$, is set to $V_k^{j,i}$ as:

$$ℂ(i,j,k)=\{\mathrm{\Gamma }(C_q^1)\in ℂ,ifV(A_j^{i,q})=V_k^{j,i}\},$$

(3)

where $V(A_j^{i,q})\in {\mathbb{V}}_j^i$ represents the value assigned to $A_j^{i,q}$.

With the help of Equation (3), we calculate the probability of the certification paths $\mathrm{\Gamma }(C_q^1)$ whose $V(A_{j=J_x}^{i=I_{x,q}})=V_{K_x}^{J_x,I_x}$ on the condition that their $V(A_{j=J_y}^{i=I_{y,q}})=V_{K_y}^{J_y,I_y}$ as:

$$Pr\{V_{K_x}^{J_x,I_x}|V_{K_y}^{J_y,I_y}\}=\frac{\Vert ℂ(I_x,J_x,K_x)\bigcap ℂ(I_y,J_y,K_y)\Vert }{\Vert ℂ(I_y,J_y,K_y)\Vert },$$

(4)

where ‖ℂ(I_x, J_x, K_x)⋂ ℂ(I_y, J_y, K_y)‖ is the size of the intersection set of sets ℂ(I_x, J_x, K_x) and ‖ℂ(I_y, J_y, K_y)‖ is the size of set ℂ(I_y, J_y, K_y).

Proposition 2. Given I_y, J_y and K_y, the set of conditional probabilities$Pr\{V_k^{J_x,I_x}|V_k^{J_y,I_y}\}$ for ∀I_x J_x satisfies${\displaystyle \sum _{V_k^{J_x,I_x}\in {\mathbb{V}}_{J_x}^{I_x}}Pr\{V_k^{J_x,I_x}|V_{K_y}^{J_y,I_y}\}}=1$.

The proof of Proposition 2 is detailed in Appendix 1.1. As can be seen, $Pr\{V_k^{J_x,I_x}|V_{K_y}^{J_y,I_y}\}{V}_k^{J_x,I_x}\in V_{J_x}^{I_x}$, form a probability distribution in the sample space $V_{J_x}^{I_x}$. As a result, we formalize the attribute dependency as the probability distribution of values in one attribute $A_{J_x}^{I_x}$ given another attribute’s value $V_{K_y}^{J_y,I_y}$:

$$D(A_{J_x}^{I_x}|V_{K_y}^{J_y,I_y})=\{Pr\{V_k^{J_x,I_x}|V_{K_y}^{J_y,I_y}\},\forall V_k^{J_x,I_x}\in {\mathbb{V}}_{J_x}^{I_x}\},$$

(5)

where, I_x ≠ I_y or J_x ≠ J_y. If $I_x\ne I_y,D(A_{J_x}^{I_x}|V_{K_y}^{J_y,I_y})$ is a certificate path attribute dependency. If J_x ≠ J_y, but $I_x=I_y,D(A_{J_x}^{I_x}|V_{K_y}^{J_y,I_y})$ is a certificate attribute dependency. As the compromised CAs can simply duplicate attributes from the corresponding legitimate sample to the fake certificate, the detection based on certificate attribute dependencies can be evaded. Moreover, the detection relying on $D(A_{J_x}^{I_x}|V_{K_y}^{J_y,I_y}),I_x>1,I_y>1,I_x\ne I_y$ can also be circumvented easily because the compromised CAs are capable of issuing intermediate CAs arbitrarily. The reasons have been detailed in Section 3. As a result, SSLight only employs $D(A_{J_x}^{I_x}|V_{K_y}^{J_y,I_y}),I_x=1,I_y>1$ to perform its detection.

4.2. SSLight Design

4.2.1. Detection Algorithm

SSLight examines certificates based on a feature set, denoted as $\mathbb{F}$, which includes a sequence of attribute dependencies:

$$\begin{array}{l}\mathbb{F}=\{D(A_{J_x}^1|V_{K_y}^{J_y{I}_y})\},where,1<I_y\le N_{max},\\ A_{J_x}^1\in {\mathbb{A}}^1,A_{J_y}^{I_y}\in {\mathbb{A}}^{I_y},V_{K_y}^{J_y{I}_y}\in {\mathbb{V}}_{J_y}^{I_y}.\end{array}$$

(6)

Let $C_e^1$ where $C_e^1$ ∈ ℂ $C_e^1$ ∉ ℂ be a certificate under examination. If $\exists Pr\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}\in D(A_{J_x}^1|V(A_{J_y}^{I_y,e}))\in \mathbb{F}$ can be considered as a relatively small probability, SSLight regards $C_e^1$ as a fake certificate issued by $C_e^{I_y>1}\in ℂ$, which is a trusted CA that may be compromised. According to Proposition 3, even if $C_e^1\notin ℂ$, we may have $C_e^{I_y>1}\in \mathrm{\Gamma }(C_q^1)\in ℂ$. Note that browsers are assumed to not trust $C_e^{I_y>1}\notin ℂ$ in this paper.

However, the same value of $Pr\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}$ in different ${\mathbb{V}}_{J_x}^1$ represents different magnitudes, because $\Vert {\mathbb{V}}_{J_x}^1\Vert$ (i.e., the sizes of ${\mathbb{V}}_{J_x}^1$) are different. For example, given $Pr\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}=0.01$ if $\Vert {\mathbb{V}}_{J_x}^1\Vert =10,000$, this probability can be considered as large compared with $\frac{1}{\Vert {\mathbb{V}}_{J_x}^1\Vert }=0.0001$. However, if $\Vert {\mathbb{V}}_{J_x}^1\Vert =2$ the probability 0.01 is very small in comparison to $\frac{1}{\Vert {\mathbb{V}}_{J_x}^1\Vert }=0.5$.

