client private key compromise enables man-in-the-middle attack? - Openssl

This is a discussion on client private key compromise enables man-in-the-middle attack? - Openssl ; Hi folks, From my understanding that if a TLS/SSL client is using client certificate, the compromise of its private key alone won't allow man-in-the-middle attack if ciphers are selected properly (of course anonymous ciphers are vulnerable) - as the man-in-the-middle ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: client private key compromise enables man-in-the-middle attack?

  1. client private key compromise enables man-in-the-middle attack?

    Hi folks,



    From my understanding that if a TLS/SSL client is using client certificate,
    the compromise of its private key alone won't allow man-in-the-middle attack
    if ciphers are selected properly (of course anonymous ciphers are
    vulnerable) - as the man-in-the-middle cannot forge the signatures made by
    the server side. This being said, having other credentials, the hacker could
    impersonate the client whose private key was stolen.



    Now our security folks apparently hold the opposite view, can someone here
    help? Thanks in advance.



    Regards,

    Joe Guan





  2. Re: client private key compromise enables man-in-the-middle attack?

    On Mon, Jul 28, 2008 at 11:49:51AM -0400, Joe Guan wrote:

    > Hi folks,
    >
    >
    >
    > From my understanding that if a TLS/SSL client is using client certificate,
    > the compromise of its private key alone won't allow man-in-the-middle attack
    > if ciphers are selected properly (of course anonymous ciphers are
    > vulnerable) - as the man-in-the-middle cannot forge the signatures made by
    > the server side. This being said, having other credentials, the hacker could
    > impersonate the client whose private key was stolen.
    >


    If the user is not verifying the server cert, then compromise of the
    client key enables an MITM attack.

    Irrespective of that, the attacker can impersonate the user by
    connecting directly, assuming the client key is sufficient for user
    authentication.

    --
    Viktor.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  3. RE: client private key compromise enables man-in-the-middle attack?

    Thanks Viktor for the prompt reply!

    Our clients are not certified if they don't verify the server cert. Though
    impersonate is an issue, our security folks are also concerned about the
    privacy of existing sessions and newly created sessions -- which I don't
    think valid in our case.

    Thanks,
    Joe Guan

    > -----Original Message-----
    > From: owner-openssl-users@openssl.org [mailtowner-openssl-
    > users@openssl.org] On Behalf Of Victor Duchovni
    > Sent: July-28-08 11:58 AM
    > To: openssl-users@openssl.org
    > Subject: Re: client private key compromise enables man-in-the-middle
    > attack?
    >
    > On Mon, Jul 28, 2008 at 11:49:51AM -0400, Joe Guan wrote:
    >
    > > Hi folks,
    > >
    > >
    > >
    > > From my understanding that if a TLS/SSL client is using client

    > certificate,
    > > the compromise of its private key alone won't allow man-in-the-middle

    > attack
    > > if ciphers are selected properly (of course anonymous ciphers are
    > > vulnerable) - as the man-in-the-middle cannot forge the signatures

    > made by
    > > the server side. This being said, having other credentials, the

    > hacker could
    > > impersonate the client whose private key was stolen.
    > >

    >
    > If the user is not verifying the server cert, then compromise of the
    > client key enables an MITM attack.
    >
    > Irrespective of that, the attacker can impersonate the user by
    > connecting directly, assuming the client key is sufficient for user
    > authentication.
    >
    > --
    > Viktor.
    > __________________________________________________ ____________________
    > OpenSSL Project http://www.openssl.org
    > User Support Mailing List openssl-users@openssl.org
    > Automated List Manager majordomo@openssl.org


    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  4. Re: client private key compromise enables man-in-the-middle attack?

    On Mon, Jul 28, 2008 at 12:16:29PM -0400, Joe Guan wrote:

    > Thanks Viktor for the prompt reply!
    >
    > Our clients are not certified if they don't verify the server cert.


    The server can't be verify this during the handshake. If you control the
    client software, then perhaps you can be confident that the software in
    question always verifies the server cert.

    > Though
    > impersonate is an issue, our security folks are also concerned about the
    > privacy of existing sessions and newly created sessions -- which I don't
    > think valid in our case.


    Server cert verification is sufficient for this, the client does not need
    a client cert for this, so disclosure of any such cert does not break MITM
    resistance.

    --
    Viktor.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  5. RE: client private key compromise enables man-in-the-middle attack?


    > > Our clients are not certified if they don't verify the server cert.

    >
    > The server can't be verify this during the handshake. If you control
    > the
    > client software, then perhaps you can be confident that the software in
    > question always verifies the server cert.


    I should be more clear -- as a policy, we require all of our clients doing
    the server cert. verification (quite basic, hnh?).

    > > Though
    > > impersonate is an issue, our security folks are also concerned about

    > the
    > > privacy of existing sessions and newly created sessions -- which I

    > don't
    > > think valid in our case.

    >
    > Server cert verification is sufficient for this, the client does not
    > need
    > a client cert for this, so disclosure of any such cert does not break
    > MITM
    > resistance.


    To be exact, disclosure of client private key.

    Thanks,
    Joe G.


    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  6. Re: client private key compromise enables man-in-the-middle attack?

    On Mon, Jul 28, 2008 at 12:34:28PM -0400, Joe Guan wrote:

    > I should be more clear -- as a policy, we require all of our clients doing
    > the server cert. verification (quite basic, hnh?).


    If this is a policy requirement on people, it is sure to be largely
    ignored. They learn that in most cases certificate verification errors,
    are IT problems, not MITM attacks, so they stop caring, and just accept
    the invalid certs.

    > > Server cert verification is sufficient for this, the client does not
    > > need
    > > a client cert for this, so disclosure of any such cert does not break
    > > MITM
    > > resistance.

    >
    > To be exact, disclosure of client private key.


    Yes, of course.

    --
    Viktor.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread