HTTPSの基本から NetworkSecurityConfigまで

%SPJE,BJHJ )5514ͷجຊ͔Β  /FUXPSL4FDVSJUZ$POpH·Ͱ ೋ֊ಊ ว (Amane Nikaido) @a2kaido

ࣗݾ঺հ • ௨৴͕޷͖Ͱ͢ • conbu͞Μͷ͓ख఻͍Λ  ͠·ͨ͠

ຊηογϣϯͷத਎ • HTTPS௨৴ͷ໾ׂͱ࢓૊Έ • NetworkSecurityConfigʹ͍ͭͯ • NΑΓલͷPinning Certificates • Pinning
Certificatesͷӡ༻

എܠ • ެऺແઢLANʹ઀ଓ͢Δػձͷ૿Ճ • ௨৴಺༰ͷ౪ௌ΍վ᜵ͷՄೳੑ͕͋Δ

2014೥ SSLূ໌ॻݕূͷ஫ҙשى

2016೥ HTTPSͷεεϝ • Protecting against unintentional regressions to cleartext traﬃc
in your Android apps  https://android-developers.googleblog.com/2016/04/protecting-against-unintentional.html • Mythbusting HTTPS: Squashing security’s urban legends - Google I/O 2016  https://www.youtube.com/watch?v=YMfW1bfyGSY

2017೥ Android Developers Blog • 2018/11·ͰʹTarget API levelΛ26Ҏ্ʹ  ͠·͠ΐ͏ •
Android N͔ΒϢʔβʔ͕Πϯετʔϧ  ͨ͠ϧʔτূ໌ॻΛ৴པ͠ͳ͍Α͏ʹ https://android-developers.googleblog.com/2017/12/improving-app-security-and- performance.html

https://goo.gl/n4Aahh

Androidͷ  Ξοϓσʔτ

Android M • usesCleartextTraﬃc • ฏจͰͷ௨৴Λېࢭ͢Δઃఆ <application   …  android:usesCleartextTraﬃc=“false”> 
…  </application>

Android N • Ϣʔβ͕Πϯετʔϧͨ͠ϧʔτূ໌ॻ  Λ৴པ͠ͳ͍ • NetworkSecurityConﬁg • ฏจͰͷ௨৴ͷ཈ࢭ •
CAͷΞϯΧʔ • Pinning Certiﬁcates(ϐϯཹΊ)

ͦ΋ͦ΋HTTPSͱ͸

҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ

҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ ҉߸Խ͞Ε͍ͯͯ  ౪ௌ͞Εͳ͍͜ͱ

҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ վ͟Μ͕ͳ͘  ׬શͰ͋Δ͜ͱ

҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ ਖ਼͍͠௨৴ઌͱ  ௨৴͍ͯ͠Δ͜ͱ

҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ HTTPSͰ҆શੑ͕୲อ͞Ε͍ͯΔ͸ͣͰ͸ʁ

HTTPS௨৴Λ͢ΔͨΊͷ  ূ໌ॻͷ࿩

Client Server

Client Server ΄Μͱʹਖ਼͍͠௨৴૬खͳͷ͔ͳʁ

Client Server ΄Μͱʹਖ਼͍͠௨৴૬खͳͷ͔ͳʁ Certiﬁcation Authority(ೝূہ)

Client Server Certiﬁcation Authority(ೝূہ) ϧʔτূ໌ॻ

Client Server Certiﬁcation Authority(ೝূہ) ϧʔτূ໌ॻ ॺ໊෇͖  SSLূ໌ॻൃߦ

Client Server Certiﬁcation Authority(ೝূہ) ϧʔτূ໌ॻ ॺ໊෇͖  SSLূ໌ॻൃߦ SSLূ໌ॻ

Client Server Certiﬁcation Authority(ೝূہ) ϧʔτূ໌ॻ ॺ໊෇͖  SSLূ໌ॻൃߦ SSLূ໌ॻ CAͷॺ໊͕͋Δ͔Β  ؒҧ͍ͳ͍

HTTPS௨৴ͷ  ϋϯυγΣΠΫ

HTTPS௨৴ͷྲྀΕ 1/4 ClientHello Client Server

HTTPS௨৴ͷྲྀΕ 2/4 ClientHello Client Server ServerHello Certiﬁcate

HTTPS௨৴ͷྲྀΕ 2/4 ClientHello Client Server ServerHello Certiﬁcate ূ໌ॻΛνΣοΫ  ৴པ͢ΔCAͷॺ໊͕͋Δ͔

HTTPS௨৴ͷྲྀΕ 3/4 ClientHello Client Server ServerHello Certiﬁcate Finish Finish

HTTPS௨৴ͷྲྀΕ 4/4 ClientHello Client Server ServerHello Certiﬁcate Finish Finish HTTPS

