HTTPSの基本から
NetworkSecurityConfigまで

Transcript

1. %SPJE,BJHJ
    )5514ͷجຊ͔Β
 /FUXPSL4FDVSJUZ$POpH·Ͱ ೋ֊ಊ ว (Amane Nikaido) @a2kaido

2. ࣗݾ঺հ • ௨৴͕޷͖Ͱ͢ • conbu͞Μͷ͓ख఻͍Λ
 ͠·ͨ͠

3. ຊηογϣϯͷத਎ • HTTPS௨৴ͷ໾ׂͱ࢓૊Έ • NetworkSecurityConfigʹ͍ͭͯ • NΑΓલͷPinning Certificates • Pinning

   Certificatesͷӡ༻

4. എܠ • ެऺແઢLANʹ઀ଓ͢Δػձͷ૿Ճ • ௨৴಺༰ͷ౪ௌ΍վ᜵ͷՄೳੑ͕͋Δ

5. 2014೥ SSLূ໌ॻݕূͷ஫ҙשى

6. 2016೥ HTTPSͷεεϝ • Protecting against unintentional regressions to cleartext traffic

   in your Android apps
 https://android-developers.googleblog.com/2016/04/protecting-against-unintentional.html • Mythbusting HTTPS: Squashing security’s urban legends - Google I/O 2016
 https://www.youtube.com/watch?v=YMfW1bfyGSY

7. 2017೥ Android Developers Blog • 2018/11·ͰʹTarget API levelΛ26Ҏ্ʹ
 ͠·͠ΐ͏ •

   Android N͔ΒϢʔβʔ͕Πϯετʔϧ
 ͨ͠ϧʔτূ໌ॻΛ৴པ͠ͳ͍Α͏ʹ https://android-developers.googleblog.com/2017/12/improving-app-security-and- performance.html

8. https://goo.gl/n4Aahh

9. Androidͷ
 Ξοϓσʔτ

10. Android M • usesCleartextTraffic • ฏจͰͷ௨৴Λېࢭ͢Δઃఆ <application 
 …
 android:usesCleartextTraffic=“false”>


    …
 </application>

11. Android N • Ϣʔβ͕Πϯετʔϧͨ͠ϧʔτূ໌ॻ
 Λ৴པ͠ͳ͍ • NetworkSecurityConfig • ฏจͰͷ௨৴ͷ཈ࢭ •

    CAͷΞϯΧʔ • Pinning Certificates(ϐϯཹΊ)

12. ͦ΋ͦ΋HTTPSͱ͸

13. ҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ

14. ҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ ҉߸Խ͞Ε͍ͯͯ
 ౪ௌ͞Εͳ͍͜ͱ

15. ҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ վ͟Μ͕ͳ͘
 ׬શͰ͋Δ͜ͱ

16. ҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ ਖ਼͍͠௨৴ઌͱ
 ௨৴͍ͯ͠Δ͜ͱ

17. ҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ HTTPSͰ҆શੑ͕୲อ͞Ε͍ͯΔ͸ͣͰ͸ʁ

