To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections
M. Oltrogge, Y. Acar, S. Dechand, M. Smith, и S. Fahl. 24th USENIX Security Symposium (USENIX Security 15), стр. 239--254. Washington, D.C., USENIX Association, (августа 2015)
Аннотация
For increased security during TLS certificate validation, a common recommendation is to use a variation of pinning. Especially non-browser software developers are encouraged to limit the number of trusted certificates to a minimum, since the default CA-based approach is known to be vulnerable to serious security threats.
The decision for or against pinning is always a tradeoff between increasing security and keeping maintenance efforts at an acceptable level. In this paper, we present an extensive study on the applicability of pinning for non-browser software by analyzing 639,283 Android apps. Conservatively, we propose pinning as an appropriate strategy for 11,547 (1.8%) apps or for 45,247 TLS connections (4.25%) in our sample set. With a more optimistic classification of borderline cases, we propose pinning for consideration for 58,817 (9.1%) apps or for 140,020 (3.8%1) TLS connections. This weakens the assumption that pinning is a widely usable strategy for TLS security in non-browser software. However, in a nominalactual comparison, we find that only 45 apps actually implement pinning. We collected developer feedback from 45 respondents and learned that only a quarter of them grasp the concept of pinning, but still find pinning too complex to use. Based on their feedback, we built an easy-to-use web-application that supports developers in the decision process and guides them through the correct deployment of a pinning-protected TLS implementation.
%0 Conference Paper
%1 oltrogge2015pintextemdashhelping
%A Oltrogge, Marten
%A Acar, Yasemin
%A Dechand, Sergej
%A Smith, Matthew
%A Fahl, Sascha
%B 24th USENIX Security Symposium (USENIX Security 15)
%C Washington, D.C.
%D 2015
%I USENIX Association
%K android myown security ssl usable
%P 239--254
%T To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections
%U https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/oltrogge
%X For increased security during TLS certificate validation, a common recommendation is to use a variation of pinning. Especially non-browser software developers are encouraged to limit the number of trusted certificates to a minimum, since the default CA-based approach is known to be vulnerable to serious security threats.
The decision for or against pinning is always a tradeoff between increasing security and keeping maintenance efforts at an acceptable level. In this paper, we present an extensive study on the applicability of pinning for non-browser software by analyzing 639,283 Android apps. Conservatively, we propose pinning as an appropriate strategy for 11,547 (1.8%) apps or for 45,247 TLS connections (4.25%) in our sample set. With a more optimistic classification of borderline cases, we propose pinning for consideration for 58,817 (9.1%) apps or for 140,020 (3.8%1) TLS connections. This weakens the assumption that pinning is a widely usable strategy for TLS security in non-browser software. However, in a nominalactual comparison, we find that only 45 apps actually implement pinning. We collected developer feedback from 45 respondents and learned that only a quarter of them grasp the concept of pinning, but still find pinning too complex to use. Based on their feedback, we built an easy-to-use web-application that supports developers in the decision process and guides them through the correct deployment of a pinning-protected TLS implementation.
%@ 978-1-931971-232
@inproceedings{oltrogge2015pintextemdashhelping,
abstract = {For increased security during TLS certificate validation, a common recommendation is to use a variation of pinning. Especially non-browser software developers are encouraged to limit the number of trusted certificates to a minimum, since the default CA-based approach is known to be vulnerable to serious security threats.
The decision for or against pinning is always a tradeoff between increasing security and keeping maintenance efforts at an acceptable level. In this paper, we present an extensive study on the applicability of pinning for non-browser software by analyzing 639,283 Android apps. Conservatively, we propose pinning as an appropriate strategy for 11,547 (1.8%) apps or for 45,247 TLS connections (4.25%) in our sample set. With a more optimistic classification of borderline cases, we propose pinning for consideration for 58,817 (9.1%) apps or for 140,020 (3.8%1) TLS connections. This weakens the assumption that pinning is a widely usable strategy for TLS security in non-browser software. However, in a nominalactual comparison, we find that only 45 apps actually implement pinning. We collected developer feedback from 45 respondents and learned that only a quarter of them grasp the concept of pinning, but still find pinning too complex to use. Based on their feedback, we built an easy-to-use web-application that supports developers in the decision process and guides them through the correct deployment of a pinning-protected TLS implementation.},
added-at = {2015-12-07T21:09:02.000+0100},
address = {Washington, D.C.},
author = {Oltrogge, Marten and Acar, Yasemin and Dechand, Sergej and Smith, Matthew and Fahl, Sascha},
biburl = {https://www.bibsonomy.org/bibtex/2a1a991d93e4f9ef4e0b01ba289f6f0fc/fahl},
booktitle = {24th USENIX Security Symposium (USENIX Security 15)},
interhash = {d24222ab67cfaed46b15c4ce99c0d9c4},
intrahash = {a1a991d93e4f9ef4e0b01ba289f6f0fc},
isbn = {978-1-931971-232},
keywords = {android myown security ssl usable},
month = aug,
pages = {239--254},
publisher = {USENIX Association},
timestamp = {2015-12-07T21:09:02.000+0100},
title = {To Pin or Not to Pin{\textemdash}Helping App Developers Bullet Proof Their TLS Connections},
url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/oltrogge},
year = 2015
}