Shared Flashcard Set

Details

TLS Certificate Based Client Authentication
Basics of - and Practical Problems with TLS Client Certificate-based authentication
19
Computer Networking
Advanced
01/15/2021

Additional Computer Networking Flashcards

 


 

Cards

Term
How is CCA (Client certificate-based authentication) triggerred from the server side?
Definition
By sending the CertificateRequest during TLS handshake.
Term
What does the CertificateRequest message contain?
Definition
A list of distinguished names (DN's) of CA's that the server trusts.
Term
What happens when the client does not wish to perform CCA?
Definition
It sends an empty Certificate message.
Term
Who sends the CertificateVerify message?
Definition
The client.
Term
What is the purpose of CertificateVerify message?
Definition
To prove that the client actually owns the private key corresponding to the public key in the client's certificate.
Term
How is the CertificateVerify message created?
Definition
A hash of all previous messages between the client and the server is calculated and the signed by the private key. This signature is then sent in the CertificateVerify message.
Term
What is one advantage of CCA?
Definition
A proof is given that the client possesses the private key, but the key is not disclosed to the server. Unlike credentials/passwords, the private thus cannot be easily stolen.
Term
What is the purpose of HelloRequest message and who sends it?
Definition
It is a renegotiation request send by the TLS server. Use cases include invocation of CCA for a set of protected resources on a server.
Term
How does TLS session resumption work?
Definition
This is a mechanism for an abbreviated TLS handshake. In such a case, key negotiation phase would be skipped, which saves one round trip across the network plus one privatek key operation on the server side (and if CCA is used, on client side, as well). The session can be resumed by the client by specifying the session id in the ClientHello message.
Term
What is the most common implementation of CCA on the server side?
Definition
Apache with mod_ssl.
Term
What is the main Apache directive to use CCA?
Definition
SSLVerifyClient require
Term
What is the difference between Apache VerifySSLClient require and optional directives?
Definition
Require will fail if the client sends an empty Certificate message, while optional will not.
Term
The client is getting refused by the server, even though the correct certificate seems to be present on the device. What can be the problem?
Definition
Certificate caching actually uses previously used, now invalid, certificate.
Term
What issue pertaining to JavaScript is an obstacle in CCA implementation?
Definition
A common, unified API to clear the TLS cache (and TLS cache only) among all types of browsers (clients) is not available. Hence, login and logout functionality when using CCA is currently not attainable.
Term
Is PKI and CA needed for TLS CCA?
Definition
No.
Term
In what cases is PKI and CA needed for TLS CCA?
Definition
On servers which do not know the user's identity (yet), and the verification of the user's identity is a prerequisite for the opening of the account. In cases where the authentication happens *after* the opening of the account, CA validation is not necessary, as the user cert is simply used for user registration.
Term
If the TLS CCA is used, even a very powerful attacker that can successfully impersonate a legitimate server, cannot reuse the proof given in a CertificateVerify message to impersonate a victim to the legitimate server. Explain.
Definition
Client's CertificateVerify consist of a hash of all previously exchanged messages between the client and the server, and then signing it with the private key of the client. Hence, the private key itself is never actually retrievable from the proof (due to laws of modular arithmetic), and cannot be reused in future communication. The bad actor cannot impersonate a victim whose proof they have captured, because to perform CCA to the server they would actually need to sign the message hashes with the private key, which they do not possess.
Term
Why is client certificate available to passive attackers?
Definition
Is is sent within the Certificate message, which happens *before* encryption.
Term
Describe TLS Handshake with TLS CCA implemented.
Definition
1. Client: ClientHello
2. Server: ServerHello, Certificate, *CertificateRequest*, ServerHelloDone
3. Client: Certificate, ClientKeyExchange, CertificateVerify
4. Client: ChangeCipherSpec, Finished
5. Server: ChangeCipherSpec, Finished
Supporting users have an ad free experience!