Q
Get started Bring yourself up to speed with our introductory content.

Can public key pinning improve Mozilla Firefox security?

Public key pinning aims to reduce the lack of trust associated with digital certificates and certificate authorities. Expert Michael Cobb explains how it works and its benefits.

The latest version of Mozilla Firefox supports public key pinning. What is key pinning, and how does it improve...

Web security?

Secure communication over the Internet relies on the SSL/TLS protocol, which uses digital certificates to provide authentication and encryption. The public key in a Web server's certificate is used to encrypt traffic to the site, while the certificate identifies who owns the site. A website's certificate is typically validated by checking the signature hierarchy; MyWebServerCert is signed by AnIntermediateCert which is signed by ARootCert, a certificate authority (CA) root certificate that is trusted implicitly by the majority of operating systems and browsers.

However, this chain or hierarchy of trust can be compromised, making protocols that rely on certificate chain verification like SSL/TLS vulnerable to various attacks -- including man-in-the-middle (MITM) attacks.

To fool a user's browser into trusting a site an attacker controls, the attacker can present a stolen or forged certificate for the site. This has happened a disturbing number of times in the last few years. For example, hackers broke into the Dutch CA DigiNotar and issued fraudulent but valid certificates for several major sites, including Google, Twitter and Yahoo. CAs have also accidently issued certificates to the wrong people, and some have failed to follow their own policies, leading to hackers obtaining certificates for domains they don't own. These shortcomings in the CA infrastructure are undermining confidence in the CA hierarchy of trust.

Certificate pinning overcomes this lack of trust by associating a host with its expected certificate or public key. It's similar to SSH's StrictHostKeyChecking option as it directly identifies a host or service by its public key, only trusting certificates signed by a specific certificate. This method of checking a site's digital certificate avoids the risks present in the CA infrastructure and prevents man-in-the-middle attacks. The public key pinning in Chrome helped detect the fraudulent SSL certificate issued by DigiNotar used in a MITM attack against Google users in Iran.

Site administrators pin a CA's certificate or public key to their server's certificate -- if more than one certificate or public key is acceptable, they are held in a pinset -- a list of acceptable certificate authorities for participating sites. This allows browsers and other apps to check that a server's certificate is signed by a particular whitelisted CA instead of relying on certificate chain verification to validate it. This check is done during the certificate verification phase of the connection, before any data is sent or processed by the browser. So, for example, Chrome currently only accepts certificates for Google domains from Verisign, Google Internet Authority, Equifax and GeoTrust despite other CAs being listed as trusted in the browser's certificate store.

Starting with Firefox version 32, Mozilla's browser has public key pinning on by default and includes a built-in pinset. Further domains will be added to this list in newer versions; you can see the full list of pinned domains and rollout status here. While Web administrators can add support for pinning with the Public Key Pinning Extension for HTTP, dynamic pinsets are not yet supported by Firefox or other major browsers as the list of acceptable certificate authorities for each pinned domain still has to be preloaded at application build time. Microsoft has public key pinning under consideration for inclusion in Internet Explorer.

Reducing the number of authorities that can authenticate a domain during the lifetime of a pin and verifying a certificate's status with an independent check of a certificate or key provides stronger assurance that the site is the real site the user intended to visit. It will also stop the abuse of certificates that should never have been issued, as well as reduce the incidence of MITM attacks due to compromised CAs.

Ask the Expert:
Have a question about application security? Send it via email today. (All questions are anonymous.)

Next Steps

Learn more about certificate pinning.

Beware of fake digital certificates.

This was last published in May 2015

Dig Deeper on Web browser security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

I'm really glad some other people have noticed this could be a real improvement.

It's supported by both Firefox and Chrome. Firefox supposedly even supports it on mobile.

This really is the best way we currently have to prevent the wrong CA issuing certificates for domains you own (obviously only works for regular visitors for a website/domain). Which is a real problem.

Haven't tried it yet myself, because you can end up doing a denial of service of your site/domain. So it's important to be careful with this. Probably try this on a test-website or with a very short max-age.

Definitely on my list of things to do in the near future.

What you should also do is create 2 certificates and pin both of them. With just 1 on the active server and keeping the other offline (don't even generate the second key-pair on the server). That way if your server is compromised, you can use the second certificate after you've fixed the problem.

Now that it is easier and easier to free certificates having 2 certificates is probably not a big problem. Even if you think that is a problem. You don't need the certificates you can at least generate 2 private/public key pairs. And pin both.

Obviously in the worst case it might take some time to get your site back online while you are waiting for a CA to issue a new certificate for your second key.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close