18. HTTPS௨৴Λ͢ΔͨΊͷ
 ূ໌ॻͷ࿩

19. Client Server

20. Client Server ΄Μͱʹਖ਼͍͠௨৴૬खͳͷ͔ͳʁ

21. Client Server ΄Μͱʹਖ਼͍͠௨৴૬खͳͷ͔ͳʁ Certification Authority(ೝূہ)

22. Client Server Certification Authority(ೝূہ) ϧʔτূ໌ॻ

23. Client Server Certification Authority(ೝূہ) ϧʔτূ໌ॻ ॺ໊෇͖
 SSLূ໌ॻൃߦ

24. Client Server Certification Authority(ೝূہ) ϧʔτূ໌ॻ ॺ໊෇͖
 SSLূ໌ॻൃߦ SSLূ໌ॻ

25. Client Server Certification Authority(ೝূہ) ϧʔτূ໌ॻ ॺ໊෇͖
 SSLূ໌ॻൃߦ SSLূ໌ॻ CAͷॺ໊͕͋Δ͔Β
 ؒҧ͍ͳ͍

26. HTTPS௨৴ͷ
 ϋϯυγΣΠΫ

27. HTTPS௨৴ͷྲྀΕ 1/4 ClientHello Client Server

28. HTTPS௨৴ͷྲྀΕ 2/4 ClientHello Client Server ServerHello Certificate

29. HTTPS௨৴ͷྲྀΕ 2/4 ClientHello Client Server ServerHello Certificate ূ໌ॻΛνΣοΫ
 ৴པ͢ΔCAͷॺ໊͕͋Δ͔

30. HTTPS௨৴ͷྲྀΕ 3/4 ClientHello Client Server ServerHello Certificate Finish Finish

31. HTTPS௨৴ͷྲྀΕ 4/4 ClientHello Client Server ServerHello Certificate Finish Finish HTTPS

32. தؒऀ߈ܸ Client Server

33. தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ

34. தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ ূ໌ॻΛࠩ͠ସ͑

35. தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ ِ෺ͷূ໌ॻ

36. தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ ِ෺ͷূ໌ॻ Finish Finish Finish

    Finish HTTPS HTTPS

37. தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ ِ෺ͷূ໌ॻ Finish Finish Finish

    Finish HTTPS HTTPS ͜͜Ͱূ໌ॻͷݕূΛ
 ͍ͯ͠ΔͷͰ͸ʁ

38. ِ෺ͷূ໌ॻΛ৴པʁ • ߈ܸऀΛCAͱͯ͠৴པ͍ͯ͠Δ
 (ϧʔτূ໌ॻΛΠϯετʔϧ͍ͯ͠Δ) Մೳੑ • ߈ܸऀ͕CA͔Βॺ໊෇͖ূ໌ॻΛ
 औಘͨ͠Մೳੑ

39. ِ෺ͷূ໌ॻΛ৴པʁ • ߈ܸऀΛCAͱͯ͠৴པ͍ͯ͠Δ
 (ϧʔτূ໌ॻΛΠϯετʔϧ͍ͯ͠Δ) Մೳੑ • ߈ܸऀ͕CA͔Βॺ໊෇͖ূ໌ॻΛ
 औಘͨ͠Մೳੑ ৴པ͢ΔCAΛ੍ݶ͢Ε͹๷͛Δ

40. ِ෺ͷূ໌ॻΛ৴པʁ • ߈ܸऀΛCAͱͯ͠৴པ͍ͯ͠Δ
 (ϧʔτূ໌ॻΛΠϯετʔϧ͍ͯ͠Δ) Մೳੑ • ߈ܸऀ͕CA͔Βॺ໊෇͖ূ໌ॻΛ
 औಘͨ͠Մೳੑ αʔό͕ฦ٫͢Δਖ਼͍͠ূ໌ॻΛ
 ͋Β͔͡Ί஌͍ͬͯΕ͹๷͛Δ

41. Android N • Ϣʔβ͕Πϯετʔϧͨ͠ϧʔτূ໌ॻ
 Λ৴པ͠ͳ͍ • NetworkSecurityConfig • ฏจͰͷ௨৴ͷ཈ࢭ •

    CAͷΞϯΧʔ • Pinning Certificates(ϐϯཹΊ)

42. NetworkSecurityConfig
 (Android NҎ߱)

43. NetworkSecurityConfig • ฏจͰͷ௨৴ͷ཈ࢭ • CAͷΞϯΧʔ • Pinning Certificates(ϐϯཹΊ)

44. ઃఆํ๏ • res/xml/network_security_config.xml • ઃఆ಺༰Λهड़ • AndroidManifest.xml <application 
 …


    android:networkSecurityConfig="@xml/network_security_config">
 …
 </application>

45. ฏจͰͷ௨৴ͷ཈ࢭ <network-security-config> <domain-config cleartextTrafficPermitted="false"> <domain includeSubdomains="true">secure.example.com</domain> </domain-config> </network-security-config>

46. CAͷΞϯΧʔ <network-security-config> <domain-config> <domain includeSubdomains="true">secure.example.com</domain> <domain includeSubdomains="true">cdn.example.com</domain> <trust-anchors> <certificates src="@raw/trusted_roots"/>

