Pinning & Binning: Real Time Classification of Certificates

The creation of a PKI with trusted roots on a X.509 infrastructure has solved the problem of key exchange and enabled widespread use of encryption between individuals with no previous contact. However, these certificates are inadequate for making a “trust or do not trust” decision in web interactions as exemplified by MITM attacks, phishing attacks, and rogue but technically valid certificates. Thus, end users today often rely on constantly updated blacklists and whitelists. While these approaches offer a simple security solution to the end users, it is often a challenge to construct a whitelist or blacklist that simultaneously satisfies three requirements: correctness, timeliness and completeness. To complement current approaches, we propose a machine learning based approach using features from TLS certificates that addresses the inherent limitations of whitelists and blacklists. We illustrate improvements in timeliness for blacklist updates and completeness for the whitelists, and offer a correctness check for both.