To achieve a fair comparison among different ${\mathbb{V}}_{J_x}^1$, SSLight introduces a concept of relative probability, denoted as $Pr\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}$, which can be calculated as:

$$Pr\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}=Pr\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}\times \Vert {\mathbb{V}}_{J_x}^1\Vert .$$

(7)

As a result, the probabilities from different ${\mathbb{V}}_{J_x}^1$ can be equivalently compared in the form of relative probability. Back to the example $P\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}=0.01$, as we have $Pr\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}=100$ when $\Vert {\mathbb{V}}_{J_x}^1\Vert =10,000$ and $P\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}=0.02$ when $\Vert {\mathbb{V}}_{J_x}^1\Vert =2$, this probability can be considered as relatively large when $\Vert {\mathbb{V}}_{J_x}^1\Vert =10,000$, but relatively small in the case $\Vert {\mathbb{V}}_{J_x}^1\Vert =2$.

With the help of the relative probability, SSLight is implemented in Algorithm 1. In this detection algorithm, P_th ≥ 0 is a relative probability threshold, and $\Vert {\mathbb{P}}_{th}^{-}\Vert$ represents the number of probabilities whose relative probabilities are no larger than P_th. If $\exists P\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}\in D(A_{J_x}^1|V(A_{J_y}^{I_y,e}))\in \mathbb{F}$, $Pr\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}\le P_{th}$, (i.e., $\Vert {\mathbb{P}}_{th}^{-}\Vert >0$), $C_e^1$ can be regarded as a fake certificate issued from $C_e^{I_y>1}$. Otherwise, $C_e^1$ is a legitimate one.

4.2.2. Attack Range Reduction

Assume $C_e^{I_y>1}$ is compromised and can be used to issue fake certificate $C_e^1$. When SSLight is disabled, $C_e^{I_y>1}$ can assign any possible values to any attributes in $C_e^1$ without causing $C_e^1$ to be detected, such that, $\forall A_{J_x}^1\in {\mathbb{A}}^1,V(A_{J_x}^{1,e})=V_k^{J_x,1},\forall V_k^{J_x,1}\in {\mathbb{V}}_{J_x}^1$. As a result, there are ${\displaystyle {\prod }_{A_{J_x}^1\in {\mathbb{A}}^1}\Vert {\mathbb{V}}_{J_x}^1\Vert }$ possible value combinations that $C_e^{I_y>1}$ can assign to $C_e^1$’s attributes. The number of possible value combinations, ${\displaystyle {\prod }_{A_{J_x}^1\in {\mathbb{A}}^1}\Vert {\mathbb{V}}_{J_x}^1\Vert }$ is defined as $C_e^{I_y>1}$’s attack range, which reflects $C_e^{I_y>1}$’s capability for issuing fake certificates. SSLight can help limit $C_e^{I_y>1}$’s attack range, because a number of values in attribute $A_{J_x}^{1,e}$ may cause $P\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}\le P_{th}$, thus making them unable to be assigned.

Algorithm 1:. Whether $C_e^1$ is a fake certificate from $C_e^{I_y>1}$.

Input: $C_e^1$ and $C_e^{I_y>1}$

1: $\Vert {\mathbb{P}}_{th}^{-}\Vert \leftarrow 0$;

2: for all Jx, Jy, in $D(A_{J_x}^1|V(A_{J_y}^{I_y,e})\in \mathbb{F}$ do

3:  if$P\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}\le P_{th}$ then

4:    $\Vert {\mathbb{P}}_{th}^{-}\Vert \leftarrow \Vert {\mathbb{P}}_{th}^{-}\Vert +1$;

5:  end if

6: end for

7: if$\Vert {\mathbb{P}}_{th}^{-}\Vert >0$ then

8:  return$C_e^1$ is a fake certificate issued by $C_e^{I_y>1}$;

9: else

10:  return$C_e^1$ is a legitimate one issued by $C_e^{I_y>1}$;

11: end if

Algorithm 1:. Whether $C_e^1$ is a fake certificate from $C_e^{I_y>1}$.

Input: $C_e^1$ and $C_e^{I_y>1}$

1: $\Vert {\mathbb{P}}_{th}^{-}\Vert \leftarrow 0$;

2: for all Jx, Jy, in $D(A_{J_x}^1|V(A_{J_y}^{I_y,e})\in \mathbb{F}$ do

3:  if$P\{V(A_{J_x}^{1,e})|V(A_{J_y}^{I_y,e})\}\le P_{th}$ then

4:    $\Vert {\mathbb{P}}_{th}^{-}\Vert \leftarrow \Vert {\mathbb{P}}_{th}^{-}\Vert +1$;

5:  end if

6: end for

7: if$\Vert {\mathbb{P}}_{th}^{-}\Vert >0$ then

8:  return$C_e^1$ is a fake certificate issued by $C_e^{I_y>1}$;

9: else

10:  return$C_e^1$ is a legitimate one issued by $C_e^{I_y>1}$;

11: end if

In the case that if SSLight employs only one attribute dependency $D(A_{J_x}^1|V(A_{J_y}^{I_y,e}))\in \mathbb{F}$ to detect fake certificates issued from $C_e^{I_y>1}$, ${\mathbb{V}}_{J_x}^{I_x}$ can be divided into two subsets as ${\mathbb{V}}_{J_x}^1={\mathbb{V}}_{J_x}^{1+}(P_{th},A_{J_y}^{I_y,e})+{\mathbb{V}}_{J_x}^{1-}(P_{th},A_{J_y}^{I_y,e})$ where:

$$\begin{array}{l}{\mathbb{V}}_{J_x}^{1+}(P_{th},A_{J_y}^{I_y,e})=\{\forall V_k^{J_x,1}\in {\mathbb{V}}_{J_x}^1,P\{V_k^{J_x,1}|V(A_{J_y}^{I_y,e})\}>P_{th}\},\\ {\mathbb{V}}_{J_x}^{1-}(P_{th},A_{J_y}^{I_y,e})=\{\forall V_k^{J_x,1}\in {\mathbb{V}}_{J_x}^1,P\{V_k^{J_x,1}|V(A_{J_y}^{I_y,e})\}\le P_{th}\}.\end{array}$$

