如何防止在受损的服务器的情况下的中间人攻击? [英] How to prevent a man-in-the-middle attack in case of a compromised server?
问题描述
想象一下,服务器正在向其合作伙伴提供用户的公共密钥,以使加密的通信成为可能。但是,服务器无法访问私钥。无论如何 - 假设服务器已被黑客攻击,并且不会发送请求的公钥:
爱丽丝请求Bob的公钥
服务器发送 Eve的公钥
Bob请求Alice的公钥
服务器发送 Eve的公钥
爱丽丝发送消息Bob
服务器解包消息,读取并重新发送 - >发送给Bob ...
Bob向Alice发送消息
服务器解包消息,读取并重新发送 - >发送给Alice ...
我的问题是 - 如何防止这样的虐待? Alice如何确定她使用的是Bob的公钥,反之亦然?
根据您刚才提出的方案,吨。这里的关键是(如果用于验证密钥的有效性的方法)是否被损害,您将失去。
SSL尝试通过创建签名来避免这种情况链 - 一些(非常仔细守卫,并通过其他方法验证)键标记另一个键,标志另一个键,标志爱丽丝的钥匙。通过验证链中的每个步骤,您可以(原则上)知道链条是有效的 - 但是如果链中任何一个步骤中的私钥都被破坏,您就会丢失。
< pGP(也就是GPG)试图以不同的方式解决问题,但是可以通过任何数量的其他键来签名,形成一个图(称为信任网)。您选择一些您已经确认有效的密钥,例如,验证他们 ,并将其标记为可信任。那么任何可通过少于N个步骤(和/或来自不同信任根的M个不同路径)到达的密钥也被认为是有效的。
如果你真的偏执,你当然可以把钥匙交给另一个人。当然,他们必须确定它不是伪装成你的人...
这就是说,验证密钥的有效性的唯一真正的万无一失的方法是生成它自己...除非您的硬件/操作系统/编译器/大脑也受到影响:)
Imagine that a server is serving public keys of the users to their partners to make encrypted communication possible. However, the server does NOT have access to the private keys..
Anyway - imagine the server is hacked and it sends not the requested public keys:
Alice requests Bob's public key
Server sends Eve's public keyBob requests Alice's public key
Server sends Eve's public keyAlice sends a message to Bob
Server unpacks message, reads it and repacks it -> sends to Bob...Bob sends a message to Alice
Server unpacks message, reads it and repacks it -> sends to Alice...
My question is - how to prevent such abuse? How can Alice be sure that she's using Bob's public key and vice versa?
Under the scheme you just proposed, you can't. The key here (no pun intended) is if the method used to verify the validity of the keys is compromised, you lose.
SSL tries to avoid this by creating a signature chain - some (very carefully guarded, and verified by other methods) key signs another key, signs another key, signs Alice's key. By verifying each step in the chain you can (in principle) know that the chain is valid - but if the private key along any step in the chain is compromised, you lose.
PGP (aka GPG) tries to solve the problem in a different, but similar way - keys can be signed by any number of other keys, forming a graph (called the web of trust). You select some keys that you have confirmed valid by, for example, verifying them in person, and mark them as trusted. Then any keys reachable by less than N steps (and/or from M distinct paths from different trusted roots) are also considered valid.
If you're really paranoid, you can, of course, physically hand the key to the other person. Of course, they have to be sure it's not someone disguised as you...
That said, the only truly foolproof way of verifying the validity of a key is generating it yourself... unless your hardware/OS/compiler/brain is compromised too :)
这篇关于如何防止在受损的服务器的情况下的中间人攻击?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
