Transport Layer Security (TLS) certificate pinning is a security technique that helps prevent Man-in-the-Middle (MitM) attacks
Normally, when a client connects to a web server, it will check the digital certificate presented by the server to ensure that it has been issued by a trusted Certificate Authority (CA). However, this process can be vulnerable to MitM attacks, where an attacker intercepts the traffic and presents a fake digital certificate that is also signed by a trusted CA.
TLS certificate pinning addresses this vulnerability by allowing a client to specify one or more expected public key hashes or digital certificates that should be used by the web server. When the client connects to the server, it verifies that the expected certificate or public key hash is presented, and if not, it will terminate the connection or raise an alert.
Certificate pinning is the mechanism of associating a domain name with one or more expected TLS certificates. More precisely, the mechanism recommended by Approov is Subject Public Key Identity (SPKI) pinning where a particular public key for a certificate is required. This approach is the most flexible and maintainable since it allows certificates to be rotated without pinning changes if they are generated using the same public key.
Whenever the app needs to establish a connection with the server hosting that domain name a TLS handshake takes place in order that both parties can exchange messages, to establish the encryption algorithms to use, and to set the session encryption keys to be used thereafter. During the TLS handshake, when the device receives the server certificate chain, it only establishes the connection if it trusts on one or more certificates in that chain.
Pinning ensures that the connection has really been established from the app to the official backend. Pinning prevents a Man-in-the-Middle (MitM) attack or proxying of traffic where encrypted data between the app and the backend could be observed, or even manipulated, by a 3rd party.
By using TLS certificate pinning, an attacker who intercepts the traffic and tries to present a fake digital certificate will fail, as the client will only accept the specific certificate or public key hashes it is expecting. This provides an additional layer of security against MITM attacks.