    </trust-anchors> </domain-config> </network-security-config>

47. Pinning Certificates (ϐϯཹΊ) <network-security-config> <domain-config> <domain includeSubdomains="true">example.com</domain> <pin-set expiration="2018-01-01"> <pin

    digest=“SHA-256”>{ hash value }</pin> <!-- backup pin --> <pin digest=“SHA-256”>{ hash value }</pin> </pin-set> </domain-config> </network-security-config>

48. Pinning Certificates <network-security-config> <domain-config> <domain includeSubdomains="true">example.com</domain> <pin-set expiration="2018-01-01"> <pin digest=“SHA-256”>{

    hash value }</pin> <!-- backup pin --> <pin digest=“SHA-256”>{ hash value }</pin> </pin-set> </domain-config> </network-security-config> PinningͷظݶΛઃఆՄೳ
 ୺຤ͷγεςϜ࣌ؒͱͷൺֱ

49. Pinning Certificates <network-security-config> <domain-config> <domain includeSubdomains="true">example.com</domain> <pin-set expiration="2018-01-01"> <pin digest=“SHA-256”>{

    hash value }</pin> <!-- backup pin --> <pin digest=“SHA-256”>{ hash value }</pin> </pin-set> </domain-config> </network-security-config> αʔόʔͷSSLূ໌ॻͷϋογϡ஋Λઃఆ

50. Pinning Certificates <network-security-config> <domain-config> <domain includeSubdomains="true">example.com</domain> <pin-set expiration="2018-01-01"> <pin digest=“SHA-256”>{

    hash value }</pin> <!-- backup pin --> <pin digest=“SHA-256”>{ hash value }</pin> </pin-set> </domain-config> </network-security-config> base64 encoded digest of
 X.509 SubjectPublicKeyInfo (SPKI)

51. digestͷ࡞Γํ (खݩͷূ໌ॻͰ) ιʔε: https://github.com/datatheorem/TrustKit/blob/master/ get_pin_from_certificate.py $ python get_pin_from_certificate.py ca.pem

52. digestͷ࡞Γํ (αʔόʔ͔Β) $ openssl s_client \ -connect <hostname>:<port> \ |

    openssl x509 -pubkey -noout \ | openssl rsa -pubin -outform der \ | openssl dgst -sha256 -binary \ | openssl enc -base64

53. NetworkSecurityConfig ͷιʔείʔυ΁ͷ༠͍

54. ؾ࣋ͪ • ͳʹ͔͋ͬͨ࣌ʹௐࠪ͠΍͍͢ • ؾʹͳΔڍಈΛ֬ೝͰ͖ΔΑ͏ʹͳΔ

55. ؔ࿈Ϋϥε • ManifestConfigSourceΫϥε • ઃఆͷಡΈࠐΈ • XmlConfigSourceΫϥε • network_security_config.xmlΛύʔε

56. ؔ࿈Ϋϥε • NetworkSecurityConfigΫϥε • XmlConfigSourceͰΠϯελϯεԽ͞ΕΔ • NetworkSecurityTrustManagerΫϥε • ূ໌ॻνΣοΫͱPinningνΣοΫΛ࣮ࢪ •

    ূ໌ॻνΣοΫ࣮ॲཧ͸delegateͷ TrustManagerImplʹ೚ͤΔ

57. ؔ࿈Ϋϥε • TrustManagerImplΫϥε • ূ໌ॻνΣοΫͷ࣮૷ • https://github.com/google/conscrypt/blob/master/platform/ src/main/java/org/conscrypt/TrustManagerImpl.java • ߹ΘͤͯಡΉͱྑ͍


    https://developer.android.com/training/ articles/security-ssl.html

58. Pinning Certificates <network-security-config> <domain-config> <domain includeSubdomains="true">example.com</domain> <pin-set expiration="2018-01-01"> <pin digest=“SHA-256”>{

    hash value }</pin> <!-- backup pin --> <pin digest=“SHA-256”>{ hash value }</pin> </pin-set> </domain-config> </network-security-config> PinningͷظݶΛઃఆՄೳ
 ୺຤ͷγεςϜ࣌ؒͱͷൺֱ 
 ࠶ ׃ 


59. NetworkSecurityTrustManager private void checkPins(List<X509Certificate> chain) throws CertificateException { PinSet pinSet

