Breaking TLS security by fully recording the handshake
-
29-05-2021 - |
문제
I have been looking at TLS recently, and I am unsure as to why it is so secure, but probably thanks to a misunderstanding of how it works. But if the entire handshake is recorded, either using a man in the middle attack or a packet sniffer on the target computer, then any of the remaining communication can be decrypted as you would have all the info that the client and the server used to generate the encryption keys.
I doubt there would be such a hole in tls, but could anyone tell me how tls defends against this?
해결책
The critical data sent by the client to the server in the TLS handshake is encrypted using the server's public key. So even if the packets are captured on the wire, it would require the private key (which is assumed to be known only to the server) to decrypt the packets.
다른 팁
The main purpose of the handshake is to ensure the secret exchange of a pre master secret that is then shared by both parties (which then leads to a common master secret and shared encryption keys).
How this is done depends on the cipher suites, and which key exchange algorithm is used. Using authenticated key exchange, there are mainly two variants:
- RSA key exchange, where the client encrypts the pre-master secret with the server's public key (obtained from the certificate).
- Diffie-Hellman key exchange, where the client verifies the server's signed DH parameters with the server's public key.
You may be interested in these links:
- TLS 1.1: Authentication and Key Exchange (not anonymous key exchange)
- why does the first certificate have a RSA public key in x.509?
- How to see the encrypted key in wireshark, during ssl key exchange?
- Why different key exhange techniques for ssl key exchange? (see discussion about ephemeral Diffie-Hellman).