kentoh - Fotolia
The latest version of Mozilla Firefox supports public key pinning. What is key pinning, and how does it improve Web security?
Secure communication over the Internet relies on the SSL/TLS protocol, which uses digital certificates to provide authentication and encryption. The public key in a Web server's certificate is used to encrypt traffic to the site, while the certificate identifies who owns the site. A website's certificate is typically validated by checking the signature hierarchy; MyWebServerCert is signed by AnIntermediateCert which is signed by ARootCert, a certificate authority (CA) root certificate that is trusted implicitly by the majority of operating systems and browsers.
However, this chain or hierarchy of trust can be compromised, making protocols that rely on certificate chain verification like SSL/TLS vulnerable to various attacks -- including man-in-the-middle (MITM) attacks.
To fool a user's browser into trusting a site an attacker controls, the attacker can present a stolen or forged certificate for the site. This has happened a disturbing number of times in the last few years. For example, hackers broke into the Dutch CA DigiNotar and issued fraudulent but valid certificates for several major sites, including Google, Twitter and Yahoo. CAs have also accidently issued certificates to the wrong people, and some have failed to follow their own policies, leading to hackers obtaining certificates for domains they don't own. These shortcomings in the CA infrastructure are undermining confidence in the CA hierarchy of trust.
Certificate pinning overcomes this lack of trust by associating a host with its expected certificate or public key. It's similar to SSH's StrictHostKeyChecking option as it directly identifies a host or service by its public key, only trusting certificates signed by a specific certificate. This method of checking a site's digital certificate avoids the risks present in the CA infrastructure and prevents man-in-the-middle attacks. The public key pinning in Chrome helped detect the fraudulent SSL certificate issued by DigiNotar used in a MITM attack against Google users in Iran.
Site administrators pin a CA's certificate or public key to their server's certificate -- if more than one certificate or public key is acceptable, they are held in a pinset -- a list of acceptable certificate authorities for participating sites. This allows browsers and other apps to check that a server's certificate is signed by a particular whitelisted CA instead of relying on certificate chain verification to validate it. This check is done during the certificate verification phase of the connection, before any data is sent or processed by the browser. So, for example, Chrome currently only accepts certificates for Google domains from Verisign, Google Internet Authority, Equifax and GeoTrust despite other CAs being listed as trusted in the browser's certificate store.
Starting with Firefox version 32, Mozilla's browser has public key pinning on by default and includes a built-in pinset. Further domains will be added to this list in newer versions; you can see the full list of pinned domains and rollout status here. While Web administrators can add support for pinning with the Public Key Pinning Extension for HTTP, dynamic pinsets are not yet supported by Firefox or other major browsers as the list of acceptable certificate authorities for each pinned domain still has to be preloaded at application build time. Microsoft has public key pinning under consideration for inclusion in Internet Explorer.
Reducing the number of authorities that can authenticate a domain during the lifetime of a pin and verifying a certificate's status with an independent check of a certificate or key provides stronger assurance that the site is the real site the user intended to visit. It will also stop the abuse of certificates that should never have been issued, as well as reduce the incidence of MITM attacks due to compromised CAs.
Ask the Expert:
Have a question about application security? Send it via email today. (All questions are anonymous.)
Learn more about certificate pinning.
Beware of fake digital certificates.
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently... Continue Reading
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix ... Continue Reading
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and... Continue Reading