HTTPSの基本から NetworkSecurityConfigまで

by Amane Nikaido

Slide 1

Slide 1 text

%SPJE,BJHJ )5514ͷجຊ͔Β  /FUXPSL4FDVSJUZ$POpH·Ͱ ೋ֊ಊ ว (Amane Nikaido) @a2kaido

Slide 2

Slide 2 text

ࣗݾ঺հ • ௨৴͕޷͖Ͱ͢ • conbu͞Μͷ͓ख఻͍Λ  ͠·ͨ͠

Slide 3

Slide 3 text

ຊηογϣϯͷத਎ • HTTPS௨৴ͷ໾ׂͱ࢓૊Έ • NetworkSecurityConfigʹ͍ͭͯ • NΑΓલͷPinning Certificates • Pinning Certificatesͷӡ༻

Slide 4

Slide 4 text

എܠ • ެऺແઢLANʹ઀ଓ͢Δػձͷ૿Ճ • ௨৴಺༰ͷ౪ௌ΍վ᜵ͷՄೳੑ͕͋Δ

Slide 5

Slide 5 text

2014೥ SSLূ໌ॻݕূͷ஫ҙשى

Slide 6

Slide 6 text

2016೥ HTTPSͷεεϝ • Protecting against unintentional regressions to cleartext traﬃc in your Android apps  https://android-developers.googleblog.com/2016/04/protecting-against-unintentional.html • Mythbusting HTTPS: Squashing security’s urban legends - Google I/O 2016  https://www.youtube.com/watch?v=YMfW1bfyGSY

Slide 7

Slide 7 text

2017೥ Android Developers Blog • 2018/11·ͰʹTarget API levelΛ26Ҏ্ʹ  ͠·͠ΐ͏ • Android N͔ΒϢʔβʔ͕Πϯετʔϧ  ͨ͠ϧʔτূ໌ॻΛ৴པ͠ͳ͍Α͏ʹ https://android-developers.googleblog.com/2017/12/improving-app-security-and- performance.html

Slide 8

Slide 8 text

https://goo.gl/n4Aahh

Slide 9

Slide 9 text

Androidͷ  Ξοϓσʔτ

Slide 10

Slide 10 text

Android M • usesCleartextTraﬃc • ฏจͰͷ௨৴Λېࢭ͢Δઃఆ   … 

Slide 11

Slide 11 text

Android N • Ϣʔβ͕Πϯετʔϧͨ͠ϧʔτূ໌ॻ  Λ৴པ͠ͳ͍ • NetworkSecurityConﬁg • ฏจͰͷ௨৴ͷ཈ࢭ • CAͷΞϯΧʔ • Pinning Certiﬁcates(ϐϯཹΊ)

Slide 12

Slide 12 text

ͦ΋ͦ΋HTTPSͱ͸

Slide 13

Slide 13 text

҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ

Slide 14

Slide 14 text

҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ ҉߸Խ͞Ε͍ͯͯ  ౪ௌ͞Εͳ͍͜ͱ

Slide 15

Slide 15 text

҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ վ͟Μ͕ͳ͘  ׬શͰ͋Δ͜ͱ

Slide 16

Slide 16 text

҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ ਖ਼͍͠௨৴ઌͱ  ௨৴͍ͯ͠Δ͜ͱ

Slide 17

Slide 17 text

҉߸Խ௨৴ͷࡾཁૉ • ػີੑ • ϝοηʔδ׬શੑ • ΤϯυϙΠϯτਅਖ਼ੑ HTTPSͰ҆શੑ͕୲อ͞Ε͍ͯΔ͸ͣͰ͸ʁ

Slide 18

Slide 18 text

HTTPS௨৴Λ͢ΔͨΊͷ  ূ໌ॻͷ࿩

Slide 19

Slide 19 text

Client Server

Slide 20

Slide 20 text

Client Server ΄Μͱʹਖ਼͍͠௨৴૬खͳͷ͔ͳʁ

Slide 21

Slide 21 text

Client Server ΄Μͱʹਖ਼͍͠௨৴૬खͳͷ͔ͳʁ Certiﬁcation Authority(ೝূہ)

