• español
    • English
  • Login
  • español 
    • español
    • English
  • Tipos de Publicaciones
    • bookbook partconference objectdoctoral thesisjournal articlemagazinemaster thesispatenttechnical documentationtechnical report
Ver ítem 
  •   IMDEA Networks Principal
  • Ver ítem
  •   IMDEA Networks Principal
  • Ver ítem
JavaScript is disabled for your browser. Some features of this site may not work without it.

A Comparative Analysis of Certificate Pinning in Android & iOS

Compartir
Ficheros
CR version (2.598Mb)
Identificadores
URI: https://hdl.handle.net/20.500.12761/1623
Metadatos
Mostrar el registro completo del ítem
Autor(es)
Pradeep, Amogh; Paracha, Muhammad Talha; Bhowmick, Protick; Davanian, Ali; Abbas, Razaghpanah; Chung, Taejoong; Lindorfer, Martina; Vallina-Rodriguez, Narseo; Levin, Dave; Choffnes, David
Fecha
2022-10
Resumen
TLS certificate pinning is a security mechanism used by applications (apps) to protect their network traffic against malicious certificate authorities (CAs), in-path monitoring, and other TLS tampering. Pinning can provide enhanced security to defend against malicious third-party access to sensitive data in transit (e.g.,to protect sensitive banking and health care information), but can also hide an app’s personal data collection from users and auditors. Prior studies found pinning was rarely used in the Android ecosystem; however, little is known about recent pinning usage on iOS and across mobile platforms. In this paper, we thoroughly investigate the use of certificate pinning on Android and iOS. We collect 5,079 unique apps from the two official app stores: 575 common apps, 1,000 popular apps each, and 1,000 randomly selected apps each. We develop novel, cross-platform, static and dynamic analysis techniques to detect certificate pinning, not only based on static configurations, but also its run-time use. We find certificate pinning as much as 4 times more widely adopted than reported in prior studies. More specifically, we find that at least 0.9% to 8% of Android apps and 2.5% to 11% of iOS apps use certificate pinning (depending on the above groups of apps). We then investigate which categories of apps most frequently use pinning (apps in the “finance” category), which destinations are typically pinned (first-party destinations vs those used by third-party libraries), which certificates are pinned and how they are pinned (CA vs leaf certificates), and the connection security for pinned connections vs unpinned ones (e.g., the use of weak ciphers or improper certificate validation). Last, we investigate how many pinned connections are amenable to binary instrumentation for revealing the contents of their connections, and for those that are, we analyze the data sent in pinned connections to understand what is protected by pinning.
Compartir
Ficheros
CR version (2.598Mb)
Identificadores
URI: https://hdl.handle.net/20.500.12761/1623
Metadatos
Mostrar el registro completo del ítem

Listar

Todo IMDEA NetworksPor fecha de publicaciónAutoresTítulosPalabras claveTipos de contenido

Mi cuenta

Acceder

Estadísticas

Ver Estadísticas de uso

Difusión

emailContacto person Directorio wifi Eduroam rss_feed Noticias
Iniciativa IMDEA Sobre IMDEA Networks Organización Memorias anuales Transparencia
Síguenos en:
Comunidad de Madrid

UNIÓN EUROPEA

Fondo Social Europeo

UNIÓN EUROPEA

Fondo Europeo de Desarrollo Regional

UNIÓN EUROPEA

Fondos Estructurales y de Inversión Europeos

© 2021 IMDEA Networks. | Declaración de accesibilidad | Política de Privacidad | Aviso legal | Política de Cookies - Valoramos su privacidad: ¡este sitio no utiliza cookies!