    = mNetworkSecurityConfig.getPins(); if (pinSet.pins.isEmpty() || System.currentTimeMillis() > pinSet.expirationTime || !isPinningEnforced(chain)) { return; } … } PinningͷظݶΛઃఆՄೳ
 ୺຤ͷγεςϜ࣌ؒͱͷൺֱ

60. ஫ҙ • ʮશͯཧղͨ͠ʯͱ͍ͬͯࣗ෼Ͱ
 ࣮૷͠ͳ͍͜ͱ

61. Android NΑΓલͰ΋
 Pinning Certificates͢Δ

62. Pinning Certificates (ϐϯཹΊ) ɹ TrustKit-AndroidΛར༻ ɹ OkHttpClientͷcertificatePinnerΛར༻

63. Pinning Certificates (ϐϯཹΊ) → TrustKit-AndroidΛར༻ ɹ OkHttpClientͷcertificatePinnerΛར༻

64. TrustKit-AndroidΛར༻ • API 15+ • MIT License • NetworkSecurityConfigͷઃఆΛ
 ಡΈࠐΜͰূ໌ॻͷݕূΛ͢Δ

65. TrustKit-AndroidΛར༻ TrustKit.initializeWithNetworkSecurityConfiguration(this); URL url = new URL("https://www.datatheorem.com"); String serverHostname =

    url.getHost(); // HttpsUrlConnection HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); connection.setSSLSocketFactory( TrustKit.getInstance().getSSLSocketFactory(serverHostname) ); // OkHttp 3.3.x and higher OkHttpClient client = new OkHttpClient().newBuilder() .sslSocketFactory( TrustKit.getInstance().getSSLSocketFactory(serverHostname), TrustKit.getInstance().getTrustManager(serverHostname) ) .build(); }

66. TrustKit-AndroidΛར༻ TrustKit.initializeWithNetworkSecurityConfiguration(this); URL url = new URL("https://www.datatheorem.com"); String serverHostname =

    url.getHost(); // HttpsUrlConnection HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); connection.setSSLSocketFactory( TrustKit.getInstance().getSSLSocketFactory(serverHostname) ); // OkHttp 3.3.x and higher OkHttpClient client = new OkHttpClient().newBuilder() .sslSocketFactory( TrustKit.getInstance().getSSLSocketFactory(serverHostname), TrustKit.getInstance().getTrustManager(serverHostname) ) .build(); }

67. TrustKit-AndroidΛར༻ TrustKit.initializeWithNetworkSecurityConfiguration(this); URL url = new URL("https://www.datatheorem.com"); String serverHostname =

    url.getHost(); // HttpsUrlConnection HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); connection.setSSLSocketFactory( TrustKit.getInstance().getSSLSocketFactory(serverHostname) ); // OkHttp 3.3.x and higher OkHttpClient client = new OkHttpClient().newBuilder() .sslSocketFactory( TrustKit.getInstance().getSSLSocketFactory(serverHostname), TrustKit.getInstance().getTrustManager(serverHostname) ) .build(); }

68. Pinning Certificates ɹ TrustKit-AndroidΛར༻ → OkHttpClientͷcertificatePinnerΛར༻

69. OkHttpClientͷcertificatePinnerΛར༻ public void run() throws Exception { OkHttpClient client =

    new OkHttpClient.Builder() .certificatePinner(new CertificatePinner.Builder() .add("publicobject.com", “sha256/{ hash value }”) .build()) .build(); Request request = new Request.Builder() .url("https://publicobject.com/robots.txt") .build(); Response response = client.newCall(request).execute(); }

70. OkHttpClientͷcertificatePinnerΛར༻ public void run() throws Exception { OkHttpClient client =

    new OkHttpClient.Builder() .certificatePinner(new CertificatePinner.Builder() .add("publicobject.com", “sha256/{ hash value }”) .build()) .build(); Request request = new Request.Builder() .url("https://publicobject.com/robots.txt") .build(); Response response = client.newCall(request).execute(); } PinningͷظݶΛઃఆ͸ෆՄ

71. Pinning Certificatesͷ
 ӡ༻

72. ӡ༻࣌ͷϙΠϯτ • αʔόʔαΠυͱͷௐ੔ • SSLূ໌ॻΛม͑ΒΕΔͱ௨৴Ͱ͖ͳ͘ͳΔ • SSLূ໌ॻߋ৽࣌ͷϧʔϧ੍ఆ • Pinning CerficatesͷexpireઃఆͳͲ