Slide 22

Slide 22 text

Client Server Certiﬁcation Authority(ೝূہ) ϧʔτূ໌ॻ

Slide 23

Slide 23 text

Client Server Certiﬁcation Authority(ೝূہ) ϧʔτূ໌ॻ ॺ໊෇͖  SSLূ໌ॻൃߦ

Slide 24

Slide 24 text

Client Server Certiﬁcation Authority(ೝূہ) ϧʔτূ໌ॻ ॺ໊෇͖  SSLূ໌ॻൃߦ SSLূ໌ॻ

Slide 25

Slide 25 text

Client Server Certiﬁcation Authority(ೝূہ) ϧʔτূ໌ॻ ॺ໊෇͖  SSLূ໌ॻൃߦ SSLূ໌ॻ CAͷॺ໊͕͋Δ͔Β  ؒҧ͍ͳ͍

Slide 26

Slide 26 text

HTTPS௨৴ͷ  ϋϯυγΣΠΫ

Slide 27

Slide 27 text

HTTPS௨৴ͷྲྀΕ 1/4 ClientHello Client Server

Slide 28

Slide 28 text

HTTPS௨৴ͷྲྀΕ 2/4 ClientHello Client Server ServerHello Certiﬁcate

Slide 29

Slide 29 text

HTTPS௨৴ͷྲྀΕ 2/4 ClientHello Client Server ServerHello Certiﬁcate ূ໌ॻΛνΣοΫ  ৴པ͢ΔCAͷॺ໊͕͋Δ͔

Slide 30

Slide 30 text

HTTPS௨৴ͷྲྀΕ 3/4 ClientHello Client Server ServerHello Certiﬁcate Finish Finish

Slide 31

Slide 31 text

HTTPS௨৴ͷྲྀΕ 4/4 ClientHello Client Server ServerHello Certiﬁcate Finish Finish HTTPS

Slide 32

Slide 32 text

தؒऀ߈ܸ Client Server

Slide 33

Slide 33 text

தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ

Slide 34

Slide 34 text

தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ ূ໌ॻΛࠩ͠ସ͑

Slide 35

Slide 35 text

தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ ِ෺ͷূ໌ॻ

Slide 36

Slide 36 text

தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ ِ෺ͷূ໌ॻ Finish Finish Finish Finish HTTPS HTTPS

Slide 37

Slide 37 text

தؒऀ߈ܸ ClientHello Client Server ClientHello ਖ਼͍͠ূ໌ॻ ِ෺ͷূ໌ॻ Finish Finish Finish Finish HTTPS HTTPS ͜͜Ͱূ໌ॻͷݕূΛ  ͍ͯ͠ΔͷͰ͸ʁ

Slide 38

Slide 38 text

ِ෺ͷূ໌ॻΛ৴པʁ • ߈ܸऀΛCAͱͯ͠৴པ͍ͯ͠Δ  (ϧʔτূ໌ॻΛΠϯετʔϧ͍ͯ͠Δ) Մೳੑ • ߈ܸऀ͕CA͔Βॺ໊෇͖ূ໌ॻΛ  औಘͨ͠Մೳੑ

Slide 39

Slide 39 text

ِ෺ͷূ໌ॻΛ৴པʁ • ߈ܸऀΛCAͱͯ͠৴པ͍ͯ͠Δ  (ϧʔτূ໌ॻΛΠϯετʔϧ͍ͯ͠Δ) Մೳੑ • ߈ܸऀ͕CA͔Βॺ໊෇͖ূ໌ॻΛ  औಘͨ͠Մೳੑ ৴པ͢ΔCAΛ੍ݶ͢Ε͹๷͛Δ

Slide 40

Slide 40 text

ِ෺ͷূ໌ॻΛ৴པʁ • ߈ܸऀΛCAͱͯ͠৴པ͍ͯ͠Δ  (ϧʔτূ໌ॻΛΠϯετʔϧ͍ͯ͠Δ) Մೳੑ • ߈ܸऀ͕CA͔Βॺ໊෇͖ূ໌ॻΛ  औಘͨ͠Մೳੑ αʔό͕ฦ٫͢Δਖ਼͍͠ূ໌ॻΛ  ͋Β͔͡Ί஌͍ͬͯΕ͹๷͛Δ

Slide 41

Slide 41 text

Android N • Ϣʔβ͕Πϯετʔϧͨ͠ϧʔτূ໌ॻ  Λ৴པ͠ͳ͍ • NetworkSecurityConﬁg • ฏจͰͷ௨৴ͷ཈ࢭ • CAͷΞϯΧʔ • Pinning Certiﬁcates(ϐϯཹΊ)

Slide 42

Slide 42 text

NetworkSecurityConﬁg  (Android NҎ߱)

Slide 43

Slide 43 text

NetworkSecurityConﬁg • ฏจͰͷ௨৴ͷ཈ࢭ • CAͷΞϯΧʔ • Pinning Certiﬁcates(ϐϯཹΊ)

Slide 44

Slide 44 text

ઃఆํ๏ • res/xml/network_security_conﬁg.xml • ઃఆ಺༰Λهड़ • AndroidManifest.xml   … 

Slide 45

Slide 45 text

ฏจͰͷ௨৴ͷ཈ࢭ secure.example.com

Slide 46

Slide 46 text

CAͷΞϯΧʔ secure.example.com cdn.example.com

Slide 47

Slide 47 text

Pinning Certiﬁcates (ϐϯཹΊ) example.com { hash value } { hash value }

Slide 48

Slide 48 text

Pinning Certiﬁcates example.com { hash value } { hash value } PinningͷظݶΛઃఆՄೳ  ୺຤ͷγεςϜ࣌ؒͱͷൺֱ

Slide 49

Slide 49 text

Pinning Certiﬁcates example.com { hash value } { hash value } αʔόʔͷSSLূ໌ॻͷϋογϡ஋Λઃఆ

Slide 50

Slide 50 text

Pinning Certiﬁcates example.com { hash value } { hash value } base64 encoded digest of  X.509 SubjectPublicKeyInfo (SPKI)

Slide 51

Slide 51 text

digestͷ࡞Γํ (खݩͷূ໌ॻͰ) ιʔε: https://github.com/datatheorem/TrustKit/blob/master/ get_pin_from_certiﬁcate.py $ python get_pin_from_certificate.py ca.pem

Slide 52

Slide 52 text

digestͷ࡞Γํ (αʔόʔ͔Β) $ openssl s_client \ -connect : \ | openssl x509 -pubkey -noout \ | openssl rsa -pubin -outform der \ | openssl dgst -sha256 -binary \ | openssl enc -base64

Slide 53

Slide 53 text

NetworkSecurityConﬁg ͷιʔείʔυ΁ͷ༠͍

Slide 54

Slide 54 text

ؾ࣋ͪ • ͳʹ͔͋ͬͨ࣌ʹௐࠪ͠΍͍͢ • ؾʹͳΔڍಈΛ֬ೝͰ͖ΔΑ͏ʹͳΔ

Slide 55

Slide 55 text

ؔ࿈Ϋϥε • ManifestConfigSourceΫϥε • ઃఆͷಡΈࠐΈ • XmlConfigSourceΫϥε • network_security_config.xmlΛύʔε

Slide 56

Slide 56 text

ؔ࿈Ϋϥε • NetworkSecurityConﬁgΫϥε • XmlConﬁgSourceͰΠϯελϯεԽ͞ΕΔ • NetworkSecurityTrustManagerΫϥε • ূ໌ॻνΣοΫͱPinningνΣοΫΛ࣮ࢪ • ূ໌ॻνΣοΫ࣮ॲཧ͸delegateͷ TrustManagerImplʹ೚ͤΔ

Slide 57

Slide 57 text

ؔ࿈Ϋϥε • TrustManagerImplΫϥε • ূ໌ॻνΣοΫͷ࣮૷ • https://github.com/google/conscrypt/blob/master/platform/ src/main/java/org/conscrypt/TrustManagerImpl.java • ߹ΘͤͯಡΉͱྑ͍  https://developer.android.com/training/ articles/security-ssl.html

