dimanche 1 mars 2015

Certificate pinning and the key distribution problem



I (think I) understand the concept of certificate pinning. However, I'm wondering if, in the worst-case scenario: is certificate pinning any more secure than the hierarchical trust model it is built upon? An example scenario:



  1. I develop a mobile app, which uses secure connections

  2. To encrypt these secure connections, I need a key

  3. In the past, I'd just use HTTPS for the secure connections, and made sure my service had a valid certificate. I rely on others for my security.

  4. Now, I don't want to rely on others anymore, so I start pinning my service certificate (let's say certificate X). This means that shifty CA's will not be able to break my security. Let's say I pin my public key, so effectively this means I don't trust any CA (otherwise I could pin a CA).

  5. This brings me back to the original key distribution problem, that PKI was to solve: how do I distribute my application to my users? I don't want an attacker sitting in the middle of the channel and replacing my application with another one (and with another pinned certificate Y).

  6. Well, that's easy: I use HTTPS.

  7. ...

  8. I use HTTPS, which checks the certificates against the MS Windows store, which menas I have to rely on the shifty CA's from step 4.

  9. Sidenote: everytime I send an update, an attacker (a shifty CA) might be prepared to intercept my update, and replace the pinned public key with another one.


The OWASP page mentions that the pin can be added during development or upon first encounter. However, when adding it during development, we still have to distribute the app to the users, which will pivot over the security issue to the distribution channel. This distribution channel might also pin certificates, but in the end, it all comes down to the trust of your first channel. In case of MS Windows, this is the MS certificate list: even though Chrome might check the pin of all Google domains, I first need to install Chrome over a secure connection.


I'm not saying certificate pinning is not any more secure (although I'm not sure about the added value, especially when considering point 9), I'm just wondering if the above reasoning is correct.





Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)