What is SSL Pinning & How Does It Work?
SSL pinning, also known as certificate pinning, is a security mechanism used to prevent man-in-the-middle (MITM) attacks that can intercept and decrypt sensitive information sent over SSL/TLS connections.
SSL pinning provides an extra layer of protection by binding an application to the specific certificate or public key of a host. This prevents the app from trusting fraudulent certificates issued by compromised certificate authorities.
SSL pinning is an important security mechanism for apps transmitting susceptible information like financial, healthcare, or proprietary corporate data. It ensures the app only communicates with the intended legitimate server and avoids MITM attacks.
However, implementing SSL pinning does come with challenges, such as properly managing pinned certificates and keys during updates and rotations. Failing to implement pinning correctly can break apps and block communication.
This guide provides an in-depth look at how SSL pinning works, why it’s important, different methods of implementing it, and its advantages and disadvantages.
Key Takeaways
- SSL pinning binds an app to specific certificates or public keys associated with a host. This prevents the app from trusting fraudulent certificates.
- It works by hardcoding the server’s certificate or public key into an app’s code. The app will only accept that specific certificate or key.
- SSL pinning is necessary for security-sensitive apps like banking and healthcare to prevent MITM attacks.
- Implementing pinning requires developers to do extra work updating the pins when certificates rotate. Failing to update can break the app.
- Different methods of pinning exist at both the app and network levels. Common options are certificate pinning, public key pinning, and hostname pinning.
- Alternatives like certificate transparency and HPKP provide ways to detect fraudulent certificates without some downsides of pinning.
How Does SSL Pinning Work?
SSL pinning works by hardcoding information about a server’s certificate or public key directly into an application’s source code. During secure connection establishment, the app will compare the pinned information against the certificate or public key presented by the server.
If the pinned details match the server’s, the connection is allowed. If the certificate or public key does not match, the app immediately blocks the connection and does not allow any sensitive data to be transmitted.
This differs from the standard SSL/TLS trust model, where apps rely on hundreds of trusted root certificate authorities (CAs) that can issue certificates for any domain. SSL pinning essentially overrides this trust and forces the app only to accept a specific certificate or public key for that domain or server.
By binding the app directly to the server’s identity, SSL pinning aims to prevent man-in-the-middle attacks that rely on spoofing certificates and keys. Even if an attacker obtains a valid certificate for the domain through a compromised CA, the pinned app will reject it and block the fraudulent connection.
However, pinning also introduces management challenges. If a pinned certificate expires or is revoked and updated on the server, the app needs its pinned certificate updated as well. This requires updating and redeploying the app code base with the new certificate or key – a process that developers must manage proactively.
Why is SSL Pinning Important for Security?
SSL pinning addresses vulnerabilities in the overall SSL/TLS public key infrastructure (PKI) system:
Compromised Certificate Authorities
Hundreds of trusted root CAs exist that all browsers and apps trust by default to issue certificates for any domain. If just one of these CAs is hacked or compromised, it can be abused to issue fraudulent certificates for spoofing attacks.
Domain Validation Only
When issuing SSL certificates for a domain, CAs only verify control of that domain through Domain Validation SSL. No Extended Validation SSL of the legitimate business is done. This allows certificates to be obtained for phishing sites impersonating businesses.
No Way to Identify Spoofed Certs
Even if a fraudulent certificate is identified after being used in an attack, browsers and apps cannot reliably tell that it should no longer be trusted. Revocation lists should be checked more consistently, if at all.
By pinning a specific certificate or public key directly in the app code, SSL pinning guarantees that the app will only communicate with the intended host server, regardless of the state of CAs or certificates.
When is SSL Pinning Most Important?
While SSL pinning improves security for any app sending sensitive data, it becomes even more critical for apps transmitting highly confidential information like:
- Financial Apps are banking, investment, and trading apps that access account balances, enable transactions, or integrate with financial institutions.
- Healthcare Apps: Medical apps that deal with patient health records, lab results, prescriptions, insurance claims, and other protected health information (PHI).
- Government Apps: Apps used by government agencies and partners that share confidential information like citizen data, law enforcement details, classified data, and more.
- Corporate Apps: Enterprise apps that allow remote employees to securely access proprietary intellectual property, trade secrets, HR records, customer data, and other sensitive company resources.
