1

Trying to understand this from a high level conceptually. It is obvious from all information on Asymmetric encryption that a public key can be of course, public and there isn't a danger of interception. So I'm faced with a point in my software of a key-exchange over server database. An admin user would put out their public key to a public read & write object on my Parse database. The new user requesting to join a group would access this key by a password. The new user then pushes their public key to server and then to admin user. At this point there is a message test sent both ways to ensure the keys are accurate. If they are found to be accurate than all resumes well. If not then a more secure method is employed. All keys are deleted once exchanged of course.

So the main vulnerability with this asymmetric method (from my high level, conceptual knowledge) is that the key could be intercepted and swapped and thereafter sensitive data is being sent ciphered with an attackers key.

The question therefore is: in my situation above, and considering a key verification check, should I still be worried about such an attack?

Additionally and more generally, if there is a message check such as I have outlined above, how could there possibly be a vulnerability of public key swap? ... i.e. if a man in the middle attack occurs, the sent message could not be decrypted by the proper recipient because the attackers public key was used. Therefore both parties would know a key has been compromised and an attack occurred and could act accordingly.

RobbB
  • 117
  • 5

1 Answers1

1

You are describing a man in the middle attack.

Intended use case: Alice <--> [Object Store] <--> Bob

MitM issue: Alice <--> [Eve] <--> [Object Store] <--> Bob

In the MitM Eve intercepts both Public Keys and forwards on their own public-key and can then decrypt/encrypt all of the traffic between Alice and Bob.

The solution to this is to add a trusted third party. For instance if your Object Store has a HTTPS cert both Alice and Bob can check against the certificate authority that they are indeed talking to the Object Store rather than to Eve

If you need, you can even go one step further and enforce client side certificates so not only do Alice and Bob know that they are talking to the Object Store but also that the Object Store knows that its talking to Alice and Bob

CaffeineAddiction
  • 7,517
  • 2
  • 20
  • 40
  • I had no idea that this type of attack was that sophisticated- where man in middle actively intercepts by encryption & decryption after doing a complete exchange! I am using Parse for my backend as a service, I think i'll have to find out about if this platform issues its certificates for its HTTPS. I would imagine it does... – RobbB Aug 20 '21 at 05:40
  • I'm very new still, especially to security. I now know that this is all taken care of with HTTPS :) – RobbB Aug 20 '21 at 06:04