问题
I was designing a system where there is a chance of losing the SSL certificate to the attacker.
But I am not clear that if the certificate is compromised which all attacks are possible?
- Man in the middle attack
- Impersonated attack
I want to continue to use SSL certificates to encrypt the communication channel (i.e. prevent man in the middle attack)
For authentication I want to send data to predefined end points asynchronously depending on the querying user (Very similar to how we get email notification when we or the attacker tries to reset our login credential)
This is coming from How can a process authenticate and communicate securely with another process on the same host
回答1:
Presumably, you're not talking only about losing the certificate, but having its private key compromised.
In this case, someone in possession of the private key could perform a MITM attack, provided that they're also in a position to do so.
I'll clarify my question, does using the same public and private key pair by user and the attacker lead to generation of same symmetric key every time or the key pair is used to generate a random symmetric key for every communication channel, in which case man in the middle attack is prevented
Random symmetric keys are generated for every connection (unless SSL/TLS sessions are re-used, but that's more about optimisation, distinct clients or connections done after a certain period of time will have distinct symmetric keys). Having new symmetric keys every time certainly doesn't prevent MITM attacks on its own, since the negotiation of new symmetric keys is authenticated with the certificate: that's what prevents MITM attacks.
If you're really worried about your private key being copied from your machine, you could use an HSM module (Java supports PKCS#11).
This being said, since you seem to assume that there can be someone in a position to perform a MITM attack on your machine, using a communication between two processes on the same machine, it sounds like you're assuming your machine is compromised. In this case, your chances of success in using SSL/TLS to protect whatever you're trying to protect are limited. It sounds like there's a bigger problem with the general approach.
回答2:
I'll clarify my question, does using the same public and private key pair by user and the attacker lead to generation of same symmetric key every time or the key pair is used to generate a random symmetric key for every communication channel, in which case man in the middle attack is prevented
New symmetric keys are generated for every SSL session, based on random numbers chosen by both the client and the server. (There are actually several different symmetric keys used in one TLS session, for different cryptographic services, and in each direction of communication.)
来源:https://stackoverflow.com/questions/12775391/consequences-of-losing-ssl-certificate