தؒऀ߈ܸ Client Server

தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ

தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ ূ໌ॻΛࠩ͠ସ͑

தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ ِ෺ͷূ໌ॻ

தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ ِ෺ͷূ໌ॻ Finish Finish Finish
Finish HTTPS HTTPS

தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ ِ෺ͷূ໌ॻ Finish Finish Finish
Finish HTTPS HTTPS ͜͜Ͱূ໌ॻͷݕূΛ  ͍ͯ͠ΔͷͰ͸ʁ

ِ෺ͷূ໌ॻΛ৴པʁ • ߈ܸऀΛCAͱͯ͠৴པ͍ͯ͠Δ  (ϧʔτূ໌ॻΛΠϯετʔϧ͍ͯ͠Δ) Մೳੑ • ߈ܸऀ͕CA͔Βॺ໊෇͖ূ໌ॻΛ  औಘͨ͠Մೳੑ

ِ෺ͷূ໌ॻΛ৴པʁ • ߈ܸऀΛCAͱͯ͠৴པ͍ͯ͠Δ  (ϧʔτূ໌ॻΛΠϯετʔϧ͍ͯ͠Δ) Մೳੑ • ߈ܸऀ͕CA͔Βॺ໊෇͖ূ໌ॻΛ  औಘͨ͠Մೳੑ ৴པ͢ΔCAΛ੍ݶ͢Ε͹๷͛Δ

ِ෺ͷূ໌ॻΛ৴པʁ • ߈ܸऀΛCAͱͯ͠৴པ͍ͯ͠Δ  (ϧʔτূ໌ॻΛΠϯετʔϧ͍ͯ͠Δ) Մೳੑ • ߈ܸऀ͕CA͔Βॺ໊෇͖ূ໌ॻΛ  औಘͨ͠Մೳੑ αʔό͕ฦ٫͢Δਖ਼͍͠ূ໌ॻΛ  ͋Β͔͡Ί஌͍ͬͯΕ͹๷͛Δ

Android N • Ϣʔβ͕Πϯετʔϧͨ͠ϧʔτূ໌ॻ  Λ৴པ͠ͳ͍ • NetworkSecurityConﬁg • ฏจͰͷ௨৴ͷ཈ࢭ •
CAͷΞϯΧʔ • Pinning Certiﬁcates(ϐϯཹΊ)

NetworkSecurityConﬁg  (Android NҎ߱)

NetworkSecurityConﬁg • ฏจͰͷ௨৴ͷ཈ࢭ • CAͷΞϯΧʔ • Pinning Certiﬁcates(ϐϯཹΊ)

ઃఆํ๏ • res/xml/network_security_config.xml • ઃఆ಺༰Λهड़ • AndroidManifest.xml <application   … 
android:networkSecurityConfig="@xml/network_security_config">  …  </application>

ฏจͰͷ௨৴ͷ཈ࢭ <network-security-config> <domain-config cleartextTrafficPermitted="false"> <domain includeSubdomains="true">secure.example.com</domain> </domain-config> </network-security-config>

CAͷΞϯΧʔ <network-security-config> <domain-config> <domain includeSubdomains="true">secure.example.com</domain> <domain includeSubdomains="true">cdn.example.com</domain> <trust-anchors> <certificates src="@raw/trusted_roots"/>
</trust-anchors> </domain-config> </network-security-config>

Pinning Certiﬁcates (ϐϯཹΊ) <network-security-config> <domain-config> <domain includeSubdomains="true">example.com</domain> <pin-set expiration="2018-01-01"> <pin
digest=“SHA-256”>{ hash value }</pin>  <pin digest=“SHA-256”>{ hash value }</pin> </pin-set> </domain-config> </network-security-config>

Pinning Certiﬁcates <network-security-config> <domain-config> <domain includeSubdomains="true">example.com</domain> <pin-set expiration="2018-01-01"> <pin digest=“SHA-256”>{
hash value }</pin>  <pin digest=“SHA-256”>{ hash value }</pin> </pin-set> </domain-config> </network-security-config> PinningͷظݶΛઃఆՄೳ  ୺຤ͷγεςϜ࣌ؒͱͷൺֱ

hash value }</pin>  <pin digest=“SHA-256”>{ hash value }</pin> </pin-set> </domain-config> </network-security-config> αʔόʔͷSSLূ໌ॻͷϋογϡ஋Λઃఆ

hash value }</pin>  <pin digest=“SHA-256”>{ hash value }</pin> </pin-set> </domain-config> </network-security-config> base64 encoded digest of  X.509 SubjectPublicKeyInfo (SPKI)

digestͷ࡞Γํ (खݩͷূ໌ॻͰ) ιʔε: https://github.com/datatheorem/TrustKit/blob/master/ get_pin_from_certiﬁcate.py $ python get_pin_from_certificate.py ca.pem

digestͷ࡞Γํ (αʔόʔ͔Β) $ openssl s_client \ -connect <hostname>:<port> \ |
openssl x509 -pubkey -noout \ | openssl rsa -pubin -outform der \ | openssl dgst -sha256 -binary \ | openssl enc -base64

