{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:40:01Z","timestamp":1750502401668,"version":"3.41.0"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2025,3,29]],"date-time":"2025-03-29T00:00:00Z","timestamp":1743206400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,3,29]],"date-time":"2025-03-29T00:00:00Z","timestamp":1743206400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,6]]},"DOI":"10.1007\/s10207-025-01022-2","type":"journal-article","created":{"date-parts":[[2025,4,7]],"date-time":"2025-04-07T17:30:04Z","timestamp":1744047004000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Analyzing shared keys in X.509 certificates with domain ownership"],"prefix":"10.1007","volume":"24","author":[{"given":"Kashif","family":"Junaid","sequence":"first","affiliation":[]},{"given":"Muhammad Umar","family":"Janjua","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,3,29]]},"reference":[{"key":"1022_CR1","unstructured":"Adrian, D., Bhargavan, K., Durumeric, Z et\u00a0al.: Drown: Breaking tls using sslv2. In: Proceedings of the USENIX Security Symposium, pp. 689\u2013706, (2016)"},{"key":"1022_CR2","unstructured":"Alexa top 1 million websites. Accessed March 1, (2022). URL: https:\/\/www.alexa.com\/topsites"},{"key":"1022_CR3","unstructured":"Jim A-F: Multi-protocol attacks and the public key infrastructure. NIST, (1998)"},{"key":"1022_CR4","doi-asserted-by":"crossref","unstructured":"Basin, D., Cremers, C., Kim, TH-J., Perrig, A., Sasse, R., Szalachowski, P: Arpki: Attack resilient public-key infrastructure. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 382\u2013393, (2014)","DOI":"10.1145\/2660267.2660298"},{"key":"1022_CR5","unstructured":"Brinkmann, M., Dresen, C., Merget, R., Poddebniak, D., M\u00fcller, J., Somorovsky, J., Schwenk, J., Schinzel, S : ALPACA: Application layer protocol confusion - analyzing and mitigating cracks in TLS authentication. In 30th USENIX Security Symposium (USENIX Security 21), pp. 4293\u20134310. USENIX Association, (2021)"},{"key":"1022_CR6","doi-asserted-by":"crossref","unstructured":"Cangialosi, F., Chung, T., Choffnes, D., Levin, D., Maggs, B., Mislove, A., Wilson, C.: Measurement and analysis of private key sharing in the HTTPS ecosystem. In: ACM SIGSAC Conf. on Computer and Communications Security, pp. 628\u2013640, (2016)","DOI":"10.1145\/2976749.2978301"},{"key":"1022_CR7","doi-asserted-by":"crossref","unstructured":"Clark, J., van Oorschot, P.C.: Sok: Ssl and https: Revisiting past challenges and evaluating certificate trust model enhancements. In: 2013 IEEE Symposium on Security and Privacy, pp. 511\u2013525, (2013)","DOI":"10.1109\/SP.2013.41"},{"key":"1022_CR8","unstructured":"cloudflare. How-does-ssl-work? 2022. URL: https:\/\/www.cloudflare.com\/learning\/ssl\/how-does-ssl-work\/"},{"issue":"3","key":"1022_CR9","doi-asserted-by":"publisher","first-page":"2027","DOI":"10.1109\/COMST.2016.2548426","volume":"18","author":"M Conti","year":"2016","unstructured":"Conti, M., Dragoni, N., Lesyk, V.: A survey of man in the middle attacks. IEEE Commun. Surv. Tutor. 18(3), 2027\u20132051 (2016)","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"1\u20133","key":"1022_CR10","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1023\/A:1007537716579","volume":"34","author":"I Dagan","year":"1999","unstructured":"Dagan, I., Lee, L., Pereira, F.C.N.: Similarity-based models of word cooccurrence probabilities. Mach. Learn. 34(1\u20133), 43\u201369 (1999)","journal-title":"Mach. Learn."