(8)

As a result, the single attribute dependency $D(A_{J_x}^1|V(A_{J_y}^{I_y,e}))$ can help reduce $C_e^{I_y>1}$’s attack range, which is restricted to $A_{J_x}^1$ and specified by $V(A_{J_y}^{I_y,e})$, from $\Vert {\mathbb{V}}_{J_x}^1\Vert$ to $\Vert {\mathbb{V}}_{J_x}^{1+}(P_{th},A_{J_y}^{I_y,e})\Vert$. We define an attack range reduction factor, $R(P_{th},D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$, to represent this kind of attack range reduction as:

$$R(P_{th},D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=\frac{\Vert {\mathbb{V}}_{J_x}^1\Vert }{\Vert {\mathbb{V}}_{J_x}^{1+}(P_{th},A_{J_y}^{I_y,e})\Vert },$$

(9)

A larger $R(P_{th},D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ leads to a better detection capability obtained by the attribute dependency $D(A_{J_x}^1|V(A_{J_y}^{I_y,e}))$. Corollary 1, which is proven in Appendix 1.9, shows the upper bound and lower bound of $R(P_{th},D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$.

Corollary 1. The attack range reduction factor satisfies$1\le R(P_{th},D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))\le \infty$. In particular, $1\le R(P_{th}<1,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))\le \Vert {\mathbb{V}}_{J_x}^1\Vert$.

When considering all of the attribute dependencies in $\mathbb{F}$, SSLight abates $C_e^{I_y>1}$’s attack range from ${\displaystyle {\prod }_{A_{J_x}^1\in {\mathbb{A}}^1}\Vert {\mathbb{V}}_{J_x}^1\Vert }$ to ${\displaystyle {\prod }_{A_{J_x}^1\in {\mathbb{A}}^1}\Vert {\cap }_{A_{J_y}^{I_y}\in {\mathbb{A}}^{I_y}}{\mathbb{V}}_{J_x}^{1+}(P_{th},A_{J_y}^{I_y,e})\Vert }$. We thus use an attack range reduction power, $R*(P_{th},C_e^{I_y>1})$, to measure the detection capability obtained by SSLight as:

$$R*(P_{th},C_e^{I_y>1})={\displaystyle \prod _{A_{J_x}^1\in {\mathbb{A}}^1}\frac{\Vert {\mathbb{V}}_{J_x}^1\Vert }{\Vert \underset{A_{J_x}^{I_y}\in {\mathbb{A}}^{I_y}}{\cap }{\mathbb{V}}_{J_x}^{1+}(P_{th},A_{J_y}^{I_y,e})\Vert }}.$$

(10)

Based on Equation (10), we have Corollaries 2 and 3, which are proven in Appendixes 1.10 and 1.11, respectively.

Corollary 2. The attack range reduction power satisfies$1\le R*(P_{th},C_e^{I_y>1})\le \infty$ In particular, $1\le R*(P_{th}=0,C_e^{I_y>1})\le {\displaystyle \prod _{A_{J_x}^1\in {\mathbb{A}}^1}\Vert {\mathbb{V}}_{J_x}^1\Vert }$.

Corollary 3. Even if$\forall A_{J_x}^{I_y}\in {\mathbb{A}}^{I_y}$, $\forall A_{J_x}^{I_y}\in {\mathbb{A}}^{I_y}$, $R(P_{th},D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))\ne \infty$ we may still have$R*(P_{th}>0,C_e^{I_y>1})=\infty$.

4.2.3. False Positive

According to Equations (8) and (9), a single attribute dependency $D(A_{J_x}^1|V(A_{J_y}^{I_y,e}))$ can achieve a larger reduction factor with a larger P_th. However, this larger P_th consequently causes a larger false positive, which is the ratio of legitimate certificates that are wrongly regarded as fake certificates in the legitimate sample set ℂ. The false positive with respect to the single attribute dependency $D(A_{J_x}^1|V(A_{J_y}^{I_y,e}))$ can be calculated as:

$$E(P_{th},D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))={\displaystyle \sum _{V_k^{J_x,1}\in {\mathbb{V}}_{J_x}^{1-}(P_{th},A_{J_y}^{I_y,e})}Pr\{V_k^{J_x,1}|V(A_{J_y}^{I_y,e})\}}.$$

(11)

where $0\le E(P_{th},D(A_{J_x}^1|V(A_{j_y}^{I_y,e})))\le 1$. As defined in Equation (8), $\forall V_k^{J_y,1}\in {\mathbb{V}}_{J_x}^{1-}(P_{th},A_{J_y}^{I_y,e})$ will cause SSLight with the single attribute dependency $D(A_{J_x}^1|V(A_{j_y}^{I_y,e}))$ to regard the examined certificate as a fake one; thus, their corresponding probabilities contribute to the false positive. As a larger P_th leads to a larger $\Vert {\mathbb{V}}_{J_x}^{1-}(P_{th},A_{J_y}^{I_y,e})\Vert$ the false positive $E(P_{th},D(A_{J_x}^1|V(A_{j_y}^{I_y,e})))$, can be increased when P_th grows.

For SSLight with feature set $\mathbb{F}$, its false positive caused by $C_e^{I_y>1}$ can be computed as follows.

$$\begin{array}{l}E*(P_{th},C_e^{I_y>1})=\frac{\Vert \underset{A_{J_y}^{I_y}\in {\mathbb{A}}^{I_y}}{\cap }\underset{A_{J_x}^1\in {\mathbb{A}}^1}{\cup }({ℂ}_{J_x}^{-}\cap ℂ(I_y,J_y,k^{\prime }))\Vert }{\Vert \underset{A_{J_x}^{I_y}\in {\mathbb{A}}^{I_y}}{\cap }ℂ(I_y,J_y,k^{\prime })\Vert },\\ whereV(A_{J_y}^{I_y,e})=V_{k^{\prime }}^{J_x,I_x},{ℂ}_{J_x}^{-}=\underset{V_{k^{\prime }}^{J_x,1}\in {\mathbb{V}}_{J_x}^{1-}(P_{th},A_{J_y}^{I_y,e})}{\cup }ℂ(1,J_x,k)\end{array}$$

(12)

${ℂ}_{J_x}^{-}$ includes the legitimate samples, which are falsely regarded as fake in ℂ when the $D(A_{J_x}^1|V(A_{J_y}^{I_y,e}))$ is used for the detection. The operator ${\cup }_{A_{J_x}^1\in {\mathbb{A}}^1}$ is used to unify the samples that are wrongly detected, and the operator ${\cap }_{A_{J_x}^1\in {\mathbb{A}}^1}$ helps select samples that are issued from $C_e^{I_y>1}$. Note that both of the two false positive definitions, Equations (11) and (12), have not taken legitimate certificates outside the legitimate sample set $ℂ,C_e^1\notin ℂ$, into consideration.

