1

I am still learning how TLS works.

I've create a sample golang client-server app, then used cfssl to generate certificates.

Now what I did is create a CA, then create the client and server certificate signed by that CA.

The server and client config is almost the same except for the organization and organization unit.

Now the server will receive the server public cert and its key and the CA certificate, and the client will also receive the client public cert and its key and the CA certificate.

My question is if an intruder is able to copy the client public certificate and its key and also the provided CA certificate, could he perform a MITM attack between the server and the client?

Edit: The scenario I was thinking of is both the client and the server within the local network, but their client computer has an internet connection.

MiaoHatola
  • 2,284
  • 1
  • 14
  • 22
zer09
  • 133
  • 6
  • *I am still learning how TLS works?* - this is a good idea. But I recommend to read first the many questions and answers about this topic on this site before asking your own. [How does SSL/TLS work?](https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work) is a good start to understand the concepts but there are also [many question about man in the middle attacks against SSL/TLS](https://www.google.com/search?q=site%3Asecurity.stackexchange.com+mitm+tls). – Steffen Ullrich May 13 '17 at 05:33
  • @SteffenUllrich thanks for reading links, BTW I think the marked duplicate doesn't apply because it tells about the key for the server(website) not the client certificate, correct if I am wrong. I will add edit to my post. – zer09 May 13 '17 at 06:58
  • You are right. I did not notice that you use mutual authentication. – Steffen Ullrich May 13 '17 at 07:16
  • yes it is, I will post my golang test code if you like. – zer09 May 13 '17 at 07:20
  • I don't think that the code is necessary to answer the question. – Steffen Ullrich May 13 '17 at 07:22

1 Answers1

1

The certificate in TLS is used for authentication, i.e. to verify that one is talking with the expected peer. This is true for both server and client certificates. But in most cases only a server certificate is used to make sure to deter man in the middle attacks. Thus most MITM scenarios only care about somehow faking the servers certificate or stealing the servers private key to perfectly impersonate it.

In the case that only the client certificates private key is compromised but not the server certificates private key a man in the middle attack is not possible, provided that the client correctly validates the servers certificate. And it does not matter if both certificates are signed by the same CA or not.

But, if the client certificate is used by the server to authenticate the client and based on successful authentication to allow specific activities, then another attack is possible. Since the attacker has compromised the private key of the client certificate he can now perfectly impersonate the client and do any actions at the server which are allowed for this certificate.

The situation is different if the client wrongly relies only on the trust chain for certificate validation and does not check that the subject of the servers certificate matches the servers name. This error of not checking the subject or not properly checking it could actually be found often in the past. In this case the attacker could use the compromised client certificate to fake the original server certificate inside a man in the middle attack because this certificate is signed by a trusted CA and the wrong subject is not detected by the client.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • thanks for the answer. But it opens up me more questions. but it think that will be for another day. I need to do more reading. – zer09 May 13 '17 at 07:51