Mobile App Certificate Pinning Guide

Introduction to Certificate Pinning

Certificate pinning is a security measure used in mobile apps and other software to prevent man-in-the-middle (MITM) attacks by ensuring

that the app only trusts specific certificates or keys when establishing a secure connection.

Purpose of Certificate Pinning

The main purpose of certificate pinning is to enhance security by restricting which certificates or public keys can be trusted. This helps protect against MITM attacks, where an attacker could intercept and potentially alter the communication between the app and the server.

How Certificate Pinning Works

1. Obtaining the Certificate or Key:

• During development, the certificate or public key of the server is obtained. This can be the end-entity certificate (the one directly presented by the server), an intermediate certificate, or the root certificate.

2. Pinning the Certificate or Key:

• The obtained certificate or key is then hardcoded or securely stored within the app. This is known as "pinning."

3. Verifying the Certificate or Key:

• When the app tries to establish a secure connection to the server, it receives the server's certificate.
• The app compares the received certificate or key with the pinned one.
• If they match, the connection is trusted and established.
• If they do not match, the connection is rejected, preventing any potential MITM attacks.

Benefits:

1. Protects against compromised CAs.
2. Prevents man-in-the-middle attacks, where an attacker could intercept and modify the communication between the app and the server.

Types of Pinning

1. Certificate Pinning
2. Public Key Pinning
3. Hashkey Pinning

Each of these types can be applied to different levels of the certificate hierarchy:

1. Leaf Certificate (End-Entity)
2. Intermediate Certificate
3. Root Certificate

Determine the Security Requirements:

Assess the level of security required for your app. High-security apps (e.g., banking) might opt for leaf certificate or public key pinning, while others might use intermediate or root pinning for more flexibility.

1. Choose the Pinning Method: Decide on the type of pinning based on your security needs and maintenance capabilities:

• Certificate Pinning: For strict security with exact certificates.
• Public Key Pinning: For flexibility with high security.
• Hashkey Pinning: For a secure method of ensuring integrity with flexibility.

2. Select the Pinning Level:

2.1 Leaf Certificate:

a. Purpose: Provides the highest security by pinning the specific server certificate.

b. Maintenance: Requires frequent updates as leaf certificates generally expire in 1-2 years.

c. Drawbacks:

1. Every time the server certificate is renewed, the app needs an update to include the new certificate, which can be burdensome.

2. Requires careful management of certificate expiration and renewal schedules to avoid service disruptions.

3. If the server certificate needs to change due to reasons like revocation or security updates, it can be less flexible compared to pinning public keys or hashes.

2.2. Intermediate Certificate:

a. Purpose: Balances security and flexibility by pinning the intermediate certificate.

b. Maintenance: Less frequent updates needed compared to leaf certificates, as intermediate certificates generally expire in 5-10 years.

c. Drawbacks: While offering better flexibility than leaf certificate pinning, it still allows any certificate signed by the same intermediate certificate, which might be less secure. Offers less granularity compared to leaf certificate pinning.

2.3 Root Certificate:

a. Purpose: Provides minimal maintenance and maximum flexibility by pinning the root certificate.

b. Maintenance: Requires infrequent updates, as root certificates generally expire in 10-25 years.

c. Drawbacks: Limited ability to manage specific certificates, as all certificates signed by the root are trusted.

1. Potential for Compromise: A compromised root certificate affects all certificates signed by it, leading to widespread security issues.

2. Maintenance Complexity: Updating or replacing a root certificate is complex and can disrupt multiple services. Coordination with stakeholders and careful planning are needed for a smooth transition.

By understanding these details, you can better choose the pinning level that aligns with your app’s security needs and maintenance capabilities.

Types of Certificate Pinning In Detail :?

1. Certificate Pinning

Definition: Pinning the actual certificate presented by the server. Levels:

• Leaf Certificate: Pinning the specific server certificate.
• Intermediate Certificate: Pinning the intermediate certificate.
• Root Certificate: Pinning the root certificate.

Usage:

• Ensures that only the exact pinned certificates are trusted.
• Requires updates when certificates expire or change.

Advantages:

• Provides a high level of security, especially at the leaf level.
• Root certificate pinning requires minimal maintenance.

Disadvantages:

• Leaf and intermediate certificate pinning require frequent updates.
• Less flexibility if certificates need to change.

2. Public Key Pinning

Definition: Pinning the public key of the certificate. Levels:

• Leaf Certificate: Pinning the public key of the server certificate.
• Intermediate Certificate: Pinning the public key of the intermediate certificate.
• Root Certificate: Pinning the public key of the root certificate.

Usage:

• Any certificate with the pinned public key will be trusted.
• More flexible than certificate pinning since the certificate can change while the public key remains the same.

Advantages:

• Reduces the need for frequent updates.
• Maintains a high level of security.

Disadvantages:

• Requires careful management of key pairs.
• If the private key is compromised, the security is breached.

3. Hashkey Pinning

Definition: Pinning the hash of the public key or certificate. Levels:

• Leaf Certificate: Pinning the hash of the server certificate’s public key.
• Intermediate Certificate: Pinning the hash of the intermediate certificate’s public key.
• Root Certificate: Pinning the hash of the root certificate’s public key.

Usage:

• The app verifies the hash of the server’s certificate or public key against the pinned hash.
• Provides a flexible and secure method to ensure the integrity of the pinned keys or certificates.

Advantages:

• Secure and flexible.
• Reduces the need for frequent updates.

Disadvantages:

• Complex to implement and maintain.
• Requires careful management of hashed values.

?

Certificate Pinning in Mobile Apps

Implement the Pinning:

• Integrate the chosen pinning method and level into the app’s network security configuration.
• Ensure that the app verifies the pinned certificates, keys, or hashes during the SSL/TLS handshake.

Regular Maintenance and Updates:

• Monitor the expiry and renewal of certificates.
• Update the pinned certificates, keys, or hashes as necessary.
• Ensure that app updates are rolled out before the current certificates expire to avoid connection issues.

Best Practices

• Backup Pins: Include backup pins (e.g., multiple public keys) to handle unexpected certificate changes.
• Testing: Thoroughly test the pinning implementation to ensure it handles various scenarios (e.g., certificate renewal, key rotation).

By following these guidelines, you can effectively implement certificate pinning in your mobile app, enhancing its security against MITM attacks.