NetworkSecurityConﬁg ͷιʔείʔυ΁ͷ༠͍

ؾ࣋ͪ • ͳʹ͔͋ͬͨ࣌ʹௐࠪ͠΍͍͢ • ؾʹͳΔڍಈΛ֬ೝͰ͖ΔΑ͏ʹͳΔ

ؔ࿈Ϋϥε • ManifestConfigSourceΫϥε • ઃఆͷಡΈࠐΈ • XmlConfigSourceΫϥε • network_security_config.xmlΛύʔε

ؔ࿈Ϋϥε • NetworkSecurityConﬁgΫϥε • XmlConﬁgSourceͰΠϯελϯεԽ͞ΕΔ • NetworkSecurityTrustManagerΫϥε • ূ໌ॻνΣοΫͱPinningνΣοΫΛ࣮ࢪ •
ূ໌ॻνΣοΫ࣮ॲཧ͸delegateͷ TrustManagerImplʹ೚ͤΔ

ؔ࿈Ϋϥε • TrustManagerImplΫϥε • ূ໌ॻνΣοΫͷ࣮૷ • https://github.com/google/conscrypt/blob/master/platform/ src/main/java/org/conscrypt/TrustManagerImpl.java • ߹ΘͤͯಡΉͱྑ͍ 
https://developer.android.com/training/ articles/security-ssl.html

hash value }</pin>  <pin digest=“SHA-256”>{ hash value }</pin> </pin-set> </domain-config> </network-security-config> PinningͷظݶΛઃఆՄೳ  ୺຤ͷγεςϜ࣌ؒͱͷൺֱ   ࠶ ׃

NetworkSecurityTrustManager private void checkPins(List<X509Certificate> chain) throws CertificateException { PinSet pinSet
= mNetworkSecurityConfig.getPins(); if (pinSet.pins.isEmpty() || System.currentTimeMillis() > pinSet.expirationTime || !isPinningEnforced(chain)) { return; } … } PinningͷظݶΛઃఆՄೳ  ୺຤ͷγεςϜ࣌ؒͱͷൺֱ

஫ҙ • ʮશͯཧղͨ͠ʯͱ͍ͬͯࣗ෼Ͱ  ࣮૷͠ͳ͍͜ͱ

Android NΑΓલͰ΋  Pinning Certiﬁcates͢Δ

Pinning Certiﬁcates (ϐϯཹΊ) ɹ TrustKit-AndroidΛར༻ ɹ OkHttpClientͷcertiﬁcatePinnerΛར༻

Pinning Certiﬁcates (ϐϯཹΊ) → TrustKit-AndroidΛར༻ ɹ OkHttpClientͷcertiﬁcatePinnerΛར༻

TrustKit-AndroidΛར༻ • API 15+ • MIT License • NetworkSecurityConﬁgͷઃఆΛ  ಡΈࠐΜͰূ໌ॻͷݕূΛ͢Δ

TrustKit-AndroidΛར༻ TrustKit.initializeWithNetworkSecurityConfiguration(this); URL url = new URL("https://www.datatheorem.com"); String serverHostname =
url.getHost(); // HttpsUrlConnection HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); connection.setSSLSocketFactory( TrustKit.getInstance().getSSLSocketFactory(serverHostname) ); // OkHttp 3.3.x and higher OkHttpClient client = new OkHttpClient().newBuilder() .sslSocketFactory( TrustKit.getInstance().getSSLSocketFactory(serverHostname), TrustKit.getInstance().getTrustManager(serverHostname) ) .build(); }

Pinning Certiﬁcates ɹ TrustKit-AndroidΛར༻ → OkHttpClientͷcertiﬁcatePinnerΛར༻

OkHttpClientͷcertiﬁcatePinnerΛར༻ public void run() throws Exception { OkHttpClient client =
new OkHttpClient.Builder() .certificatePinner(new CertificatePinner.Builder() .add("publicobject.com", “sha256/{ hash value }”) .build()) .build(); Request request = new Request.Builder() .url("https://publicobject.com/robots.txt") .build(); Response response = client.newCall(request).execute(); }

OkHttpClientͷcertiﬁcatePinnerΛར༻ public void run() throws Exception { OkHttpClient client =
new OkHttpClient.Builder() .certificatePinner(new CertificatePinner.Builder() .add("publicobject.com", “sha256/{ hash value }”) .build()) .build(); Request request = new Request.Builder() .url("https://publicobject.com/robots.txt") .build(); Response response = client.newCall(request).execute(); } PinningͷظݶΛઃఆ͸ෆՄ

