失去SSL证书的后果 [英] Consequences of losing SSL Certificate
问题描述
我设计一个系统,其中有失去的SSL证书给攻击者的机会。
I was designing a system where there is a chance of losing the SSL certificate to the attacker.
但我并不清楚,如果证书被攻破,所有的攻击是可能的?
But I am not clear that if the certificate is compromised which all attacks are possible?
- 中间人攻击
- 模拟攻击
我要继续使用SSL证书来加密的通信信道(即prevent中间人攻击)
I want to continue to use SSL certificates to encrypt the communication channel (i.e. prevent man in the middle attack)
有关身份验证我想将数据发送到predefined终点异步取决于查询用户(非常相似,我们如何得到电子邮件通知我们或攻击者尝试重置我们的登录凭据)
For authentication I want to send data to predefined end points asynchronously depending on the querying user (Very similar to how we get email notification when we or the attacker tries to reset our login credential)
这是从<一个未来href=\"http://stackoverflow.com/questions/12560741/how-can-a-process-authenticate-and-communicate-securely-with-another-process-on\">How可以在身份验证过程,并与同一主机另一个进程进行安全通信
This is coming from How can a process authenticate and communicate securely with another process on the same host
推荐答案
presumably,你不能只谈论失去了证书,但有其私有密钥泄露。
Presumably, you're not talking only about losing the certificate, but having its private key compromised.
在这种情况下,有人拥有私钥可以进行MITM攻击,但他们也正处在一个位置,这样做的。
In this case, someone in possession of the private key could perform a MITM attack, provided that they're also in a position to do so.
我要澄清我的问题,并使用相同的公钥和私钥
用户对与攻击者导致一代相同对称密钥
每次或密钥对被用来产生一随机对称密钥
对于每一个通信信道,在这种情况下,中间人
攻击pvented $ P $
I'll clarify my question, does using the same public and private key pair by user and the attacker lead to generation of same symmetric key every time or the key pair is used to generate a random symmetric key for every communication channel, in which case man in the middle attack is prevented
随机对称密钥为每个连接产生的(除非SSL / TLS会话重新使用,但更多的是优化的,不同的客户或时间则有明显的对称密钥在一定时期后进行连接)。有了新的对称密钥当然每一次做对自己没有$ P $ pvent MITM攻击,因为新的对称密钥协商与证书认证方式:那就是prevents MITM攻击
Random symmetric keys are generated for every connection (unless SSL/TLS sessions are re-used, but that's more about optimisation, distinct clients or connections done after a certain period of time will have distinct symmetric keys). Having new symmetric keys every time certainly doesn't prevent MITM attacks on its own, since the negotiation of new symmetric keys is authenticated with the certificate: that's what prevents MITM attacks.
如果你真的很担心你的私钥从您的机器被复制,您可以使用一个HSM模块(Java支持PKCS#11)。
If you're really worried about your private key being copied from your machine, you could use an HSM module (Java supports PKCS#11).
这是说,因为你似乎认为有可能是有人在执行你的机器上的MITM攻击的位置,使用同一台机器上两个进程之间的通信,这听起来像你假设你的机器损害。在这种情况下,您使用SSL / TLS来保护无论你试图保护成功的机会是有限的。这听起来像有一个与一般的方法一个更大的问题。
This being said, since you seem to assume that there can be someone in a position to perform a MITM attack on your machine, using a communication between two processes on the same machine, it sounds like you're assuming your machine is compromised. In this case, your chances of success in using SSL/TLS to protect whatever you're trying to protect are limited. It sounds like there's a bigger problem with the general approach.
这篇关于失去SSL证书的后果的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
