HTTP Public Key Pinning (HPKP): Difference between revisions

1. HTTP Public Key Pinning (HPKP)

HTTP Public Key Pinning (HPKP) was a security mechanism aiming to mitigate the risk of Man-in-the-Middle (MITM) attacks by associating a specific website with a specific cryptographic public key or public key certificate. While officially deprecated and effectively removed from modern browsers as of late 2020, understanding HPKP remains valuable for historical context, understanding the evolution of web security, and recognizing its remnants in legacy systems. This article provides a detailed explanation of HPKP, its functionality, implementation, limitations, and ultimate obsolescence.

Background: The Problem HPKP Addressed

The traditional system of establishing secure connections using HTTPS relies on a chain of trust anchored by Certificate Authorities (CAs). When a user visits a website using HTTPS, the web server presents a digital certificate issued by a CA. The user's browser verifies this certificate by checking:

• That the certificate is valid (not expired).
• That the certificate is issued by a trusted CA (one whose root certificate is pre-installed in the browser’s trust store).
• That the certificate's domain name matches the website being visited.

However, this system is not without vulnerabilities. A compromised CA, or a CA issuing a certificate fraudulently, can allow attackers to intercept and decrypt HTTPS traffic, performing a MITM attack. Although rare, these incidents have occurred. Digital Certificates are the foundation of trust, but that trust can be broken.

HPKP was designed to add an extra layer of security *on top* of the existing CA system. Instead of solely relying on the browser’s trust store, HPKP allowed a website to explicitly tell the browser which public keys (or certificates) it trusted. This acted as a form of "hard-coded trust," limiting the scope of potentially malicious CAs.

How HPKP Worked

HPKP functioned by the web server sending an HTTP header, `Public-Key-Pins`, to the user's browser. This header contained a list of expected public keys (or certificate fingerprints) that the browser should accept for that domain. The header included several directives which controlled the behavior of the pinning:

• **`pins`:** This directive contained the actual list of pins. Each pin specified a public key (typically a SHA-256 hash of the public key or certificate) and optionally, a validity period.
• **`pin-sha256`:** Used to specify the SHA-256 hash of the expected public key. This was the most common method.
• **`pin-sha1`:** (Deprecated) Used to specify the SHA-1 hash of the expected public key. Due to the known weaknesses of SHA-1, this method was strongly discouraged and eventually removed from consideration.
• **`includeSubDomains`:** If present, this directive indicated that the pinning policy applied to all subdomains of the current domain. This was a powerful but potentially dangerous setting, as errors in the policy could affect numerous sites.
• **`report-uri`:** A URL to which the browser would send a report if a certificate failed the pinning validation. This allowed website operators to monitor for potential issues and adjust their policies.
• **`max-age`:** Specifies the time, in seconds, for which the browser should cache the HPKP policy. This is crucial for performance, preventing the browser from having to check the header on every request.

When a user visited a website with HPKP enabled, the browser would:

1. Receive the `Public-Key-Pins` header. 2. Compare the certificate presented by the web server against the pins specified in the header. 3. If the certificate’s public key (or fingerprint) matched one of the pinned keys, the connection was allowed to proceed. 4. If no match was found, the browser would refuse the connection, displaying an error message to the user.

Implementation Details and Pin Generation

Implementing HPKP involved several steps:

1. **Obtain the Public Key or Certificate:** The website operator needed to obtain the public key from their SSL/TLS certificate. This could be done using OpenSSL or similar tools. 2. **Calculate the Hash:** Using tools like OpenSSL, the SHA-256 hash of the public key (or the entire certificate) was calculated. This hash would be used as the pin value. Example using OpenSSL:

   ```bash
   openssl x509 -in certificate.pem -pubkey -noout | openssl sha256
   ```

3. **Construct the `Public-Key-Pins` Header:** The calculated hash was then included in the `Public-Key-Pins` header, along with any desired directives (e.g., `includeSubDomains`, `max-age`, `report-uri`). For example:

   ```
   Public-Key-Pins: pin-sha256="your_sha256_hash"; includeSubDomains; max-age=31536000; report-uri="/hpkp-report"
   ```

4. **Deploy the Header:** The header was added to the web server’s configuration. This could be done through the web server’s control panel (e.g., Apache’s `.htaccess` file, Nginx’s configuration file) or through the website’s application code.

5. **Monitoring and Reporting:** The `report-uri` directive was used to monitor for pinning failures. Website operators could analyze these reports to identify potential issues and adjust their policies.

Tools like SSL Labs’ SSL Server Test provided functionality to check for HPKP configuration and identify potential problems.

