During TLS handshake, the client hello and the server hello messages are not encrypted or authenticated. Explain why a man-in-the-middle cannot exploit these messages. Answer for both Diffie-Hellman and RSA case.?
A MITM (Man-In-The-Middle ) attack happens when a communication between two systems is intercepted by an outside entity. This can happen in any form of online communication, such as email, social media, web surfing, etc. Not only are they trying to eavesdrop on your private conversations, they can also target all the information inside your devices.
Taking away all the technicalities, the concept of an MITM attack can be described in a simple scenario. Imagine being brought back to the days of old when snail mail was rife. Jerry writes a letter to Jackie expressing his love for her after years of hiding his feelings. He sends the letter to the post office and it’s picked up by a nosy mailman. He opened it and, just for the hell of it, he decided to rewrite the letter before delivering the mail to Jackie. This results in Jackie hating Jerry for the rest of her life after “Jerry” called her a fat cow. The moral of the story is the mailman is a jerk, and so are hackers.
Over the years, hackers found various ways to execute MITM attacks and believe it or not, it has become relatively cheap to buy a hacking tool online, just proving how easy hacking someone can be if you have enough money. Here are some common types of MITM attacks your business will most likely encounter:
Email Hijacking
Similar from the case above, hackers who use this tactic target
email accounts of large organizations, especially financial
institutions and banks. Once they gain access to important email
accounts, they will monitor the transactions to make their eventual
attack a lot more convincing. For example, they can wait for a
scenario where the customer will be sending money and respond,
spoofing the company’s email address, with their own bank details
instead of the company’s. This way, the customer thinks they’re
sending their payment to the company, but they’re really sending it
right to the hacker.
Wi-Fi Eavesdropping
Most MITM attacks thrive on Wi-Fi connections. In one approach,
hackers will set up a Wi-Fi connection with a legitimate-sounding
name. All the hacker has to do is wait for you to connect and he’ll
instantly have access to your device. Alternatively, the hacker can
create a fake Wi-Fi node disguised as a legitimate Wi-Fi access
point to steal the personal information of everyone who
connects.
Session Hijacking
Once you log into a website, a connection between your computer and
the website is established. Hackers can hijack your session with
the website through numerous means. One popular option they use is
stealing your browser cookies. In case you don’t know, cookies
store small pieces of information that makes web browsing
convenient for you. It can be your online activity, login
credentials, pre-fill forms, and in some cases, your location. If
they got hold of your login cookies, they can easily log into your
accounts and assume your identity.
Diffie-Hellman allows for forward secrecy. In the protocol you
describe, if the private key is ever leaked all previously
exchanged keys are leaked. If we only use RSA to authenticate keys
created with Diffie-Hellman, past keys are safe even if you lose
control over your private key in the future.
Diffie-Hellman is not a public-key encryption scheme. It is a key agreement scheme. The difference being that with key agreement, neither Alice nor Bob has any say in what the resultant shared secret ends up being. They both arrive at a mutually shared secret, but it is not selected explicitly by either of them.
With public-key encryption being used for key exchange, then yes, one of them could pick a random k, encrypt the result, then send it to the other party.
Benefits include:
Suppose If A sends k to B, and Al machine has insufficient
entropy and/or a poor quality random number generator, then k can
be guessed by an adversary
If both DH private keys are sufficiently strong, then the shared
secret should be so as well.
The Diffie-Hellman Key Exchange
Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital encryption that uses numbers raised to specific powers to produce decryption keys on the basis of components that are never directly transmitted, making the task of an intended code breaker mathematically overwhelming. Diffie–Hellman key exchange establishes a shared secret between two parties that can be used for secret communication for exchanging data over a public network and actually uses public key techniques to allow the exchange of a private encryption key.
RSA
RSA is a cryptosystem for public-key encryption and is widely used
for securing sensitive data, particularly when being sent over an
insecure network such as the Internet. RSA was first described in
1977 by Ron Rivest, Adi Shamir and Leonard Adleman of the
Massachusetts Institute of Technology. Public-key cryptography,
also known as asymmetric cryptography, uses two different but
mathematically linked keys, one public and one private. The public
key can be shared with everyone, whereas the private key must be
kept secret. In RSA cryptography, both the public and the private
keys can encrypt a message; the opposite key from the one used to
encrypt a message is used to decrypt it. This attribute is one
reason why RSA has become the most widely used asymmetric
algorithm: It provides a method of assuring the confidentiality,
integrity, authenticity, and non-reputability of electronic
communications and data storage.
RSA derives its security from the difficulty of factoring large integers that are the product of two large prime numbers. Multiplying these two numbers is easy, but determining the original prime numbers from the total, that’s factoring, is considered infeasible due to the time it would take even using today’s super computers. The RSA algorithm involves four steps: key generation, key distribution, encryption, and decryption. The public and the private key-generation algorithm is the most complex part of RSA cryptography and falls beyond the scope of this post. You may find an example on Tech Target.
Both RSA and Diffie-Hellman are public key encryption algorithms
strong enough for commercial purposes because they are both based
on supposedly intractable problems, the difficulty of factoring
large numbers and exponentiation and modular arithmetic
respectively. The minimum recommended key length for encryption
systems is 128 bits, and both exceed that with their 1,024-bit
keys. Both have been subjected to scrutiny by mathematicians and
cryptographers, but given correct implementation, neither is
significantly less secure than the other.
The nature of the Diffie-Hellman key exchange, however, makes it susceptible to man-in-the-middle (MITM) attacks, since it doesn't authenticate either party involved in the exchange. The MITM maneuver can also create a key pair and spoof messages between the two parties, who think they're both communicating with each other. This is why Diffie-Hellman is used in combination with an additional authentication method, generally digital signatures.
During TLS handshake, the client hello and the server hello messages are not encrypted or authenticated....
A server often wants to authenticate a client. The SSL/TLS handshake protocol includes the possibility to authenticate the client, but this possibility is typically not used on the Internet when requesting SSL/TLS protected webpages. Why?
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
Select two of the discussion questions and analyze the case study using project management principles. Apply your knowledge of project management to the facts presented in the case study to describe how you would proceed. We only need to answer one of the questions. A thorough answer will probably require 300 to 500 words for each question. Feel free to use text bullets, tables, or graphics to summarize your points. Questions Q1: Make or Buy decision – Describe the make...
A. Issues [1] In addition to damages for one year's notice period, can a trial judge award significant damages for the mere fact of an employee's dismissal, or for the stigma that that dismissal brings? Or for the employer thereafter competing with the ex-employee for the clients, before the ex-employee has got a new job? B. Basic Facts [2] This is an appeal from 2009 ABQB 591 (CanLII), 473 A.R. 254. [3] Usually a judgment recites facts before law. But...
Hi there! I need to compare two essay into 1 essay, and make it interesting and choose couple topics which im going to talk about in my essay FIRST ESSAY “Teaching New Worlds/New Words” bell hooks Like desire, language disrupts, refuses to be contained within boundaries. It speaks itself against our will, in words and thoughts that intrude, even violate the most private spaces of mind and body. It was in my first year of college that I read Adrienne...