DEVELOPMENT OF DIGITAL CERTIFICATE MANAGEMENT SYSTEM ON IOS DEVICES TO ADDRESS CERTIFICATE AGILITY COSTS IN CERTIFICATE PINNING MECHANISM

DEVELOPMENT OF DIGITAL CERTIFICATE MANAGEMENT SYSTEM ON IOS DEVICES TO ADDRESS CERTIFICATE AGILITY COSTS IN CERTIFICATE PINNING MECHANISM

In this research, a digital certificate management system has been developed on iOS devices to address certificate agility costs in certificate pinning. Certificate pinning is a mechanism that matches digital certificates in software with digital certificates on a remote server, allowing communic...

Full description

Saved in:
Bibliographic Details
Main Author: Bagus Dananjaya, Daru
Format: Final Project
Language:Indonesia
Online Access:https://digilib.itb.ac.id/gdl/view/77857
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Institut Teknologi Bandung
Language: Indonesia
Description
Summary:In this research, a digital certificate management system has been developed on iOS devices to address certificate agility costs in certificate pinning. Certificate pinning is a mechanism that matches digital certificates in software with digital certificates on a remote server, allowing communication to occur only between trusted parties to prevent man-in-the-middle attacks. However, the certificate pinning mechanism has a drawback known as certificate agility costs, which is a process that developers must regularly perform to update digital certificates in the application bundle to remain synchronized with the versions on the remote server. The management of digital certificates on local devices is accomplished by utilizing a different remote server to dynamically store fingerprints of the managed certificates. By employing this approach, the application can periodically update to stay up-to-date with the list of fingerprints on the remote server. In the final development phase, functionality testing of the system and usage testing on native software on the iOS platform were conducted. Based on the testing results, the system can address certificate agility costs in SSL pinning, although there are still administrative tasks that developers need to perform periodically to keep the list of fingerprints on the remote server up- to-date. This solution can eliminate the risk of adverse user experiences when users do not update during certificate rotation, thus preventing the application from becoming unusable. Additionally, it protects software from man-in-the-middle attacks conducted through SSL Proxying with the Charles Proxy tool.

Similar Items