The Problems with HPKP and Why it Was Deprecated

Despite its intentions, HPKP suffered from several significant drawbacks that ultimately led to its deprecation:

• **Pinning Errors & Lock-In:** The biggest problem was the potential for irreversible errors. If a website operator incorrectly configured HPKP (e.g., pinning an expired certificate or using an incorrect hash), users would be unable to access the site. The browser would refuse the connection, and there was no easy way for users to override the pinning policy. This led to a situation where a simple configuration mistake could effectively "lock" users out of a website.
• **Subdomain Issues:** The `includeSubDomains` directive, while convenient, amplified the risk of errors. A misconfiguration on the parent domain could affect all subdomains, potentially disrupting numerous services.
• **Certificate Rotation Challenges:** Rotating certificates (a necessary security practice) became significantly more complex with HPKP. The website operator had to ensure that the new certificate's public key was added to the HPKP policy *before* the old certificate expired. This required careful coordination and planning. Failures in this process could lead to outages.
• **Browser Support Fragmentation:** While major browsers initially supported HPKP, there were inconsistencies in implementation and support for different directives.
• **Increased Operational Complexity:** Managing HPKP required ongoing monitoring and maintenance, adding to the operational burden of website administrators.
• **Limited Adoption:** Despite its potential benefits, HPKP saw relatively limited adoption. Many website operators were hesitant to implement it due to the risks and complexity.

Due to these issues, Google, Mozilla, and Apple announced the deprecation of HPKP in 2016, with full removal completed by late 2020. Browsers stopped respecting the `Public-Key-Pins` header, effectively rendering it useless.

Alternatives to HPKP

With the deprecation of HPKP, several alternative security mechanisms have emerged:

• **Certificate Transparency (CT):** CT is a framework for publicly logging SSL/TLS certificates. This allows anyone to monitor for misissued certificates and helps to detect and prevent MITM attacks. Certificate Transparency Logs are crucial for modern security.
• **Automated Certificate Management Environment (ACME) & Let's Encrypt:** ACME and Let's Encrypt automate the process of obtaining and renewing SSL/TLS certificates, reducing the risk of expired certificates and simplifying certificate management.
• **Expect-CT:** Expect-CT builds upon Certificate Transparency by allowing websites to specify that they expect certificates to be logged in CT logs. If a certificate is not logged, the browser can take action, such as reporting the issue or refusing the connection. It’s a more flexible and less error-prone approach than HPKP.
• **HSTS (HTTP Strict Transport Security):** HSTS forces browsers to always connect to a website using HTTPS, preventing downgrade attacks. HSTS Preloading further enhances security by instructing browsers to enforce HSTS even before the first connection to the website.
• **DNS CAA (Certificate Authority Authorization):** CAA records in DNS allow a domain owner to specify which CAs are authorized to issue certificates for their domain, further limiting the risk of fraudulent certificate issuance.

These alternatives address the security concerns that HPKP aimed to solve, but without the inherent risks and complexities. They prioritize transparency, automation, and flexibility.

Legacy Considerations

While HPKP is no longer actively supported, it’s important to be aware of its potential presence in legacy systems. Older web applications or configurations might still include the `Public-Key-Pins` header. In such cases, it’s recommended to:

• **Remove the Header:** The safest course of action is to remove the `Public-Key-Pins` header altogether.
• **Monitor for Errors:** While browsers will ignore the header, monitoring server logs for any related errors can help identify potential issues.
• **Update Software:** Ensure that all web server software and related components are up-to-date to avoid any unexpected behavior.

Ignoring HPKP in legacy systems is generally safe, as browsers will simply disregard the header. However, proactively removing it eliminates any potential confusion or compatibility issues.

Conclusion

HTTP Public Key Pinning was an ambitious attempt to enhance web security by adding an extra layer of trust beyond the established CA system. However, its complexity, potential for irreversible errors, and challenges with certificate rotation ultimately led to its deprecation. Modern web security relies on more robust and flexible mechanisms such as Certificate Transparency, ACME, Expect-CT, and HSTS, which address the same security concerns without the inherent risks of HPKP. Understanding the history of HPKP provides valuable insight into the evolving landscape of web security and the importance of carefully considering the trade-offs between security and usability. The lessons learned from HPKP's failure have shaped the development of more effective and resilient security solutions. Web Security Best Practices are constantly evolving.

Man-in-the-Middle Attack Digital Certificates SSL/TLS Certificate Authority Certificate Transparency Logs HSTS HSTS Preloading DNS CAA SSL Labs’ SSL Server Test Web Security Best Practices

OWASP HPKP Project Stack Exchange - HPKP Cloudflare - HPKP is Dead Let's Encrypt Certificate Transparency RFC 7487 - HTTP Public Key Pinning DigiCert - HPKP Deprecation Google Security Blog - HPKP Deprecation Mozilla Security Blog - HPKP Deprecation WebKit - HPKP Removal PortSwigger - HPKP Akamai - HPKP Deprecated SSL Shopper - HPKP GlobalSign - What is HPKP? Comodo - HPKP Deprecation SearchSecurity - HPKP KeyCDN - HPKP Cloudflare - Certificate Transparency Cloudflare - ACME Cloudflare - Expect-CT Cloudflare - HSTS Cloudflare - DNS CAA Certificate Transparency - DigiCert ACME Protocol - DigiCert Expect-CT - DigiCert HSTS - DigiCert DNS CAA - DigiCert

Start Trading Now

Sign up at IQ Option (Minimum deposit $10) Open an account at Pocket Option (Minimum deposit $5)

Join Our Community

Subscribe to our Telegram channel @strategybin to receive: ✓ Daily trading signals ✓ Exclusive strategy analysis ✓ Market trend alerts ✓ Educational materials for beginners