},{"key":"1022_CR11","unstructured":"Whta is typosquatting? how misspelling that domain name can cost you? NortonLifeLock Inc., (Oct 2020). Accessed December 17, (2024). URL: https:\/\/us.norton.com\/internetsecurity-online-scams-what-is-typosquatting.html"},{"key":"1022_CR12","unstructured":"Carnavalet de, X., Mannan, M: Killed by proxy: Analyzing client-end tls interception software. In: Proceedings of the Network and Distributed System Security Symposium (NDSS), 01 (2016)"},{"key":"1022_CR13","volume-title":"Closing the gap between guidelines and practices","author":"A Delignat-Lavaud","year":"2014","unstructured":"Delignat-Lavaud, A., Abadi, M., Birrell, A., Mironov, I., Wobber, T., Yinglian, X.: Closing the gap between guidelines and practices. In NDSS, Web PKI (2014)"},{"key":"1022_CR14","doi-asserted-by":"crossref","unstructured":"Delignat-Lavaud,A., Bhargavan, K: Network-based origin confusion attacks against https virtual hosting. In: Proceedings of the 24th International Conference on World Wide Web, WWW \u201915, pp. 227\u2013237, Republic and Canton of Geneva, CHE, (2015). International World Wide Web Conferences Steering Committee","DOI":"10.1145\/2736277.2741089"},{"key":"1022_CR15","unstructured":"DigiNotar. Accessed 08 December (2024). URL: https:\/\/en.wikipedia.org\/wiki\/DigiNotar"},{"key":"1022_CR16","doi-asserted-by":"crossref","unstructured":"Dong, Z., Kane, K., Camp, L.\u00a0J: Detection of Rogue Certificates from Trusted Certificate Authorities Using Deep Neural Networks. ACM Transactions on Privacy and Security (TOPS), 19, (2016)","DOI":"10.1145\/2975591"},{"key":"1022_CR17","doi-asserted-by":"crossref","unstructured":"Durumeric, Z., Kasten, J., Bailey, M., Halderman, J\u00a0A: Analysis of the https certificate ecosystem. In: Proceedings of the 2013 conference on Internet measurement conference, pp. 291\u2013304, (2013)","DOI":"10.1145\/2504730.2504755"},{"key":"1022_CR18","doi-asserted-by":"crossref","unstructured":"Farhan, S., Chung, T: Exploring the Evolution of TLS Certificates, pp. 71\u201384. 03 (2023)","DOI":"10.1007\/978-3-031-28486-1_4"},{"key":"1022_CR19","unstructured":"Felsch, D., Grothe, M., Schwenk, J., Czubak, A., Szymanek, M: The dangers of key reuse: Practical attacks on IPsec IKE. In 27th USENIX Security Symposium (USENIX Security 18), pp. 567\u2013583, Baltimore, MD, (2018). USENIX Association"},{"key":"1022_CR20","doi-asserted-by":"crossref","unstructured":"Giesen, F., Kohlar, F., Stebila, D: On the security of tls renegotiation. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp. 387\u2013398, (2013)","DOI":"10.1145\/2508859.2516694"},{"key":"1022_CR21","unstructured":"Guthrie, D., Allison, B., Liu, W., Guthrie, L., Wilks, Y: A closer look at skip-gram modelling. In LREC, (2006)"},{"key":"1022_CR22","doi-asserted-by":"crossref","unstructured":"Han, S-W., Kwon, H., Hahn, C., Koo, D., Hur, J: A survey on mitm and its countermeasures in the tls handshake protocol. In: 2016 Eighth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 724\u2013729. IEEE, (2016)","DOI":"10.1109\/ICUFN.2016.7537132"},{"key":"1022_CR23","unstructured":"Heartbleed. Accessed 08 December 2024. URL: https:\/\/en.wikipedia.org\/wiki\/Heartbleed"},{"key":"1022_CR24","unstructured":"Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.\u00a0A: Mining your ps and qs: Detection of widespread weak keys in network devices. In 21st USENIX Security Symposium (USENIX Security 12), pp 205\u2013220, Bellevue, WA, August 2012. USENIX Association"},{"key":"1022_CR25","doi-asserted-by":"crossref","unstructured":"Holz, R., Braun, L., Kammenhuber, N., Carle, G: The ssl landscape: A thorough analysis of the x.509 pki using active and passive measurements. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC \u201911, pp. 427\u2013444, New York, NY, USA, (2011). Association for Computing Machinery","DOI":"10.1145\/2068816.2068856"},{"key":"1022_CR26","doi-asserted-by":"crossref","unstructured":"Hue, M\u00a0H., Debnath, J., Leung, K\u00a0M., Li, L., Minaei, M., Mazhar, M.\u00a0H., Xian, K., Hoque, E., Chowdhury, O., Chau, S\u00a0Y: All your credentials are belong to us: On insecure wpa2-enterprise configurations. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS \u201921, pp. 1100\u20131117, New York, NY, USA, (2021). Association for Computing Machinery","DOI":"10.1145\/3460120.3484569"},{"key":"1022_CR27","unstructured":"Junaid, K: Sharingc sets on github. URL: https:\/\/github.com\/kashif-junaid\/LowScoreSharingSets\/"},{"key":"1022_CR28","doi-asserted-by":"publisher","first-page":"2529","DOI":"10.1109\/COMST.2023.3323640","volume":"25","author":"S Khan","year":"2023","unstructured":"Khan, S., Luo, F., Zhang, Z., Ullah, F., Amin, F., Qadri, S.F., Belal, HMd., Bin, R., Rukhsana, W., Lu, U., Shamsher, L., Meng, L., Victor, C.M., Wu, K.: A survey on x.509 public-key infrastructure, certificate revocation, and their modern implementation on blockchain and ledger technologies. IEEE Commun. Surv. Tutor. 25, 2529\u20132568 (2023)","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"07","key":"1022_CR29","first-page":"2015","volume":"135\u2013150","author":"T Khan","year":"2015","unstructured":"Khan, T., Huo, X., Li, Z.: Kanich, C: Every second counts: Quantifying the negative externalities of cybercrime via typosquatting. IEEE Symp. Secur. Priv. 135\u2013150(07), 2015 (2015)","journal-title":"IEEE Symp. Secur. Priv."},{"key":"1022_CR30","doi-asserted-by":"crossref","unstructured":"Kilgallin, J., Vasko, R: Factoring rsa keys in the iot era. In 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), pp. 184\u2013189. IEEE, (2019)","DOI":"10.1109\/TPS-ISA48467.2019.00030"},{"key":"1022_CR31","doi-asserted-by":"crossref","unstructured":"Kumar, D., Wang, Z., Hyder, M., Dickinson, J., Beck, G., Adrian, D., Mason, J., Durumeric, Z., Halderman, J\u00a0A., Bailey, M: Tracking certificate misissuance in the wild. In 2018 IEEE Symposium on Security and Privacy (SP), pp. 785\u2013798. IEEE, (2018)","DOI":"10.1109\/SP.2018.00015"},{"key":"1022_CR32","doi-asserted-by":"crossref","unstructured":"Li, J., Zhang, Z., Guo, C: Machine learning-based malicious x.509 certificates\u2013detection. Appl. Sci., 11(5), (2021)","DOI":"10.3390\/app11052164"},{"issue":"2","key":"1022_CR33","doi-asserted-by":"publisher","first-page":"451","DOI":"10.1007\/s12652-018-1095-6","volume":"11","author":"B Liu","year":"2020","unstructured":"Liu, B.: Text sentiment analysis based on cbow model and deep learning in big data environment. J. Ambient Intell. Humanized Comput. 11(2), 451\u2013458 (2020)","journal-title":"J. Ambient Intell. Humanized Comput."},{"key":"1022_CR34","doi-asserted-by":"crossref","unstructured":"Ma, Z., Faulkenberry, A., Papastergiou, T., Durumeric, Z., Bailey, M\u00a0D., Keromytis, A\u00a0D., Monrose, F., Antonakakis, M: Stale tls certificates: Investigating precarious third-party access to valid tls keys. In: Proceedings of the 2023 ACM on Internet Measurement Conference, (2023)","DOI":"10.1145\/3618257.3624802"},{"key":"1022_CR35","unstructured":"Larimer, J., Root, K: 2012. Security and Privacy in Android Apps [Online] Available: https:\/\/developergoogle.com\/events\/io\/2012\/sessions\/goo io2012\/107\/, accessed (Oct. 2023). Accessed December 17, 2024"},{"key":"1022_CR36","unstructured":"Google form. Accessed March 3, (2024). URL: https:\/\/www.wired.com\/2011\/09\/doppelganger-domains\/"},{"key":"1022_CR37","unstructured":"Pakniat, N: Public key encryption with keyword search and keyword guessing attack. ISCISC, (2016)"},{"key":"1022_CR38","unstructured":"Parsovs, A: Estonian electronic identity card: Security flaws in key management. In 29th USENIX Security Symposium (USENIX Security 20), pp. 1785\u20131802. USENIX Association, (August 2020)"},{"key":"1022_CR39","unstructured":"Rapid7 data. Accessed December 17, (2024). URL: https:\/\/opendata.rapid7.com\/sonar.ssl"},{"key":"1022_CR40","doi-asserted-by":"crossref","unstructured":"Roberts, R., Goldschlag, Y., Walter, R., Chung, T., Mislove, A., Levin, D: You are who you appear to be: A longitudinal study of domain impersonation in tls certificates. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS \u201919, pp. 2489\u20132504, New York, NY, USA, (2019). Association for Computing Machinery","DOI":"10.1145\/3319535.3363188"},{"key":"1022_CR41","unstructured":"ROCA vulnerability. Accessed 08 (December 2024). URL: https:\/\/en.wikipedia.org\/wiki\/ROCA_vulnerability"},{"key":"1022_CR42","doi-asserted-by":"crossref","unstructured":"Sakurai, Y., Watanabe, T., Okuda, T., Akiyama, M.: Mori, T: Identifying the phishing websites using the patterns of tls certificates. J. Cyber Secur. Mob. 10(2), 451\u2013486 (2021)","DOI":"10.13052\/jcsm2245-1439.1026"},{"key":"1022_CR43","unstructured":"Cutoff point. Accessed on July 6, 2024. URL: https:\/\/www.sciencedirect.com\/topics\/mathematics\/cutoff-point"},{"key":"1022_CR44","unstructured":"Shodan boss finds 250,000 routers have common keys. Accessed December 17, (2024). URL:https:\/\/www.theregister.com\/2015\/02\/20\/250000_routers_have_duplicate_ssh_keys\/"},{"key":"1022_CR45","unstructured":"Squarcina, M., Tempesta, M., Veronese, L., Calzavara, S., Maffei, M: Can i take your subdomain? exploring Same-Site attacks in the modern web. In 30th USENIX Security Symposium (USENIX Security 21), pp. 2917\u20132934. USENIX Association, (2021)"},{"key":"1022_CR46","doi-asserted-by":"crossref","unstructured":"Stark, E., Sleevi, R., Muminovi\u0107, R., O\u2019Brien, D., Messeri, E., Felt, A\u00a0P., McMillion, B., Tabriz, P: Does certificate transparency break the web? measuring adoption and error rate. (2019)","DOI":"10.1109\/SP.2019.00027"},{"key":"1022_CR47","doi-asserted-by":"crossref","unstructured":"Zhang, M., Li, X., Liu, B., Lu, J., Zhang, Y., Chen, J., Duan, H., Hao, S., Zheng, X: Detecting and measuring security risks of hosting-based dangling domains. Proc. ACM Meas. Anal. Comput. Syst., 7(1), (2023)","DOI":"10.1145\/3579440"},{"key":"1022_CR48","doi-asserted-by":"crossref","unstructured":"Zhang, M., Zheng, X., Shen, K., Kong, Z., Lu, C., Wang, Y., Duan, H., Hao, S., Liu, B., Yang, M: Talking with familiar strangers: An empirical study on https context confusion attacks. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, CCS \u201920, pp. 1939\u20131952, New York, NY, USA, (2020). Association for Computing Machinery","DOI":"10.1145\/3372297.3417252"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01022-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01022-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01022-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:11:09Z","timestamp":1750500669000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01022-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,3,29]]},"references-count":48,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,6]]}},"alternative-id":["1022"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01022-2","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2025,3,29]]},"assertion":[{"value":"29 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"We declare that we have no Conflict of interest that could influence the interpretation or evaluation of the results presented in this manuscript. Conflict of interest include, but are not limited to, financial, personal, or professional relationships that may have influenced the work or could be perceived to have influenced the work.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest:"}},{"value":"In our research, we address the following ethical considerations: Firstly, we employ manual methods to retrieve certificate data from Alexa and Rapid7\u2019s Sonar websites. Secondly, when communicating with Certificate Authorities (CAs), we ensure that the names of any other CAs involved in key sharing are not disclosed. Thirdly, we refrain from attributing blame to any CA for participating in key-sharing activities intentionally. Instead, we focus on discussing user adherence to best practices when obtaining certificates. Throughout our investigation, we place significant emphasis on safeguarding the privacy of Certificate Authorities (CAs). Our analysis strictly avoids accessing any single entity\u2019s private key, and no information pertaining to entities containing user account details is disclosed.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Considerations"}}],"article-number":"106"}}