73. ཧ૝తͳӡ༻ Server ূ໌ॻAظݶ ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠ Client

74. ཧ૝తͳӡ༻ Server ূ໌ॻAظݶ Client ূ໌ॻBൃߦ ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠

75. ཧ૝తͳӡ༻ Server ূ໌ॻAظݶ Client ূ໌ॻBൃߦ ূ໌ॻA + BϐϯཹΊͷΞϓϦϦϦʔε
 ڧ੍Ξοϓσʔτ ূ໌ॻAϐϯཹΊ

    + expireઃఆͳ͠

76. ཧ૝తͳӡ༻ Server ূ໌ॻAظݶ Client ূ໌ॻBൃߦ ূ໌ॻBʹ੾Γସ͑ ূ໌ॻA + BϐϯཹΊͷΞϓϦϦϦʔε
 ڧ੍Ξοϓσʔτ

    ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠

77. ཧ૝తͳӡ༻ͷؾ࣋ͪ • ৗʹPinning Certificates͕༗ޮ • ূ໌ॻͷೖΕସ͑ͷλΠϛϯάͰ΋༗ޮ • expireͷઃఆΛ͍Ε͍ͯͳ͍ͷͰ
 γεςϜ͕࣌ؒͣΕ͍ͯͯ΋༗ޮ

78. ཧ૝తͳӡ༻ͷؾ࣋ͪ • ৗʹPinning Certificates͕༗ޮ • ূ໌ॻͷೖΕସ͑ͷλΠϛϯάͰ΋༗ޮ • expireͷઃఆΛ͍Ε͍ͯͳ͍ͷͰ
 γεςϜ͕࣌ؒͣΕ͍ͯͯ΋༗ޮ ⚠

    ΞϓϦͷߋ৽Λ๨ΕΔͱ௨৴Ͱ͖ͳ͘ͳΔ
 ⚠ ڧ੍Ξοϓσʔτ͕ඞཁ

79. expireઃఆʹΑΔଥڠҊ Server ূ໌ॻAظݶ Client ূ໌ॻAϐϯཹΊظݶ

80. expireઃఆʹΑΔଥڠҊ Server ূ໌ॻAظݶ Client ূ໌ॻAϐϯཹΊظݶ ূ໌ॻBൃߦ

81. expireઃఆʹΑΔଥڠҊ Server ূ໌ॻAظݶ Client ূ໌ॻAϐϯཹΊظݶ ূ໌ॻBൃߦ ূ໌ॻBʹ੾Γସ͑

82. expireઃఆʹΑΔଥڠҊ Server ূ໌ॻAظݶ Client ূ໌ॻAϐϯཹΊظݶ ূ໌ॻBൃߦ ূ໌ॻBʹ੾Γସ͑ ূ໌ॻBϐϯཹΊ൛ϦϦʔε

83. ଥڠҊͷؾ࣋ͪ • ΞϓϦͷߋ৽Λ๨Εͯ΋௨৴Ͱ͖Δ • ڧ੍Ξοϓσʔτ͕ඞཁͳ͍ • ূ໌ॻ੾Γସ͑࣌ʹPinning͕ޮ͔ͳ͍ ࣌ظ͕͋Δ

84. ·ͱΊ

85. ·ͱΊ • HTTP͸΍Ί·͠ΐ͏ • NetworkSecurityConfigʹΑͬͯɺѱҙ ͷ͋Δ߈ܸऀ͔ΒϢʔβʔΛकΔઃఆ͕ ؆୯ʹͰ͖ΔΑ͏ʹͳΓ·ͨ͠ • ӡ༻࣌͸ؾΛ͚ͭ·͠ΐ͏

86. ͝੩ௌ͋Γ͕ͱ͏
 ͍͟͝·ͨ͠

87. Appendix • GMailͷϝοηʔδݟΒΕͨ࿩
 https://www.computerworld.com/article/2510951/cybercrime-hacking/ hackers-spied-on-300-000-iranians-using-fake-google-certificate.html • ෆਖ਼ͳূ໌ॻ͕ൃߦ͞Εͨ࿩
 http://www.atmarkit.co.jp/news/201109/08/diginotar.html