Synopsis: HTTP Public Key Pinning is a controversial security standard created and championed by Google and now abandoned by them,
and Firefox and Opera are likely not far behind. It was meant to mitigate one attack method, but created an even more dangerous one in the process.
-- by Arthur J Musgrove
What problem does HPKP attempt to solve?
Internet communications are secured by TLS/SSL usually using the https protocol.
This encryption ensures that an attacker cannot eavesdrop on communication.
The encryption depends on certificates that confirm a site is
who it says it is and provides the entry codes to the mathematical process
used to encrypt the communication.
If an attacker is able to replace the certificate either on the server
itself, or at any point along the way, an attacker could masquerade
as a legitimate site and intercept or even modify traffic. To understand
a key risk HPKP is used to address, you need to understand
the concept of a Man-in-the-Middle Attack.
Man-in-the-Middle (MITM) Attacks
The way TLS/SSL encrypted communication usually works on the Internet
is that a server sends its public key to the client, the
client performs some validation on that key (primarily that it is
signed by a trusted certificate authority), and then uses
that certificate as input into the mathematical and process steps
to establish an encrypted channel to the server so your communication
cannot be intercepted.
This article is not going to be a tutorial on cryptography, if
you are unfamiliar with encryption certificates, on the address
bar of the browser on which you are reading this article, you
should see a lock symbol, indicating your communication is secure.
Depending on your browser, you should be able to click on that
lock and select "show certificate" or something similar.
If you select that you will see that the certificate for
ajmusgrove.com was signed by the Amazon Root Certificate Authority.
That Root CA is one of the certificates that is built into
your browser, and the reason your browser will trust the
ajmusgrove.com certificate, which it never saw before, is it
is signed by the Amazon Root CA, which is a certificate that
your browser trusts and trusts to vouch for other certificates.
In a Man-in-the-Middle Attack, there is an intermediate point between
the server and the client. The intermediate point establishes
the channel to the server using the server's legitimate
certificate, then establishes the secure communication with the
client using a different certificate. Usually this is attempted
with a malicious, self-signed certificate and the browser
warns the user, but if the user accepts the warning (user's
more often than you'd believe will) or the attacker
uses a legitimately signed certificate on a very similar looking
domain, then they can sit in the middle of the communication
watching or even manipulating communication. You can see
how devastating that type of attack can be!
What did HPKP do?
With HPKP, you could tie your site to a specific certificate, or more
usually a signing certificate authority, for a period of time. This
means if an attacker were able to compromise your site with a new
certificate, or able to conduct a successful MITM attack,
the client would simply refuse to operate.
It does this by implementing the header Public-Key-Pins. This header
sends a set of hashes of acceptable certificates as well as
a period of time the client should only use these certificates. It
does this with a 'trust first' strategy. The first time
the Public-Key-Pins header is received, the client 'learns'
the proper signatures, and until it expires will only use
security certificates with those signatures.
What is the problem?
The key problem with HPKP, beyond its ability to brick websites in
case of certificate or CA changes, is that it opened up the ability
of an attack to hijack a site and ransom it back to the owner. If
an attacker could insert it's own certificate and convince
clients to pin it for 2 years, there was little an owner could
do to undo that action.
After that, there are multiple types of malicious things an
attacker could do. All of them though boil down to selling
you the certificate that was now pinned in all clients
to your site, and threaten to effectively brick your
site if you refused to pay up.
Does HPKP have a future?
No. There have been a series of fixes proposed, but all are complex
and introduce their own problems or weaken the original intent
so much as to make the standard pointless. HPKP was never
supported in Safari, IE or Edge. With Chrome dropping it, while
it is still supported in Firefox and Opera, it's hard to believe
they will not drop support soon.
The idea was good and the problem it addressed real, but
as sometimes happens, in this case the cure was worse than
All views expressed in this article are my own and do not represent the
opinions of any other entity whatsoever with which I have been, am now
or will ever be affiliated. No assurance of accuracy is given and
any use of any information provided is entirely at your own risk. The
author assumes no responsibility or liability for any errors or
omissions in the content of this article. No infomration provided is intended
to be a source of investment advise or credit analysis with respect to
any material presented or otherwise. Nothing contained in this article
is intended to defame or harm any person, business or other entity.
The author retains sole and exclusive
ownership of all material herein.