Slide 58

Slide 58 text

Pinning Certiﬁcates example.com { hash value } { hash value } PinningͷظݶΛઃఆՄೳ  ୺຤ͷγεςϜ࣌ؒͱͷൺֱ   ࠶ ׃  

Slide 59

Slide 59 text

NetworkSecurityTrustManager private void checkPins(List chain) throws CertiﬁcateException { PinSet pinSet = mNetworkSecurityConﬁg.getPins(); if (pinSet.pins.isEmpty() || System.currentTimeMillis() > pinSet.expirationTime || !isPinningEnforced(chain)) { return; } … } PinningͷظݶΛઃఆՄೳ  ୺຤ͷγεςϜ࣌ؒͱͷൺֱ

Slide 60

Slide 60 text

஫ҙ • ʮશͯཧղͨ͠ʯͱ͍ͬͯࣗ෼Ͱ  ࣮૷͠ͳ͍͜ͱ

Slide 61

Slide 61 text

Android NΑΓલͰ΋  Pinning Certiﬁcates͢Δ

Slide 62

Slide 62 text

Pinning Certiﬁcates (ϐϯཹΊ) ɹ TrustKit-AndroidΛར༻ ɹ OkHttpClientͷcertiﬁcatePinnerΛར༻

Slide 63

Slide 63 text

Pinning Certiﬁcates (ϐϯཹΊ) → TrustKit-AndroidΛར༻ ɹ OkHttpClientͷcertiﬁcatePinnerΛར༻

Slide 64

Slide 64 text

TrustKit-AndroidΛར༻ • API 15+ • MIT License • NetworkSecurityConﬁgͷઃఆΛ  ಡΈࠐΜͰূ໌ॻͷݕূΛ͢Δ

Slide 65

Slide 65 text

TrustKit-AndroidΛར༻ TrustKit.initializeWithNetworkSecurityConfiguration(this); URL url = new URL("https://www.datatheorem.com"); String serverHostname = url.getHost(); // HttpsUrlConnection HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); connection.setSSLSocketFactory( TrustKit.getInstance().getSSLSocketFactory(serverHostname) ); // OkHttp 3.3.x and higher OkHttpClient client = new OkHttpClient().newBuilder() .sslSocketFactory( TrustKit.getInstance().getSSLSocketFactory(serverHostname), TrustKit.getInstance().getTrustManager(serverHostname) ) .build(); }

Slide 66

Slide 66 text

Slide 67

Slide 67 text

Slide 68

Slide 68 text

Pinning Certiﬁcates ɹ TrustKit-AndroidΛར༻ → OkHttpClientͷcertiﬁcatePinnerΛར༻

Slide 69

Slide 69 text

OkHttpClientͷcertiﬁcatePinnerΛར༻ public void run() throws Exception { OkHttpClient client = new OkHttpClient.Builder() .certificatePinner(new CertificatePinner.Builder() .add("publicobject.com", “sha256/{ hash value }”) .build()) .build(); Request request = new Request.Builder() .url("https://publicobject.com/robots.txt") .build(); Response response = client.newCall(request).execute(); }

Slide 70

Slide 70 text

Slide 71

Slide 71 text

Pinning Certiﬁcatesͷ  ӡ༻

Slide 72

Slide 72 text

ӡ༻࣌ͷϙΠϯτ • αʔόʔαΠυͱͷௐ੔ • SSLূ໌ॻΛม͑ΒΕΔͱ௨৴Ͱ͖ͳ͘ͳΔ • SSLূ໌ॻߋ৽࣌ͷϧʔϧ੍ఆ • Pinning CerﬁcatesͷexpireઃఆͳͲ

Slide 73

Slide 73 text

ཧ૝తͳӡ༻ Server ূ໌ॻAظݶ ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠ Client

Slide 74

Slide 74 text

ཧ૝తͳӡ༻ Server ূ໌ॻAظݶ Client ূ໌ॻBൃߦ ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠

Slide 75

Slide 75 text

ཧ૝తͳӡ༻ Server ূ໌ॻAظݶ Client ূ໌ॻBൃߦ ূ໌ॻA + BϐϯཹΊͷΞϓϦϦϦʔε  ڧ੍Ξοϓσʔτ ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠

