certificate pinning in mobile applications
Post on 16-Jul-2015
400 Views
Preview:
TRANSCRIPT
Introduction to Pinning
Why is good to have it...
State of Art – Android / iOS / Win
Conclusion – Pros & Cons
2
3
Mobile applications frequently do not protect network traffic.
They may use SSL/TLS during authentication but not elsewhere.
This inconsistency leads to the risk of exposing data and session IDs to
interception.
Business Impact Loss of Confidentiality and Integrity
Company’s reputation at risk
Incident response costs $$$
Possible legal issues (e.g. violation of ISO/PCI requirements)
Mitigation Use End-to-End encryption between browser and web server (HTTPS)
► SSL/TLS ► Certificate Pinning !
4
Pinning is the process of associating a host with their expected
*{X509 certificate || public key}. Once a certificate or public key is
known or seen for a host, the certificate or public key is associated or
'pinned' to the host. <…>
• The pre-existing relationship between the user and an
organization helps make better security related decisions.
• No longer needs to depend on others (e.g. CAs) when making
security decisions relating to a peer's identity!
5
The certificate is easiest to pin.
When the certificate expires, you would update your
application.
Public key pinning is more flexible but a little trickier due to the extra
steps necessary to extract the public key from a certificate. o As with a certificate, the program checks the extracted public key with its
embedded copy of the public key.
o It is harder to work with keys (Vs. certificates) since you usually must
extract the key from the certificate. Extraction is a minor inconvenience in
Java, buts its uncomfortable in Cocoa and OpenSSL.
o The key is static and may violate key rotation policies.
Introduction to Pinning
Why is good to have it...
State of Art – Android / iOS / Win
Conclusion – Pros & Cons
6
7
“An IMSI-Catcher (International Mobile Subscriber Identity) is
a telephony eavesdropping device used for intercepting
mobile phone traffic and tracking movement of subscribers.
Essentially a "fake" mobile tower acting between the target
mobile phone and the MNO's real BTSes, it is considered a
Man-In-The-Middle (MITM) attack.”
Fake WiFi AP + jam real AP? ARP Poisoning?… Old known
boring threats.
Introduction to Pinning
Why is good to have it...
State of Art – Android / iOS / Win
Conclusion – Pros & Cons
10
11
Pinning is accomplished through a custom X509TrustManager API. Google
Chrome PubKey pinning style. Customized version of TrustManager from Moxie Marlinspike available at:
https://github.com/moxie0/AndroidPinning
public PinningTrustManager(SystemKeyStore keyStore, String[] pins, long
enforceUntilTimestampMillis) {
this.systemTrustManagers = initializeSystemTrustManagers(keyStore);
this.systemKeyStore = keyStore;
this.enforceUntilTimestampMillis = enforceUntilTimestampMillis;
for (String pin : pins) {
this.pins.add(hexStringToByteArray(pin));
}
}
Constructs a PinningTrustManager with a set of valid pins.
@param keyStore A SystemKeyStore that validation will be based on.
@param pins An array of encoded pins to match a seen certificate chain against. A pin is a hex-
encoded hash of a X.509 certificate's SubjectPublicKeyInfo. A pin can be generated using the
provided ./tools/pin.py certificate_file.pem
@param enforceUntilTimestampMillis A timestamp (in milliseconds) when pins will stop being
enforced. Normal non-pinned certificate validation will continue. Set this to some period after your
build date, or to 0 to enforce pins forever.
12
The method used to Ping Certificates is :connection:willSendRequestForAuthenticationChallenge:
inside the NSURLConnectionDelegate protocol.
This method gets called when an SSL connection is made, giving the developer, a
chance to inspect the authentication challenge and either proceed or fail.
The code below shows how you can check the certificate sent by the server, with
a known certificate embedded in your applications.
After doing await and socket.UpgradeToSslAsync(), check
socket.Information.ServerCertificate for the cert that was provided by the server.
You can verify that it's the cert you were expecting before you send any data. 13
The majority of Windows Phone 8 applications on the Marketplace lack certificate
pinning due to the difficulty of implementing this security measure on the
platform. Possible solutions:
• For Win 8.0: Use an open source third party library for SSL such as OpenSSL
or Bouncy Castle crypto Libs and attempt to build for Windows Phone. Cons: It
may require significant effort to implement correctly.
• For Win 8.0: Use a commercial library supporting SSL pinning:
SecureBlackBox (https://www.eldos.com/sbb/). Cons: $$$
• >= Win 8.1: Thanks to the use of StreamSocket we can read the contents of the
certificate via StreamSocket.Information.ServerCertificate property.
StreamSocket s = new StreamSocket();
await s.ConnectAsync(new HostName(SrvURL), "443");
s.UpgradeToSslAsync(SocketProtectionLevel.Ssl, new HostName(SrvURL));
var certificate = s.Information.ServerCertificate;
Introduction to Pinning
Why is good to have it...
State of Art – Android / iOS / Win
Conclusion – Pros & Cons
14
PROS
15
Better Security: Drastically reduce the ability to conduct successful MITM
attacks.
Not Hard to Implement: Not as difficult as it seems to implement a basic
certificate pinning.
Cost Saving: By using a self-signed certificate is possible reduce the costs,
instead of paying for a certificate.
• Possible problems in case of Certificate or PubKey revocation.
• Egress filtering in a corporate environment (i.e. Interception Proxy)
• The certificate embedded in your app will eventually expire.
Your have to either plan for an app update that contains an updated
certificate, or code a way for the application to download the new
certificate, which is hardly achievable in practice.
CONS
16
• https://www.owasp.org/index.php/Mobile_Top_10_2014-M3
• https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
• https://tools.ietf.org/html/draft-ietf-websec-key-pinning-21
• https://www.owasp.org/index.php/Pinning_Cheat_Sheet
• http://www.thoughtcrime.org/blog/authenticity-is-broken-in-ssl-but-your-app-ha/
• http://developer.android.com/reference/android/net/http/X509TrustManagerExte
nsions.html
• https://www.isecpartners.com/blog/2013/february/ssl-pinning-on-ios.aspx
• www.doubleencore.com/2013/03/ssl-pinning-for-increased-app-security/
• http://blog.soat.fr/2014/11/wp8-problematique-du-certificate-pinning/
• http://www.slideshare.net/iazza/dcm-final-23052013fullycensored
• http://chargen.matasano.com/chargen/2015/1/6/bypassing-openssl-certificate-
pinning-in-ios-apps.html
top related