{"id":"https://openalex.org/W3172154247","doi":"https://doi.org/10.1145/3433210.3453100","title":"Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem","display_name":"Security Analysis on Practices of Certificate Authorities in the HTTPS Phishing Ecosystem","publication_year":2021,"publication_date":"2021-05-24","ids":{"openalex":"https://openalex.org/W3172154247","doi":"https://doi.org/10.1145/3433210.3453100","mag":"3172154247"},"language":"en","primary_location":{"id":"doi:10.1145/3433210.3453100","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3433210.3453100","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5025936242","display_name":"Doowon Kim","orcid":"https://orcid.org/0000-0002-9033-990X"},"institutions":[{"id":"https://openalex.org/I75027704","display_name":"University of Tennessee at Knoxville","ror":"https://ror.org/020f3ap87","country_code":"US","type":"education","lineage":["https://openalex.org/I75027704"]},{"id":"https://openalex.org/I2802706902","display_name":"Knoxville College","ror":"https://ror.org/02bxrp522","country_code":"US","type":"education","lineage":["https://openalex.org/I2802706902"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Doowon Kim","raw_affiliation_strings":["University of Tennessee, Knoxville, Knoxville, TN, USA"],"affiliations":[{"raw_affiliation_string":"University of Tennessee, Knoxville, Knoxville, TN, USA","institution_ids":["https://openalex.org/I2802706902","https://openalex.org/I75027704"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060286024","display_name":"Haehyun Cho","orcid":"https://orcid.org/0000-0002-5344-5252"},"institutions":[{"id":"https://openalex.org/I141371507","display_name":"Soongsil University","ror":"https://ror.org/017xnm587","country_code":"KR","type":"education","lineage":["https://openalex.org/I141371507"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Haehyun Cho","raw_affiliation_strings":["Soongsil University, Seoul, South Korea"],"affiliations":[{"raw_affiliation_string":"Soongsil University, Seoul, South Korea","institution_ids":["https://openalex.org/I141371507"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053834185","display_name":"Yonghwi Kwon","orcid":"https://orcid.org/0000-0002-0021-2850"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yonghwi Kwon","raw_affiliation_strings":["University of Virginia, Charlottesville, VA, USA"],"affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, VA, USA","institution_ids":["https://openalex.org/I51556381"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050806439","display_name":"Adam Doup\u00e9","orcid":"https://orcid.org/0000-0003-2634-3901"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adam Doup\u00e9","raw_affiliation_strings":["Arizona State University, Phoenix, AZ, USA"],"affiliations":[{"raw_affiliation_string":"Arizona State University, Phoenix, AZ, USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082893706","display_name":"Sooel Son","orcid":"https://orcid.org/0000-0003-0904-2875"},"institutions":[{"id":"https://openalex.org/I157485424","display_name":"Korea Advanced Institute of Science and Technology","ror":"https://ror.org/05apxxy63","country_code":"KR","type":"education","lineage":["https://openalex.org/I157485424"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Sooel Son","raw_affiliation_strings":["KAIST, Daejeon, South Korea"],"affiliations":[{"raw_affiliation_string":"KAIST, Daejeon, South Korea","institution_ids":["https://openalex.org/I157485424"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025770693","display_name":"Gail\u2010Joon Ahn","orcid":"https://orcid.org/0000-0002-4271-1666"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]},{"id":"https://openalex.org/I4210101778","display_name":"Samsung (United States)","ror":"https://ror.org/01bfbvm65","country_code":"US","type":"company","lineage":["https://openalex.org/I2250650973","https://openalex.org/I4210101778"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gail-Joon Ahn","raw_affiliation_strings":["Arizona State University &amp; Samsung Research, Phoenix, AZ, USA"],"affiliations":[{"raw_affiliation_string":"Arizona State University &amp; Samsung Research, Phoenix, AZ, USA","institution_ids":["https://openalex.org/I4210101778","https://openalex.org/I55732556"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033409139","display_name":"Tudor Dumitra\u015f","orcid":"https://orcid.org/0000-0003-4350-7226"},"institutions":[{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tudor Dumitras","raw_affiliation_strings":["University of Maryland, College Park, College Park, MD, USA"],"affiliations":[{"raw_affiliation_string":"University of Maryland, College Park, College Park, MD, USA","institution_ids":["https://openalex.org/I66946132"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5025936242"],"corresponding_institution_ids":["https://openalex.org/I2802706902","https://openalex.org/I75027704"],"apc_list":null,"apc_paid":null,"fwci":5.4071,"has_fulltext":false,"cited_by_count":32,"citation_normalized_percentile":{"value":0.95821793,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"407","last_page":"420"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.9727447032928467},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.752095103263855},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6747693419456482},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5584107041358948},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4649917185306549},{"id":"https://openalex.org/keywords/revocation-list","display_name":"Revocation list","score":0.4195367097854614},{"id":"https://openalex.org/keywords/certificate-authority","display_name":"Certificate authority","score":0.30930256843566895},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.21262770891189575},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.17926251888275146},{"id":"https://openalex.org/keywords/public-key-cryptography","display_name":"Public-key