0

Consider a remote and local system doing mutual authentication either by TLS through server/client certificates or similarly wireguard. What are the differences when the private keys (in particular the one for the remote system/server) are

a) exposed in clear to an attacker

or

b) the attacker can actively change those

Note that both sides might not know the other ones public key in advance. E.g. the attacker has the ability to tamper with the creation of the server keys and sends a valid but evil public key to the client.

nobody
  • 11,341
  • 2
  • 41
  • 60
atlas
  • 1

1 Answers1

1

The most obvious difference between them is that in Scenario A, the attacker can carry out Man in the Middle attacks with very little chances of getting caught, since the key pairs remain unchanged and there is almost nothing out of the normal for either parties to notice.

In Scenario B, the attacker changes the key pair. Although, in some cases, the attacker can still carry out a successful Man in the Middle attack, this has a significantly higher chance of getting caught since any of the parties can notice the sudden change of the public/private keys if they have already communicated in the past with uncompromised keys (specially if the client implements something like public key/certificate pinning).

nobody
  • 11,341
  • 2
  • 41
  • 60
  • But in case the attacker has complete control over the server key generation? There should be no difference. The client just gets send a normal looking public key which he accepts, also the server gets client keys which he also accepts. – atlas Dec 19 '20 at 19:47
  • @atlas Well, I assumed that the client/server have already communicated in the past using an uncompromised key pair. In this case, having the keypair suddenly change could raise a red flag (atleast in cases where certificates are used, if a certificate hasn't expired or been revoked, the certificate changing after one session for no apparent reason is suspicious.) – nobody Dec 19 '20 at 19:51