According to Equations (8)–(12), we conclude Corollaries 4–6, which can guide SSLight to choose appropriate P_th to balance attack range reduction and false positives. Their proofs are detailed in Appendixes 1.7–1.12.

Corollary 4. When P_th = 0, for$\forall D(A_{J_x}^1|V(A_{J_y}^{I_y,e}))\in \mathbb{F}$, $E(0,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=0$ and$R*(0,C_e^{I_y>1})=0$.

Corollary 5.$R(P_{th}\ge 1,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=\infty \iff E(P_{th}\ge 1,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=1$.

Corollary 6.$R*(P_{th}\ge 1,C_e^{I_y>1})=\infty \Rightarrow E*(P_{th}\ge 1,C_e^{I_y>1})=1$ but$E*(P_{th}\ge 1,C_e^{I_y>1})=1\nRightarrow R*(P_{th}\ge 1,C_e^{I_y>1})=\infty$.

4.3. Theoretical Analysis

According to Equation (5), we calculate attribute dependencies between attributes as conditional probability distributions based on a training set of legitimate certificates. As a result, SSLight’s detection capability, in terms of the attack range reduction and false positives, mainly depends on the prior distributions among legitimate samples in the training set. For example, assuming $C_e^{I_y>1}$ is a compromised CA, when SSLight employs P_th = 1 and $D(A_{J_x}^1|V(A_{J_y}^{I_y,e})$ with $\Vert {\mathbb{V}}_{J_x}^1\Vert =2$ to perform the detection, the case that $Pr\{V_1^{J_x,1}|V(A_{J_y}^{I_y,e})\}=1$ and $Pr\{V_1^{J_x,1}|V(A_{J_y}^{I_y,e})\}=0$ consequently results in $R(1,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=2$ and $E(1,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=0$. However, if the prior distribution is $Pr\{V_1^{J_x,1}|V(A_{J_y}^{I_y,e})\}=Pr\{V_2^{J_x,1}|V(A_{J_y}^{I_y,e})\}=0.5$, the reduction factor $R(1,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=\infty$ with the false positive $E(1,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=1$ is achieved.

To assess the impacts on the detection capability caused by the corresponding prior distribution in each attribute dependency $D(A_{J_x}^1|V(A_{J_y}^{I_y,e}))$, we propose an evaluation function.

We propose to use a metric, $\varphi (P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$, to quantify the impacts on the detection capability and false positives caused by the legitimate distribution. Given P_th and $\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e}))$, for the compromised CA $C_e^{I_y>1}$, $\varphi (P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ can be computed as:

$$\varphi (P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))={\displaystyle \sum _{V_k^{J_x}\in {\mathbb{V}}_{J_x}}|Pr\{V_k^{J_x,1}|V(A_{J_y}^{I_y,e})\}-\frac{P_{th}}{\Vert {\mathbb{V}}_{J_x}\Vert }|}.$$

(13)

where $|Pr\{V_k^{J_x,1}|V(A_{J_y}^{I_y,e})\}-\frac{P_{th}}{\Vert {\mathbb{V}}_{J_x}\Vert }|$ is the absolute value of $|Pr\{V_k^{J_x,1}|V(A_{J_y}^{I_y,e})\}-\frac{P_{th}}{\Vert {\mathbb{V}}_{J_x}\Vert }|$.

Proposition 3. The metrics$\varphi (P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ represent the underlying detection capability and false positives, as:

$$\varphi (P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=-2\times E(P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))-\frac{2\times P_{th}}{R(P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))}+1+P_{th.}$$

According to Proposition 3, a better detection capability and a lower false positive cause a larger metric $\varphi (P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$. Thus, the metric is able to guide SSLight’s feature selection. The attribute dependencies with larger $\varphi (P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ receive a higher priority to be chosen. Based on Proposition 3, we have three corollaries as follows.

Corollary 7. The metric$\varphi (P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ satisfies$0\le \varphi (P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))\le 1+P_{th}-\frac{2\times P_{th}}{\Vert {\mathbb{V}}_{J_x}^1\Vert }$

Corollary 8. When P_th = 0, $E^{\mathbb{F}}(P_{th},C_e^{I_y>1})\equiv 0$ and$\forall \mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})\in \mathbb{F}$, $E(0,\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))\equiv 0$.

Corollary 9. When P_th = 1, the metric satisfies$0\le \varphi (P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))\le \frac{2\times (\Vert {\mathbb{V}}_{J_x}\Vert -1)}{\Vert {\mathbb{V}}_{J_x}\Vert }$. In particular, the lower bound zero is obtained if$\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e}))$ follows the uniform distribution. Additionally, the upper bound$\frac{2\times (\Vert {\mathbb{V}}_{J_x}\Vert -1)}{\Vert {\mathbb{V}}_{J_x}\Vert }$ is received if a certain value of$A_{J_x}^1$ occupies the probability one.