Pinning Certiﬁcatesͷ  ӡ༻

ӡ༻࣌ͷϙΠϯτ • αʔόʔαΠυͱͷௐ੔ • SSLূ໌ॻΛม͑ΒΕΔͱ௨৴Ͱ͖ͳ͘ͳΔ • SSLূ໌ॻߋ৽࣌ͷϧʔϧ੍ఆ • Pinning CerﬁcatesͷexpireઃఆͳͲ

ཧ૝తͳӡ༻ Server ূ໌ॻAظݶ ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠ Client

ཧ૝తͳӡ༻ Server ূ໌ॻAظݶ Client ূ໌ॻBൃߦ ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠

ཧ૝తͳӡ༻ Server ূ໌ॻAظݶ Client ূ໌ॻBൃߦ ূ໌ॻA + BϐϯཹΊͷΞϓϦϦϦʔε  ڧ੍Ξοϓσʔτ ূ໌ॻAϐϯཹΊ
+ expireઃఆͳ͠

ཧ૝తͳӡ༻ Server ূ໌ॻAظݶ Client ূ໌ॻBൃߦ ূ໌ॻBʹ੾Γସ͑ ূ໌ॻA + BϐϯཹΊͷΞϓϦϦϦʔε  ڧ੍Ξοϓσʔτ
ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠

ཧ૝తͳӡ༻ͷؾ࣋ͪ • ৗʹPinning Certiﬁcates͕༗ޮ • ূ໌ॻͷೖΕସ͑ͷλΠϛϯάͰ΋༗ޮ • expireͷઃఆΛ͍Ε͍ͯͳ͍ͷͰ  γεςϜ͕࣌ؒͣΕ͍ͯͯ΋༗ޮ

ཧ૝తͳӡ༻ͷؾ࣋ͪ • ৗʹPinning Certiﬁcates͕༗ޮ • ূ໌ॻͷೖΕସ͑ͷλΠϛϯάͰ΋༗ޮ • expireͷઃఆΛ͍Ε͍ͯͳ͍ͷͰ  γεςϜ͕࣌ؒͣΕ͍ͯͯ΋༗ޮ ⚠
ΞϓϦͷߋ৽Λ๨ΕΔͱ௨৴Ͱ͖ͳ͘ͳΔ  ⚠ ڧ੍Ξοϓσʔτ͕ඞཁ

expireઃఆʹΑΔଥڠҊ Server ূ໌ॻAظݶ Client ূ໌ॻAϐϯཹΊظݶ

expireઃఆʹΑΔଥڠҊ Server ূ໌ॻAظݶ Client ূ໌ॻAϐϯཹΊظݶ ূ໌ॻBൃߦ

expireઃఆʹΑΔଥڠҊ Server ূ໌ॻAظݶ Client ূ໌ॻAϐϯཹΊظݶ ূ໌ॻBൃߦ ূ໌ॻBʹ੾Γସ͑

expireઃఆʹΑΔଥڠҊ Server ূ໌ॻAظݶ Client ূ໌ॻAϐϯཹΊظݶ ূ໌ॻBൃߦ ূ໌ॻBʹ੾Γସ͑ ূ໌ॻBϐϯཹΊ൛ϦϦʔε

ଥڠҊͷؾ࣋ͪ • ΞϓϦͷߋ৽Λ๨Εͯ΋௨৴Ͱ͖Δ • ڧ੍Ξοϓσʔτ͕ඞཁͳ͍ • ূ໌ॻ੾Γସ͑࣌ʹPinning͕ޮ͔ͳ͍ ࣌ظ͕͋Δ

·ͱΊ

·ͱΊ • HTTP͸΍Ί·͠ΐ͏ • NetworkSecurityConﬁgʹΑͬͯɺѱҙ ͷ͋Δ߈ܸऀ͔ΒϢʔβʔΛकΔઃఆ͕ ؆୯ʹͰ͖ΔΑ͏ʹͳΓ·ͨ͠ • ӡ༻࣌͸ؾΛ͚ͭ·͠ΐ͏

͝੩ௌ͋Γ͕ͱ͏  ͍͟͝·ͨ͠

Appendix • GMailͷϝοηʔδݟΒΕͨ࿩  https://www.computerworld.com/article/2510951/cybercrime-hacking/ hackers-spied-on-300-000-iranians-using-fake-google-certiﬁcate.html • ෆਖ਼ͳূ໌ॻ͕ൃߦ͞Εͨ࿩  http://www.atmarkit.co.jp/news/201109/08/diginotar.html

HTTPSの基本から NetworkSecurityConfigまで

HTTPSの基本から NetworkSecurityConfigまで

More Decks by Amane Nikaido

Other Decks in Technology

Featured

Transcript

HTTPSの基本から NetworkSecurityConfigまで

HTTPSの基本から NetworkSecurityConfigまで