Understanding the Role of Extended Validation Certificates in Internet Abuse

Brendan Saltaformaggio and Maria Konte
June 28, 2019


Extended Validation (EV) Certificates play an instrumental role in web security. EV certificates assure the visitors of a website that they are indeed visiting the safe website they intend to, and not an imposter set up by cybercriminals. Previous work has shown that domains who invest in EV certificates are prudent with cyber security practices, and these domains were not found to be associated with phishing sites. Additional previous work on the association between EV certificates and abused domains, motivated us to perform a large-scale in-depth study to investigate and understand any such associations. We cross-correlated abused domains found in our corpus of malware network traffic, blacklists, and underground marketplace communications with domains that have EV certificates. We found that the probability that a domain with an EV certificate is abused or associated with cybercrime is negligible. We found overwhelming evidence that EV certificates are highly indicative of a legitimate domain registered by a legitimate business. This reinforces the notion that browsers should generally err on the side of trusting a website which has invested in an EV certificate, and this trust is the primary benefit that EV certificates provide to their owners. Our future work focuses on designing new security indicators for the browser that better communicates a website’s trustworthiness.

Read more