Corollary 7 gives the theoretical upper bound and lower bound of the metrics. $\varphi (P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=0$indicates that the legitimate distribution of attribute dependency $\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e}))$ is inadequate to perform the detection when the threshold is P_th. $\varphi (P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=1-P_{th}-\frac{2\times P_{th}}{\Vert {\mathbb{V}}_{J_x}\Vert }$, on the other hand, represents that the legitimate distribution can achieve the best detection capability with the lowest false positive when the threshold is P_th. In particular, Corollary 8 elaborates on the special case for P_th = 0, in which the false positive identically equals zero for any distributions of the attribute dependency. However, in this case, we have $\varphi (0,\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))\equiv 1$, as well; the metric thus loses the functionality to measure the detection capability in terms of the attack range reduction factor. As the false positive is fixed at zero, we can use $R(0,\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ instead of $\varphi (0,\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ to guide the feature selection if P_th = 0.

Corollary 9 instantiates the metric’s upper bound and lower bound when P_th = 1, which allows SSLight to regard $C_e^1$ as a fake one if $\exists Pr\{V_1^{J_x,1}|V(A_{J_y}^{I_y,e})\}\le \frac{1}{\Vert {\mathbb{V}}_{J_x}\Vert }$. $\frac{1}{\Vert {\mathbb{V}}_{J_x}\Vert }$ is the probability representing the uniform distribution. In this case, the attribute dependency with a uniform distribution is not suitable for the detection, because it causes the highest false positive, $E(P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=1$. By contrast, if a certain value of $A_{J_x}^1$ receives the probability one in an attribute dependency $\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e}))$, the best detection capability, $R(P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=\Vert {\mathbb{V}}_{J_x}\Vert$, and the lowest false positive, $E(P_{th},\mathbb{D}(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=0$, are both achieved.

The proof of Proposition 3 and Corollaries 7–9 are detailed in Appendixes 1.9–1.12, respectively.

5. Evaluation

In this section, we first explain the experiment setup, which includes the legitimate sample set and feature set used in SSLight. Based on that, we evaluate each single attribute dependency’s detection capability in terms of its attack range reduction factor and false positive in different P_th. SSLight thus selects appropriate attribute dependencies in accordance with the feature evaluation results to achieve a large attack range reduction power with a low false positive. SSLight is consequently implemented as a Firefox add-on and used to expose real-world fake certificates with a 100% accuracy.

5.1. Experiment Setup

The SSL Observatory project [6] has conducted a thorough scan on all allocated IPv4 space in the default port of HTTPS (i.e., 443) and receives 1, 455, 391 valid certificates in its dataset [22]. We further select the web server certificates whose attribute CA is FALSE and trace their corresponding certification paths. Finally, we obtain 830, 306 such samples, which have been employed by SSLight as the legitimate sample set ℂ in this paper. In this set, the depth of the longest certification path is limited to 5 (i.e., I_y ≤ N_max = 5) because we observe that less than 4% of certification paths are longer than 5 in legitimate samples. More precisely, we have 100%, 83.2%, 67.3% and 3.02% of the 830, 306 samples whose I_y = 2, 3, 4 and 5, respectively.

According to RFC5280 [2] and X.520 [17], X.509 certificates have more than 120 attribute definitions, which includes around 60 Subject attributes. However, many of these attributes may not be appropriate in the design of SSLight, because they cannot provide useful information for the detection. An example is the attribute CA. $\forall C_e^1$ have CA=FALSE, and $\forall C_e^{I_y>1}$ have CA=TRUE. As a result, the attribute CA has a deterministic, but undistinguished, value in both legitimate and fake certificates. As another example, the value of attribute Signature is unique in different certificates and will be changed even when the certificate is updated. Thus, this attribute loses its functionality to provide information to distinguish the legitimate and fake certificates. As shown in

Table 1. Considered attributes $A_{J_x}^1\in {\mathbb{A}}^1$ and $A_{J_y}^{I_y>1}\in {\mathbb{A}}^{I_y>1}$.

$A_{J_x}^1$	$A_{J_y}^{I_y>1}$	Name	Abbreviation	$\Vert {\mathbb{V}}_{J_x}^1\Vert$
N/A	$A_1^{I_y>1}$	CommonName	CN	N/A
$A_1^1$	$A_2^{I_y>1}$	Country	C	211
$A_2^1$	$A_3^{I_y>1}$	Description	DC	8
$A_3^1$	$A_4^{I_y>1}$	Locality	L	27, 947
$A_4^1$	$A_5^{I_y>1}$	StateOrProvince	ST	7020
$A_5^1$	$A_6^{I_y>1}$	Organization	O	628, 401
$A_6^1$	$A_7^{I_y>1}$	OrganizationUnit	OU	38, 606
$A_7^1$	$A_8^{I_y>1}$	PublicKeyAlgorithm	N/A	2
$A_8^1$	N/A	KeyLength	N/A	57

, we choose 8 appropriate attributes in ${\mathbb{A}}^1$ and ${\mathbb{A}}^{I_y>1}$, respectively. For any $C_e^{I_y>1}$, we thus have 64 attribute dependencies $D(A_{J_x}^1|V(A_{J_y}^{I_y,e})\in \mathbb{F}$ in SSLight. For $\forall A_{J_x}^1\in {\mathbb{A}}^1,\Vert {\mathbb{V}}_{J_x}\Vert$ is the size $A_{J_x}^1$’s value set. In this paper, we calculate $\Vert {\mathbb{V}}_{J_x}\Vert$ as the nimber of distinct value appearing in $A_{J_x}^1$ among ℂ $\Vert {\mathbb{V}}_{J_x}\Vert$’s calculation include the value Empty.

