Common use of HTTP Public Key Pinning (HPKP) Clause in Contracts

HTTP Public Key Pinning (HPKP). A similar useful HTTP response header is HTTP Public Key Pinning (HPKP), which allows browsers to detect fraudulently issued cer- tificates from trusted certificate authorities [Xxxxx et al. 2015]*. On the first visit to a site that supports HPKP, the site tells the browser that at least one certifi- cate in the trust chain should contain a specific public key for subsequent visits in a certain time frame. If within this time frame the site is revisited and a valid cer- tificate chain is offered that does not contain one of the earlier registered public keys, the browser refuses to connect. This protects against trusted but fraudulent certificate authorities who issue valid certificates of sites for adversaries. If in a sub- sequent visit the certificate chain has been changed in such a way that the HPKP policy is violated, it indicates that a wrongfully issued certificate is being offered, possibly as part of a man-in-the-middle attack. HPKP requires that two public keys are specified. If the primary public key is compromised (such as when an adversary obtains the paired private key) and revoked, the backup public key can be used to replace the lost part of the certificate chain. This avoids the situation where the se- curity measures of a browser prevent access to the site with a new legitimate certifi- cate chain. It is recommended that a backup private key and backup certificate are kept on an offline medium for safekeeping, since they can be used for undetectable man-in-the-middle attacks if compromised. An example of an HPKP HTTP response ACM Computing Surveys, Vol. 49, No. 4, Article 61, Publication date: December 2016. 61:26 X. Xxxxxx et al. Table V. Geographical Distribution of Important SSL/TLS Functions and Vulnerabilities in 2015 Region # banks Africa 8 Asia 14 Europe 27 M-East 6 N-America 6 Russia 1 Oceania 7 S-America 11 Extended validation 3 12 19 4 4 1 7 5 BEAST 7 6 19 4 4 1 5 4 SSL 3.0 7 11 13 1 1 0 3 5 Function support 13% 29% 47% 28% 44% 33% 38% 15% Vulnerability 45% 26% 21% 17% 17% 13% 20% 23% = = =