cryptography","score":0.08477652072906494}],"concepts":[{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.9727447032928467},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.752095103263855},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6747693419456482},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5584107041358948},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4649917185306549},{"id":"https://openalex.org/C147296133","wikidata":"https://www.wikidata.org/wiki/Q196765","display_name":"Revocation list","level":5,"score":0.4195367097854614},{"id":"https://openalex.org/C93636275","wikidata":"https://www.wikidata.org/wiki/Q196776","display_name":"Certificate authority","level":4,"score":0.30930256843566895},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.21262770891189575},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.17926251888275146},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.08477652072906494},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3433210.3453100","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3433210.3453100","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1273038018","display_name":null,"funder_award_id":"NRF-2020R1C1C1009031","funder_id":"https://openalex.org/F4320322120","funder_display_name":"National Research Foundation of Korea"},{"id":"https://openalex.org/G3402254524","display_name":null,"funder_award_id":"HR001118C0060, FA875019C0003","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G7471288985","display_name":null,"funder_award_id":"CNS-1916499, CNS-1850392, CNS-1703644, CNS-1651661, and OAC-1908021)","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320322120","display_name":"National Research Foundation of Korea","ror":"https://ror.org/013aysd81"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W1501503468","https://openalex.org/W1546563748","https://openalex.org/W1744779065","https://openalex.org/W1871651397","https://openalex.org/W1984816986","https://openalex.org/W2008524185","https://openalex.org/W2019016802","https://openalex.org/W2077667328","https://openalex.org/W2101040389","https://openalex.org/W2104899073","https://openalex.org/W2112736324","https://openalex.org/W2151269705","https://openalex.org/W2161020477","https://openalex.org/W2166780626","https://openalex.org/W2410277931","https://openalex.org/W2487661922","https://openalex.org/W2552873532","https://openalex.org/W2740209367","https://openalex.org/W2753871665","https://openalex.org/W2794584163","https://openalex.org/W2888899408","https://openalex.org/W2889666008","https://openalex.org/W2902942389","https://openalex.org/W2909986196","https://openalex.org/W2917878349","https://openalex.org/W2933056782","https://openalex.org/W2948466809","https://openalex.org/W2962178652","https://openalex.org/W2968974495","https://openalex.org/W2986338082","https://openalex.org/W2988889042","https://openalex.org/W3020358023","https://openalex.org/W3155996479","https://openalex.org/W4213362721","https://openalex.org/W4230593636","https://openalex.org/W4233819588","https://openalex.org/W4298051233","https://openalex.org/W4298869031"],"related_works":["https://openalex.org/W2113386121","https://openalex.org/W1804429336","https://openalex.org/W1486200819","https://openalex.org/W1871251705","https://openalex.org/W269269555","https://openalex.org/W2514337931","https://openalex.org/W2300877280","https://openalex.org/W2010574095","https://openalex.org/W2277273755","https://openalex.org/W2160682843"],"abstract_inverted_index":{"Phishing":[0],"attacks":[1,19,35,98,159],"are":[2],"causing":[3],"substantial":[4],"damage":[5],"albeit":[6],"extensive":[7],"effort":[8],"in":[9,52,65,115,160,172],"academia":[10],"and":[11,79,93,120,137,175],"industry.":[12],"Recently,":[13],"a":[14,43,149],"large":[15],"volume":[16],"of":[17,50,73,77,95,117,122,135,152,169,181,189],"phishing":[18,55,97,158,191],"transit":[20],"toward":[21],"adopting":[22],"HTTPS,":[23],"leveraging":[24],"TLS":[25],"certificates":[26,154],"issued":[27],"from":[28],"Certificate":[29],"Authorities":[30],"(CAs),":[31],"to":[32,68,100,185],"make":[33],"the":[34,47,53,60,71,74,81,90,111,118,123,131,161,166,173,182,186],"more":[36],"effective.":[37],"In":[38,85],"this":[39],"paper,":[40],"we":[41,87,105],"present":[42,89],"comprehensive":[44],"study":[45],"on":[46,59,110],"security":[48,75,113,133,141,167],"practices":[49,76,114,134],"CAs":[51,78,136,170],"HTTPS":[54,83,96,190],"ecosystem.":[56],"We":[57,143,163],"focus":[58],"CAs,":[61],"critical":[62],"actors":[63],"under-studied":[64],"previous":[66],"literature,":[67],"better":[69],"understand":[70],"importance":[72],"thwart":[80],"proliferating":[82],"phishing.":[84],"particular,":[86],"first":[88],"current":[91],"landscape":[92],"effectiveness":[94],"comparing":[99],"traditional":[101],"HTTP":[102],"ones.":[103],"Then,":[104],"conduct":[106],"an":[107],"empirical":[108],"experiment":[109],"CAs'":[112],"terms":[116],"issuance":[119],"revocation":[121],"certificates.":[124],"Our":[125],"findings":[126,147],"highlight":[127],"serious":[128],"conflicts":[129],"between":[130],"expected":[132],"reality,":[138],"raising":[139],"significant":[140],"concerns.":[142],"further":[144],"validate":[145],"our":[146],"using":[148],"longitudinal":[150],"dataset":[151],"abusive":[153],"used":[155],"for":[156],"real":[157],"wild.":[162],"confirm":[164],"that":[165],"concerns":[168,177],"prevail":[171],"wild":[174],"these":[176],"can":[178],"be":[179],"one":[180],"main":[183],"contributors":[184],"recent":[187],"surge":[188],"attacks.":[192]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":9},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":2}],"updated_date":"2026-04-14T08:04:32.555800","created_date":"2025-10-10T00:00:00"}