5.2. Feature Evaluation

In order to evaluate the detection capability for each $D(A_{J_x}^1|V(A_{J_y}^{I_y,e})\in \mathbb{F}$, we conduct extensive analysis for their attack range reduction factor $R(P_{th},D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ and the corresponding false positive $E(P_{th},D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ when P_th = 0 and P_th = 1, respectively. According to Corollary 1, when P_th = 0 < 1, the attack range reduction factor satisfies $1\le R(0,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))\le \Vert {\mathbb{V}}_{J_x}\Vert$. In this case, $D(A_{J_x}^1|V(A_{J_y}^{I_y,e}))$ has different reduction factor upper bounds for different $A_{J_x}^1$. Figure 4a–h illustrates $R(P_{th},D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$’s CDF plots for different I_y > 1. It can be seen that the attack range specified by $V(A_{J_x}^{I_y>1,e})$ in a smaller I_y always receives a larger reduction. For $\forall D(A_{J_x}^1|V(A_{J_y}^{I_y,e})\in \mathbb{F}$, at least 30% of $V(A_{J_x}^{I_y>1,e})$s’ attack range is reduced to 1, which indicates the upper bound of reduction factor $R(0,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=\Vert {\mathbb{V}}_{J_x}\Vert$. However, only less than 10% of $V(A_{J_x}^{I_y=5,e})$s’ attack range can be decreased to 1. Particularly, this percentage is further dropped to 0% when $A_5^{I_x=1}$=Organization and $A_6^{I_x=1}$=OrganizationUnit. In Figure 4i, we also show the average reduction factor over all of the available attributes in the certificates that we have in our dataset. All of these results demonstrate that the single attribute dependency has a better capability to detect false certificates issued from $C_e^{I_y>1}$ with a smaller I_y.

When the P_th is increased from 0 to 0.5 and eventually to 1, the reduction factor will be increased at the sacrifice of enlarging false positives. As can be seen in Figure 5a–i, all of the $R(P_{th}=1,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ for $\forall D(A_{J_x}^1|V(A_{J_y}^{I_y,e})\in \mathbb{F}$ are no smaller than $R(P_{th}=0,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$. Figure 6a–i, on the other hand, demonstrates that the corresponding false positives in P_th = 1 are no smaller than that in P_th = 0. In accordance with Corollary 4, the false positive remains 0 when P_th = 0 (i.e., E(P_th = 0, $E(P_{th}=0,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))=0)$in our experiments. When P_th = 1 and $\begin{array}{l}{A}_5^{I_x=1}\\ \end{array}$ ≠ Organization, all of the false positives are less than 0.2. These small false positives help increase the reduction factors in P_th = 1 to a little bit larger than that in P_th = 0. The case $A_5^{I_x=1}$ =Organization with P_th = 1 introduces 4 false positives larger than 0.7, but the corresponding reduction factor shows nearly no increase in Figure 5e. Note that, although $R(P_{th},D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ can reach ∞, as explained in Corollary 1, we have not observed ∞ when P_th = 1 in our experiments. Moreover, we show the reduction factor and false positive for the results over all available attributes in the certificates in Figures 5i and 6i. As can be seen, more than a 50% reduction factor is larger than 10⁴, and less than 5% suffers from a false positive larger than 0.1. It is worth noting that, when we apply SSLight to real-world scenarios, any one abnormal attribute dependency can expose the fake certificates. As a result, the actual detection capability is much better than that we show through the mean value.

5.3. SSLight Evaluation

When SSLight employs $\forall D(A_{J_x}^1|V(A_{J_y}^{I_y,e})\in \mathbb{F}$ for the detection, the attack range reduction power $R*(P_{th},C_e^{I_y>1})$ and false positive $E*(P_{th},C_e^{I_y>1})$ can be used to measure its capability for exposing false certificates issued from $C_e^{I_y>1}$. Figure 7a,b shows the CDF of $R*(P_{th},C_e^{I_y>1})$ and $E*(P_{th},C_e^{I_y>1})$ respectively. When P_th = 1, SSLight obtains more than 40% of $R*(P_{th}=1,C_e^{I_y>1})=\infty$, in which ∞ is the upper bound of $R*(P_{th},C_e^{I_y>1})$ when P_th > 0, according to Corollaries 2 and 3. When P_th = 0, no more than 20% of $R*(P_{th}=0,C_e^{I_y>1})$ reaches ${\displaystyle \prod _{A_{J_x}^1\in {\mathbb{A}}^1}\Vert {\mathbb{V}}_{J_x}\Vert \approx 8.2\times {10}^{23}}$ the upper bound of the reduction power when P_th = 0. In accordance with Corollary 4, the false positive $E*(P_{th}=0,C_e^{I_y>1})$ remains 0. Moreover, we observe that at least ${\displaystyle \prod _{A_{J_x}^1\in {\mathbb{A}}^1}\Vert {\mathbb{V}}_{J_x}\Vert -\frac{{\displaystyle \prod _{A_{J_x}^1\in {\mathbb{A}}^1}\Vert {\mathbb{V}}_{J_x}^1\Vert }}{R*(P_{th}=0,C_e^{I_y>1})}=8.2\times ({10}^{23}-{10}^{18})}$ fake certificates issued from $C_e^{I_y>1}$ can be detected. As a result, SSLight is shown to be able to expose the vast majority of fake certificates issued from trusted, but compromised CAs with 0 false positives.

Although $R*(P_{th}=1,C_e^{I_y>1})$ obtains at least 10⁵ times larger than $R*(P_{th}=1,C_e^{I_y>1})$, more than 42% of false positives $E*(P_{th}=1,C_e^{I_y>1})=1$. $E*(P_{th}=1,C_e^{I_y>1})=1$ is not acceptable, because SSLight will wrongly regard $\forall C_e^{I_y>1}\in ℂ$ as fake certificates. However, as shown in Figure 6, more than 95% $E(P_{th}=1,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ is 0. We thus observe that the combination of a small number of features with small positives may cause a large positive in SSLight. To mitigate this impact, SSLight uses a false positive threshold to filter some of the features whose $E(P_{th}=1,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ is larger than that threshold. As shown in Figure 7, when we exclude features when the threshold of $E(P_{th}=1,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))$ is decreased from 0.15 down to 0, the probability of $E*(P_{th}=1,C_e^{I_y>1})=1$ is dropped from more than 42% down to 0%, as well. In this case, the corresponding $R*(P_{th}=1,C_e^{I_y>1})$ is also decreased to the same as $R*(P_{th}=0,C_e^{I_y>1})$. This feature exclusion process shows how the single feature’s false positive affects SSLight’s false positive. Appendix 1.8 lists the excluded features whose $E(P_{th}=1,D(A_{J_x}^1|V(A_{J_y}^{I_y,e})))>0.15$.