For these categories of apps, a successful MITM attack resulting in compromised sensitive data could have severe regulatory, legal, and financial consequences. The extra assurances provided by SSL pinning are critical.
What are the Methods of SSL Pinning?
There are a few different technical methods that can be used to implement SSL pinning at both the app level and network level:
Certificate Pinning
This approach pins one or more entire SSL certificate files from the server. The app has the certs bundled in its codebase. During the SSL handshake, it compares the full-served certificate against its pinned certs and only connects if there’s an exact match.
- More Secure: Pins the entire certificate, including session keys used in establishing encryption. There is a better chance of detecting spoofing.
- More Maintenance: Need to update pinned certs whenever host certs are updated, rotated, or revoked.
Public Key Pinning
Rather than pinning full certificates, the app is coded with the public keys of the server certificates. The app verifies the public key of any served certificate matches its pinned keys before connecting.
- Easier Maintenance: You only need to update the pins when the certificate authority changes. You can usually reuse existing pins during minor cert changes.
- Less Secure: Only verifies public key matches. Do not check the full certificate contents.
Hostname Pinning
This technique hardcodes the allowed hostname(s) the app can connect to rather than pinning SSL certificates themselves. The app verifies the hostname in any served certificate matches before connecting.
- Most accessible Maintenance: There are no issues with updating pins as certs change. You only need to update the hostname if the DNS record ever changes.
- Least Secure: Only verifies hostname – no assurance on the validity of the certificate or public key.
Additional App-Level Pinning Options
Beyond the main methods above, there are some additional pinning options available at the app level:
- Pin the Certificate Chain: Rather than pin only the end-entity cert from the server, the app can pin the entire chain of intermediate and root certificates used to issue the end cert. It provides more validation but requires more maintenance when any cert in the chain is updated.
- Pin Multiple Certificates or Keys: For redundancy, apps can pin multiple certificates or public keys. If one pin fails to validate, the connection can still succeed if any of the other pins match the server. Requires more storage and maintenance.
- Pin Digests vs Full Certs: Rather than pinning full certificate files, apps can pin pre-computed digests of certificates like their SHA-256 fingerprint. It saves storage compared to full certificates while still allowing pinning validation.
- CRL Sets: Certificate revocation lists (CRLs) allow CAs to revoke bad certificates. Apps can pin sets of revoked certificates in CRLSets and reject any served cert contained in the set. CRL Sets can complement pins of valid certs.
- TOFU: Trust on First Use: With TOFU, the first certificate received from a server is pinned. Any different cert served on subsequent connections blocks the connection. Avoid the need to hardcode pins, but less flexible.
- Blocklisting: Pin known-bad certificates to reject rather than allowing valid pins. It can protect against some CAs without needing to pin all good certs.
Network-Level Pinning Options
Beyond implementing pinning logic at the app level, there are also some ways to enforce pinning at the network level:
- Enterprise Proxies: Enterprise proxies and firewalls can allow allowed certificates and block traffic that doesn’t match. They can also apply pinning rules to all apps without app-specific logic.
- HSTS Preloading: HSTS websites can be preloaded into browsers that always require HTTPS. The preloaded hostnames can then be pinged.
- VPN Pinning: Configure VPN clients to only trust specific pinned server certificates. Reject any connection to the VPN gateway if the certificate doesn’t match the expected one.
- Browser Extensions: Browser add-ons like Certificate Patrol can check sites against pinned certificates and alert users of mismatches. They provide protection for users without app changes.
- Mobile Device Management: MDM profiles on managed mobile devices can allow valid certificates and restrict untrusted connections. They can also apply network-layer pinning.
- Network Firewalls: Next-gen firewalls can perform SSL inspection to check certificates and block traffic that doesn’t match approved pins.
- Web Application Firewalls: WAFs on proxies can be configured with rules to check and enforce pinned certs for protected sites and apps.
- SIEM Integration: Feed SIEM systems with known-good pins so certificate anomalies trigger alerts. Help quickly detect potential MITM attacks.
Implementing SSL Pinning in Apps
To implement SSL pinning, developers need to take the following steps:
Obtain a Certificate or Public Key
First, export the target certificate or public key from the server to the pin. For certificate pinning, this is the entire end-entity certificate file in PEM or DER format. For public key pinning, extract just the public key portion.