Slide 76

Slide 76 text

ཧ૝తͳӡ༻ Server ূ໌ॻAظݶ Client ূ໌ॻBൃߦ ূ໌ॻBʹ੾Γସ͑ ূ໌ॻA + BϐϯཹΊͷΞϓϦϦϦʔε  ڧ੍Ξοϓσʔτ ূ໌ॻAϐϯཹΊ + expireઃఆͳ͠

Slide 77

Slide 77 text

ཧ૝తͳӡ༻ͷؾ࣋ͪ • ৗʹPinning Certiﬁcates͕༗ޮ • ূ໌ॻͷೖΕସ͑ͷλΠϛϯάͰ΋༗ޮ • expireͷઃఆΛ͍Ε͍ͯͳ͍ͷͰ  γεςϜ͕࣌ؒͣΕ͍ͯͯ΋༗ޮ

Slide 78

Slide 78 text

ཧ૝తͳӡ༻ͷؾ࣋ͪ • ৗʹPinning Certiﬁcates͕༗ޮ • ূ໌ॻͷೖΕସ͑ͷλΠϛϯάͰ΋༗ޮ • expireͷઃఆΛ͍Ε͍ͯͳ͍ͷͰ  γεςϜ͕࣌ؒͣΕ͍ͯͯ΋༗ޮ ⚠ ΞϓϦͷߋ৽Λ๨ΕΔͱ௨৴Ͱ͖ͳ͘ͳΔ  ⚠ ڧ੍Ξοϓσʔτ͕ඞཁ

Slide 79

Slide 79 text

expireઃఆʹΑΔଥڠҊ Server ূ໌ॻAظݶ Client ূ໌ॻAϐϯཹΊظݶ

Slide 80

Slide 80 text

expireઃఆʹΑΔଥڠҊ Server ূ໌ॻAظݶ Client ূ໌ॻAϐϯཹΊظݶ ূ໌ॻBൃߦ

Slide 81

Slide 81 text

expireઃఆʹΑΔଥڠҊ Server ূ໌ॻAظݶ Client ূ໌ॻAϐϯཹΊظݶ ূ໌ॻBൃߦ ূ໌ॻBʹ੾Γସ͑

Slide 82

Slide 82 text

expireઃఆʹΑΔଥڠҊ Server ূ໌ॻAظݶ Client ূ໌ॻAϐϯཹΊظݶ ূ໌ॻBൃߦ ূ໌ॻBʹ੾Γସ͑ ূ໌ॻBϐϯཹΊ൛ϦϦʔε

Slide 83

Slide 83 text

ଥڠҊͷؾ࣋ͪ • ΞϓϦͷߋ৽Λ๨Εͯ΋௨৴Ͱ͖Δ • ڧ੍Ξοϓσʔτ͕ඞཁͳ͍ • ূ໌ॻ੾Γସ͑࣌ʹPinning͕ޮ͔ͳ͍ ࣌ظ͕͋Δ

Slide 84

Slide 84 text

·ͱΊ

Slide 85

Slide 85 text

·ͱΊ • HTTP͸΍Ί·͠ΐ͏ • NetworkSecurityConﬁgʹΑͬͯɺѱҙ ͷ͋Δ߈ܸऀ͔ΒϢʔβʔΛकΔઃఆ͕ ؆୯ʹͰ͖ΔΑ͏ʹͳΓ·ͨ͠ • ӡ༻࣌͸ؾΛ͚ͭ·͠ΐ͏

Slide 86

Slide 86 text

͝੩ௌ͋Γ͕ͱ͏  ͍͟͝·ͨ͠

Slide 87

Slide 87 text

Appendix • GMailͷϝοηʔδݟΒΕͨ࿩  https://www.computerworld.com/article/2510951/cybercrime-hacking/ hackers-spied-on-300-000-iranians-using-fake-google-certiﬁcate.html • ෆਖ਼ͳূ໌ॻ͕ൃߦ͞Εͨ࿩  http://www.atmarkit.co.jp/news/201109/08/diginotar.html