Sergey Nivens - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How does public key pinning improve website security?

Certificate authority confidence is waning, but the emergence of public key pinning can help keep websites secure. Expert Michael Cobb explains how.

What is public key pinning and how does it improve Web browser security? I heard Microsoft was considering adding...

it to Internet Explorer; do other browsers offer it, or will they?

The Public Key Pinning Extension for HTTP (HPKP) is designed to mitigate man-in-the-middle (MITM) attacks that use a fraudulent SSL certificate and be a more reliable method of validating a Web server's digital certificate. HPKP allows a site administrator to "pin" a certificate authority's (CA) certificate or public key to their server's certificate and send this information in an HTTP header. This allows browsers and other apps to check that a server's certificate is signed by a particular whitelisted CA instead of relying on a certificate chain verification to validate it. This check is done during the certificate verification phase of the connection, before any data is sent or processed by the browser.

Public key pinning has been supported in Google Chrome for some time and has helped to detect the fraudulent SSL certificate issued by DigiNotar used in a MITM attack against Google users in Iran as well as the intermediate CA certificates mistakenly issued by TurkTrust. These failings in the CA infrastructure are undermining confidence in the CA hierarchy of trust and are one reason why major browsers are adopting certificate pinning. Besides Google Chrome, Firefox also supports public key pinning, and Microsoft has it under consideration for inclusion in Internet Explorer and in its new Web browser, Spartan.

Chrome and Firefox include a built-in pinset -- a list of acceptable certificate authorities for large, high-security websites -- but as of yet, no browsers support dynamic pinsets. This means that the list of acceptable certificate authorities for each pinned domain has to be preloaded at application build time, which introduces scalability issues and excludes all but the major websites. Both vendors are looking at how best to support dynamic pinsets. Web administrators wishing to ready their websites for dynamic pinning need to return the Public Key Pins HTTP header when their site is accessed over HTTPS. For example, an apache Web server can be configured to send the following header which will tell browsers to associate a specific SSL certificate with a website:

Header set Public-Key-Pins "pin-sha256=\"base64+info1==\"; pin-sha256=\"backup+pin+here==\"; max-age=15768000; includeSubDomains"

(Note: This requires apache mod_headers to be enabled.)

It's also good practice to include a pin for a backup certificate that isn't used in production. This ensures that the site stays accessible after the main certificate gets revoked.

Reducing the number of authorities that can authenticate a domain during the lifetime of a pin and removing the need to rely on a CA to verify a certificate's status with an independent check of a certificate or key provides stronger assurance the site is the real site that the user intended to visit. Public key pinning will stop the abuse of certificates that should never have been issued, as well as reduce the incidence of MITM attacks due to compromised CAs.

Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Can certificate authorities be trusted? Learn more here

This was last published in April 2015

Dig Deeper on PKI and digital certificates