Embed Pinned Data in App Code
Next, directly embed the pinned certificate data or public key as a string constant or byte array in the app codebase. This hardcodes the pin into the app.
Verify Pins During SSL Handshake
When establishing the SSL connection to the server, the app should verify that the served certificate or key matches its hardcoded pin data before sending any application data.
Manage Pin Rotations
Put processes in place to update the pinned certificates or keys in the app when the server certificates are changed over time. This allows the app to always connect successfully after shifts like renewals or migrations to new CAs.
Optional: Implement Pin Failure Guidelines
Decide how the app should handle failures during pin validation:
- Completely failed closed without allowing any connection.
- Fail closed but notify the user of the issue.
- Allow connection but notify user certificate changed.
- Temporarily allows connection and gracefully degrade the experience.
Adjust based on security vs. availability requirements.
Pros and Cons of SSL Pinning
Advantages of SSL pinning include:
- Strong protection against MITM attacks and spoofing
- Guarantees app only connects to an intended legitimate server
- Secures sensitive apps transmitting confidential data
- It is hard for attackers to bypass or circumvent pins
Disadvantages or challenges with pinning include:
- Requires extra development and maintenance work to manage pins
- Can break apps if pins are not updated along with server changes
- Limited agility if you need to change certificates or keys quickly
- Redundant pins are required to avoid a single point of failure
- Traffic eavesdropping is still possible even with successful pins
Organizations should weigh the security benefits vs. operational tradeoffs to determine if pinning is appropriate on a per-app basis.
SSL Pinning Alternatives
If the management overhead of actively pinning certificates presents too many challenges, there are a couple of standards that provide some similar protections without that burden:
Certificate Transparency (CT)
Certificate Transparency provides public audit logs of all certificates issued by CAs. Admins can monitor these logs to detect improperly issued certificates. This requires no app changes but limited prevention.
HTTP Public Key Pinning (HPKP)
The browser mechanism allows sites to pin keys that browsers will enforce on future visits. Pins are set via HTTP headers. It protects users from MITM but still needs to manage pins actively.
Domain-Validated (DV) Certificates
Ensuring all public-facing sites only use domain-validated SSL certificates can help reduce the potential for spoofing compared to organizational (OV) certs.
Certificate-Based Client Authentication
Requiring clients to authenticate servers with client certificates helps prove the legitimacy of both the client and the server.
Conclusion
SSL pinning protects apps transmitting susceptible data by directly binding app trust to specific server certificates or public keys. This prevents man-in-the-middle attacks from being able to intercept encrypted traffic, even if they obtain valid certificates for the domain.
However, implementing pinning properly requires planning and processes to manage pin rotations alongside server certificate changes and updates. For high-security apps, the additional work and testing involved with pinning is typically worth it to ensure user data and privacy stay protected.
Frequently Asked Questions (FAQ)
What are the differences between certificate pinning and public key pinning?
Certificate pinning verifies the entire certificate contents, including session keys for encryption. Public key pinning only verifies the public key portion of the certificate, providing less assurance but easier maintenance when certificates are updated.
Does SSL pinning completely prevent man-in-the-middle attacks?
SSL pinning prevents the interception of encrypted application data by blocking connections with unexpected certificates. However, passive network eavesdropping cannot be prevented if an attacker is positioned to intercept all traffic between the app and the server.
How should app developers manage expiring pinned certificates?
Apps should ideally have automated monitoring and alerts for pinned certificate expirations. Developers need to proactively update the pinned certs in their codebase with renewed certificates from the server before old ones expire.
Can SSL pinning be implemented without coding changes to apps?
Some network-level options, like enterprise proxies and firewall rules, can enforce pinned certificates without changing the app code. HSTS preloading also lets browsers reject unpinned hosts. However, most robust pinning requires coding apps.
What happens if an app’s pinned certificate is incorrectly updated?
If the pinned certificate embedded in an app does not match the current valid certificate on the server, it will block all connections by failing validation. Apps need thorough testing and rollback plans when updating pins.
Priya Mervana
Verified Web Security Experts
Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.
![What is Certificate Revocation List [CRL]?](https://sslinsights.com/wp-content/uploads/2024/01/certificate-revocation-list-crl.png)
