It often happens that a CA issues certificates for servers, for which the applicant has no relevant authority.įigure 2: An attacker can access the supposedly protected HTTPS connection in many ways and thus trick the client, as shown here with an intermediate certificate. In some circumstances, an attack on a CA isn't even necessary. The attacker would therefore be able to create an appropriate certificate "on the fly" for any HTTPS connection on any server and then present it to the browser. This would allow the attacker to issue certificates on behalf of the CA. There are two possibilities: Either the attacker has only procured a certificate for the domain, or it has an intermediate certificate ( Figure 2).
The attacker might, for example, have procured such a certificate by attacking the CA. The most inconspicuous attack requires the attacker to be a man in the middle (MitM) and have a valid certificate for, which has been signed by a CA that is trusted by the web browser. However, several modes of attack are possible.
This process is also called "Perfect Forward Secrecy" (PFS) and should ideally be used on all servers. Even if someone does get hold of the private key and decrypts the recorded connection setup, an attacker doesn't get the session key. This encryption process ensures that the session key neither needs to be transmitted nor can be generated from the transmitted data. It is therefore more secure to generate the key using the Diffie-Hellman key exchange. Anyone who records the encrypted communication and gets access to the private server key later can decrypt the key and then all the communication. However, this process does have a drawback: The session key is part of the communication. Once the web server has decrypted the session key with its private key, both web browsers and web servers have a common key for the symmetric encryption process that can then be used to encrypt all other data. The key is encrypted with the web server's public key and sent to the web server. If the check is successful (or if you agree to the connection despite the error), the browser generates a symmetric key that is only used for the current session, the session key. Figure 1: A secure connection between client and server.
0 kommentar(er)
