Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Certificate Pinning in Mobile Applications

5,632 views

Published on

Brief overwies about Certificates || Keys Pinning in Mobile Applications. State of Art, Pros and Cons.

Published in: Technology

Certificate Pinning in Mobile Applications

  1. 1. OWASP Lithuania - Luca Bongiorni – 05/03/2015
  2. 2.  Introduction to Pinning  Why is good to have it...  State of Art – Android / iOS / Win  Conclusion – Pros & Cons 2
  3. 3. 3  Mobile applications frequently do not protect network traffic.  They may use SSL/TLS during authentication but not elsewhere. This inconsistency leads to the risk of exposing data and session IDs to interception. Business Impact  Loss of Confidentiality and Integrity  Company’s reputation at risk  Incident response costs $$$  Possible legal issues (e.g. violation of ISO/PCI requirements) Mitigation  Use End-to-End encryption between browser and web server (HTTPS) ► SSL/TLS ► Certificate Pinning !
  4. 4. 4 Pinning is the process of associating a host with their expected *{X509 certificate || public key}. Once a certificate or public key is known or seen for a host, the certificate or public key is associated or 'pinned' to the host. <…> • The pre-existing relationship between the user and an organization helps make better security related decisions. • No longer needs to depend on others (e.g. CAs) when making security decisions relating to a peer's identity!
  5. 5. 5  The certificate is easiest to pin. When the certificate expires, you would update your application.  Public key pinning is more flexible but a little trickier due to the extra steps necessary to extract the public key from a certificate. o As with a certificate, the program checks the extracted public key with its embedded copy of the public key. o It is harder to work with keys (Vs. certificates) since you usually must extract the key from the certificate. Extraction is a minor inconvenience in Java, buts its uncomfortable in Cocoa and OpenSSL. o The key is static and may violate key rotation policies.
  6. 6.  Introduction to Pinning  Why is good to have it...  State of Art – Android / iOS / Win  Conclusion – Pros & Cons 6
  7. 7. 7 “An IMSI-Catcher (International Mobile Subscriber Identity) is a telephony eavesdropping device used for intercepting mobile phone traffic and tracking movement of subscribers. Essentially a "fake" mobile tower acting between the target mobile phone and the MNO's real BTSes, it is considered a Man-In-The-Middle (MITM) attack.” Fake WiFi AP + jam real AP? ARP Poisoning?… Old known boring threats.
  8. 8. 8
  9. 9. 9
  10. 10.  Introduction to Pinning  Why is good to have it...  State of Art – Android / iOS / Win  Conclusion – Pros & Cons 10
  11. 11. 11 Pinning is accomplished through a custom X509TrustManager API. Google Chrome PubKey pinning style. Customized version of TrustManager from Moxie Marlinspike available at: https://github.com/moxie0/AndroidPinning public PinningTrustManager(SystemKeyStore keyStore, String[] pins, long enforceUntilTimestampMillis) { this.systemTrustManagers = initializeSystemTrustManagers(keyStore); this.systemKeyStore = keyStore; this.enforceUntilTimestampMillis = enforceUntilTimestampMillis; for (String pin : pins) { this.pins.add(hexStringToByteArray(pin)); } } Constructs a PinningTrustManager with a set of valid pins. @param keyStore A SystemKeyStore that validation will be based on. @param pins An array of encoded pins to match a seen certificate chain against. A pin is a hex- encoded hash of a X.509 certificate's SubjectPublicKeyInfo. A pin can be generated using the provided ./tools/pin.py certificate_file.pem @param enforceUntilTimestampMillis A timestamp (in milliseconds) when pins will stop being enforced. Normal non-pinned certificate validation will continue. Set this to some period after your build date, or to 0 to enforce pins forever.
  12. 12. 12 The method used to Ping Certificates is :connection:willSendRequestForAuthenticationChallenge: inside the NSURLConnectionDelegate protocol. This method gets called when an SSL connection is made, giving the developer, a chance to inspect the authentication challenge and either proceed or fail. The code below shows how you can check the certificate sent by the server, with a known certificate embedded in your applications.
  13. 13. After doing await and socket.UpgradeToSslAsync(), check socket.Information.ServerCertificate for the cert that was provided by the server. You can verify that it's the cert you were expecting before you send any data. 13 The majority of Windows Phone 8 applications on the Marketplace lack certificate pinning due to the difficulty of implementing this security measure on the platform. Possible solutions: • For Win 8.0: Use an open source third party library for SSL such as OpenSSL or Bouncy Castle crypto Libs and attempt to build for Windows Phone. Cons: It may require significant effort to implement correctly. • For Win 8.0: Use a commercial library supporting SSL pinning: SecureBlackBox (https://www.eldos.com/sbb/). Cons: $$$ • >= Win 8.1: Thanks to the use of StreamSocket we can read the contents of the certificate via StreamSocket.Information.ServerCertificate property. StreamSocket s = new StreamSocket(); await s.ConnectAsync(new HostName(SrvURL), "443"); s.UpgradeToSslAsync(SocketProtectionLevel.Ssl, new HostName(SrvURL)); var certificate = s.Information.ServerCertificate;
  14. 14.  Introduction to Pinning  Why is good to have it...  State of Art – Android / iOS / Win  Conclusion – Pros & Cons 14
  15. 15. PROS 15  Better Security: Drastically reduce the ability to conduct successful MITM attacks.  Not Hard to Implement: Not as difficult as it seems to implement a basic certificate pinning.  Cost Saving: By using a self-signed certificate is possible reduce the costs, instead of paying for a certificate. • Possible problems in case of Certificate or PubKey revocation. • Egress filtering in a corporate environment (i.e. Interception Proxy) • The certificate embedded in your app will eventually expire. Your have to either plan for an app update that contains an updated certificate, or code a way for the application to download the new certificate, which is hardly achievable in practice. CONS
  16. 16. 16 • https://www.owasp.org/index.php/Mobile_Top_10_2014-M3 • https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning • https://tools.ietf.org/html/draft-ietf-websec-key-pinning-21 • https://www.owasp.org/index.php/Pinning_Cheat_Sheet • http://www.thoughtcrime.org/blog/authenticity-is-broken-in-ssl-but-your-app-ha/ • http://developer.android.com/reference/android/net/http/X509TrustManagerExte nsions.html • https://www.isecpartners.com/blog/2013/february/ssl-pinning-on-ios.aspx • www.doubleencore.com/2013/03/ssl-pinning-for-increased-app-security/ • http://blog.soat.fr/2014/11/wp8-problematique-du-certificate-pinning/ • http://www.slideshare.net/iazza/dcm-final-23052013fullycensored • http://chargen.matasano.com/chargen/2015/1/6/bypassing-openssl-certificate- pinning-in-ios-apps.html
  17. 17. 17

×