5.4. Firefox Add-On and Real-World Examples

In this paper, SSLight is implemented as a Firefox add-on to help Firefox detect fake certificates issued from the compromised CAs in HTTPS connections. In this implementation, a “http-on-examine-response” event is added to observe all of the HTTP responses, and the interface nsIHttpChannel is used to access the HTTP channels. If nsIHttpChannel.securityInfo indicates STATE_IS_SECURE, the channel is realized as an HTTPS connection. The add-on thus accesses interfaces nsISSLStatusProvider and nsISSLStatus and obtains the X.509 certificate $C_e^1$ in the channel by calling nsISSLStatus.serverCert. Thus, for $\forall A_{J_x}^1\in {\mathbb{A}}^1$ and $\forall A_{J_x}^{I_y>1}\in {\mathbb{A}}^{I_y>1}$, the corresponding $Pr\{V(A_{J_y}^{1,e})|V(A_{J_y}^{I_y,e})\}$ can be queried from an SQLite file, which includes the prior distribution for $\forall D(A_{J_x}^1|V(A_{J_y}^{I_y,e}))\in \mathbb{F}$ calculated using the legitimate sample set presented in Section 5.1. SQLite is a lightweight database that can be used by a Firefox add-on.

As a real-world example, we use the Firefox add-on to examine real-world fake certificates issued from DigiNotar and Comodo. As reported in the Pastebin Blog [23], a DigiNotar CA (CommonName = DigiNotar Public CA 2025) has issued a fake certificate to *.google.com. Similarly, Comodo Fraud Incident [24] announces that the Comodo CA has been intruded and issued nine fake certificates across seven different domains, including www/mail.google.com, *.add-ons.mozilla.com, login.live.com, login.yahoo.com, *.skype.com and global trustee. As we cannot obtain the real cases of these fake certificates, we set up two private CAs to impersonate DigiNotar and Comodo, which have been detailed in Section 3. As DigiNotar Public CA 2025 is only an intermediate CA and not trusted by browsers, including Firefox, IE and Chrome, in default, we let our private DigiNotar CA mimic its root CA, DigiNotar Root CA, instead.

We exclude the fake certificate of global trustee in this evaluation because the global trustee does not correspond to a website. As the three fake login.yahoo.com certificates are distinguished as they have different Serial Number, which is not an attribute considered by SSLight in this paper, we regard them as the same fake certificate. As a result, we have seven real-world fake certificates for evaluation: one is from DigiNotar, and the other six are issued by Comodo. To extend the real-world evaluation, we just use both DigiNotar and Comodo to issue all seven fake certificates. Moreover, as compromised CAs can arbitrarily issue fake intermediate CAs to change their position in the certification path, DigiNotar and Comodo can stay at $\forall I_y\le \Vert \mathrm{\Gamma }(C_e^1)\Vert$ to issue $C_e^1$.

In Figure 8, SSLight examines certificates when a user accesses https://mail.google.com in Firefox. In this case, P_th is set to zero to mitigate false positives, and only $\forall D(A_{J_x}^1|V(A_{J_y}^{I_y=2,e}))\in \mathbb{F}$ are used. As can be seen in Figure 8a, the legitimate certificate is accepted by SSLight, and the smallest $Pr\{V_{J_x}^{1,e}|V(A_{J_y}^{I_y=2,e})\}$ equals 4.82×10⁻⁶, in which $A_{J_x}^{1,e}$ is $A_5^{1,e}$=Organization with the value Google Inc and $A_{J_x}^{I_y,e}$ is $A_3^{2,e}$=Description with the value Empty. Figure 8b, in contrast, demonstrates that SSLight successfully detects the fake mail.google.com certificate issued from Comodo. $\Vert {\mathbb{P}}_{th}^{-}\Vert =14>0$, indicating that 14 probabilities’ relative values are no larger than P_th = 0, helping SSLight to expose this fake certificate.

Table 2. Detection results for 7 discovered fake certificates [23,24] from DigiNotar and Comodo in SSLight with P_th = 0, P_th = 0.5 and P_th = 1 (the three different P_th lead to the same result). Domain name (DN): ➀, */www/mail.google.com, ➁, *.add-ons.mozilla.com, ➂, login.live.com, ➃, login.yahoo.com, ➄, *.skype.com.

DN	$C_e^1$	$\Vert \mathrm{\Gamma }(C_e^1)\Vert$	CA	Iy	$\Vert {\mathbb{P}}_{th}^{-}\Vert$	Result	CA	Iy	$\Vert {\mathbb{P}}_{th}^{-}\Vert$	Result	CA	Iy	$\Vert {\mathbb{P}}_{th}^{-}\Vert$	Result
➀	$C_{1,2,3}^1$	3		2	0	Legitimate		2	16	Fake!		2	14	Fake!
				3	0	Legitimate		3	18	Fake!		3	6	Fake!
➁	$C_4^1$	3		2	0	Legitimate		2	17	Fake!		2	13	Fake!
				3	0	Legitimate		3	18	Fake!		3	5	Fake!
➂	$C_5^1$	3		2	0	Legitimate		2	18	Fake!		2	11	Fake!
			Legitimate	3	0	Legitimate	DigiNotar	3	19	Fake!	Comodo	3	6	Fake!
➃	$C_6^1$	4		2	0	Legitimate		2	18	Fake!		2	14	Fake!
				3	0	Legitimate		3	19	Fake!		3	6	Fake!
				4	0	Legitimate		4	24	Fake!		4	44	Fake!
➄	$C_7^1$	3		2	32	Fake!		2	24	Fake!		2	16	Fake!
				3	18	Fake!		3	24	Fake!		3	13	Fake!

lists the detection results for the seven real-world examples, including their legitimate and fake certificates. As can be seen, SSLight exposes the fake certificates from both DigiNotar and Comodo with 100% accuracy. However, false alarms occur when SSLight examines the legitimate certificates of *.skype.com. The root cause of this false alarm is that some of the legitimate attribute dependencies do not exist in the sample set. As a result, SSLight is encouraged to use a more comprehensive legitimate sample set to mitigate such an issue. Note that this result does not conflict with Corollary 4, because the legitimate certificate of *.skype.com is not included in our legitimate sample set, $C_7^1\notin ℂ$.

