How safe do you feel while transferring money through online banking or using online/mobile applications for paying utility bills or doing any internet activities? Most of the times I would receive the answer - YES. If I ask why? The common answer would be,
My information is being sent over encrypted channel i.e. SSL/TLS. So, no one will be able to see it or decrypt it. The SSL certificate is issued by trusted CA.
This really needs attention because we are providing sensitive information to process our transactions like card information, CVV, personal information, passwords etc.
Above answer may not hold true always. A number of incidents have happened resulting in compromise of user's sensitive information. Before going into the details let first see what CA is?
The Certificate Authority (CA) issues digital certificates. The digital certificate is used to identify the entity on the internet. Browser checks for these certificates while communicating with the entity.
DigiNotar was one of the trusted CAs. Somewhere in July 2011, an attacker gains access to its system and issued fake certificates for Google. These certificates were used to execute man-in-the-middle attack.
Here a new question arises, what is man-in-the-middle attack?
Let’s take a standard example of Alice and Bob. Alice wants to send a message to Bob.
The attacker is man-in-the-middle. The attacker is able to get all the information being exchanged between two parties. Alice and Bob will feel that they are talking to each other but messages will pass through the attacker. If we discuss in terms of technology then Alice and Bob trust Attacker’s certificate and sending all the information over the network.
We have discussed that trusted CA certificates can also be compromised and lead to the man-in-the-middle attack.
Certificate Pinning can be the solution to this problem. It is a technique to compile certificate/public key into the application code.
Let’s discuss what happens when two parties exchange information over a network. Three main questions which arises are,
- How keys are exchanged? – They might have used RSA
- How data is encrypted? – They might have used AES
- How messages are marked as authentic? – They might have used SHA1
The client request certificate chain from server and validate the chain with all above parameters. Then client extracts the public key from certificate. Now, here certificate pinning comes into the picture.
Under secure connection, what it does not do is to check that it is your certificate, the one you uploaded to your server. Typically certificates are validated by checking the signature hierarchy. My Cert is signed by Intermediate Cert which is signed by RootCert, and RootCert is listed in my computer's certificate trust store.
If certificate pinning is implemented then the client will have certificate details compiled in application code. The client will check these details with the details it receives from server certificate. If the details match then the connection will be established or else connection will be terminated. In certificate pinning, the client does not trust any approved CA certificate but it will check specific parameters which are hardcoded in application against the server certificate.
Now let’s look at Alice – Bob scenario again. If Alice would have done certificate pinning then the attacker would not have intercepted the communication. Alice would have the certificate details of Bob. So when Alice receives certificate of Attacker instead of Bob, it will terminate the connection because certificate details of Bob will not match with Attacker.
There are three types of pinning techniques,
Public key Pinning – Public key of server certificate will be compiled in application code. If the certificate is properly renewed then public key won’t change.
Certificate Pinning – Entire certificate details will be compiled in application code. If the certificate expires then you have to update client application before updating certificate to the server.
SPKI (Subject Public Key Information) – Hash of the public key and the other metadata is compiled into application code. When you receive server certificate, you need to make a hash of details and check it against compiled hash.
Authored by Ankur Joshi