6. Discussion

Although we have demonstrated the effectiveness of SSLight through a rich set of experiments with real-world datasets, we still acknowledge some limitations of SSLight in practice.

First, SSLight is a data-drive solution for fake certificate detection. Its detection capability largely relies on the quality of the dataset that is used to train the SSLight. If the training set contains inaccurate or even incorrect information, the effectiveness of SSLight may not be ensured. To overcome this challenge and to fetch a high-quality dataset for SSLight training, we propose a globally-distributed certificate hunter. The basic idea is to deploy a number of machines around the world. Each machine will run ZMap [25], which can scan the entire IPv4 space within 49 minutes, to collect certificates from all of the potential HTTPS services on the Internet. We then follow the idea of Perspectives [12] and consider that a certificate is valid if it belongs to the majority copies. In this way, we can mitigate the possibility of getting fake certificates in the training set.

Second, despite SSLight being an off-line approach, it may involve on-line activities for the downloaded and updated dataset. These on-line activities will introduce the risk of the dataset being corrupted. To avoid this risk, we can deploy a trusted third party. SSLight can only download and update its dataset from such a third party after necessary authentication. In this way, we should ensure the security of the trusted third party. Otherwise, SSLight will be avoided.

Third, we show the effectiveness of SSLight using a measure of the reduction factor, rather than the detection rate. We do this because the reduction factor can show the detection capability in a complete manner. That is, if we use the detection rate directly (just as the results we show in Table 2), we must focus on a subset of fake certificates and legitimate ones. This subset cannot represent how the fake certificates and legitimate ones are distributed well and, therefore, can only show the effectiveness of SSLight for specific cases. Unlike that, if we choose reduction factor, we can show the detection capability in general. It will not be affected by the specific cases we use and can show all of the possibilities of the fake certificates that SSLight can detect.

Fourth, in this paper, we focus on the evaluation of SSLight using the dataset [22], which is the first complete dataset released to the public and may contain the minimized fake certificates inside, because it is crawled immediately after the hacker’s behavior has been detected. In this dataset, the hacker’s impact is restricted, and the dataset contains minimized incorrect information. Therefore, this dataset is the most appropriate one that shows the effectiveness of SSLight in a fair manner. Despite that, we will also investigate the effectiveness of SSLight using other datasets, such as https://wiki.mozilla.org/CA:Problematic_Practices, https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ and https://www.linshunghuang.com/papers/mitm.pdf, in our future work. This further investigation can help to demonstrate the status of SSLight in worse cases.

7. Related Work

Trust is widely used to secure information networks in various research fields. Successful applications include mobile ad hoc networks [26], wireless sensor networks [27], social networks [28], multi-agent networks [29] and, the most recent, anonymity networks [30,31]. These successful applications confirm the effectiveness and necessity of trust for network security. This paper’s scope falls into the web systems. In the following, we will survey the related works that use trust or trust-like methods to avoid fake certificates in the web.

Perspective [12] is a pioneering work to identify fake certificates. To address the security vulnerability in the so-called trust-in-first-use authentication scheme, Perspective proposed to deploy a distributed system around the world to help browsers obtain a legitimate sample of certificates. The basic idea of this project is adopted by HTTPS Everywhere [13] and Google Certificate Catalog [14], both of which provide on-line services to help users detect fake certificates issued from compromised CAs. However, these solutions need additional network communications, thus making them vulnerable to being blocked or hijacked. Certified Lies [4], on the other hand, focuses on the fake certificates issued by a special group of compromised CAs, the CAs that are compelled by governments. Although its solution is lightweight and does not need on-line checking, it operates in an ad hoc manner to address a limited number of attack scenarios and requires human interaction. The Sovereign Keys Project [15] provides a systematical solution to eliminate this security threat. However, The Sovereign Keys system introduces a totally different architecture, thus making it hard to replace the existing infrastructure in a short time.

The collection of legitimate HTTPS certificates has been done in several projects. However, some of them only focus on a specific target. For example, Lee et al. [32] collected the legitimate samples to evaluate the certificates’ cryptographic strength, and Yilek et al. [33] just paid attention to an OpenSSL vulnerability in the Debian system. The SSL Observatory project [6,34,35], according to our knowledge, is the first thorough collection and analysis of legitimate certificates. This project scans all of the allocated IPv4 space with the 443 port. SSL Landscape [36], on the other hand, provides another thorough collection of legitimate samples, but it focuses on the survey of high ranked HTTPS web servers. Both of the datasets from SSL Observatory and SSL Landscape can be used as a legitimate sample set in SSLight.

As browsers always allow users to make the final decision about whether the certificates are trustworthy or not, attacks targeted at the human interface are usually launched to compromise HTTPS connections. Many mechanisms have been proposed to mitigate this threat. For example, SSLock [37] intelligently makes the final decision on behalf of users. Adelsbach et al. [38] and Xia et al. [39] improved the human interface to make users be clearly aware when suspicious certificates are detected by browsers.

8. Conclusions

In this paper, we have proposed SSLight, a novel fake certificate detection mechanism based on attribute dependency. SSLight is demonstrated to be able to detect fake certificates issued from trusted, but compromised, CAs with a relatively low false positive. In particular, SSLight shows its practicability to expose the real-world fake certificates issued by DigiNotar and Comodo. Although the design of SSLight is only for HTTPS applications, this attribute dependency-based detection method can be extended to other SSL-/TLS-based applications and protocols.