Question 1: An organization needs to distribute a cryptographic key to branch offices, but their policy requires that the key never travel over any electronic network. Which key exchange method satisfies this requirement?
Question 2: A security engineer wants to configure a web server so that a future compromise of the server's long-term private key cannot be used to decrypt currently recorded TLS sessions. Which feature must be enabled?
Question 3: During a TLS handshake using traditional RSA key exchange, what does the client encrypt with the server's public key?
Question 4: What distinguishes Diffie-Hellman from RSA-based key exchange?
Question 5: A session key must have which two properties to be secure?
Matching: Key Exchange Concepts
Match each term to its correct description.
TERM
DESCRIPTION
Analysis Question
A company's security team discovers that an attacker has been recording all TLS traffic to their web server for the past two years. The attacker has now obtained the server's RSA private key through a breach. The server used RSA key exchange (not DHE or ECDHE). What is the impact?
If the server had used DHE or ECDHE (forward secrecy), the attacker could not decrypt past sessions β those ephemeral keys no longer exist. The breach would expose only information the attacker could intercept going forward, not historical recordings.
Performance Task
You are designing the TLS configuration for a financial services company's public website. The CISO's requirements are: (1) all connections must use forward secrecy, (2) TLS 1.0 and 1.1 must be disabled, (3) the key exchange must be resistant to compromise of the server's long-term certificate key. Describe your cipher suite selection and configuration decisions.
1. TLS version: Enable TLS 1.2 and TLS 1.3 only. Disable TLS 1.0, 1.1, and SSL 3.0 (all deprecated, known vulnerabilities).
2. Cipher suite selection for TLS 1.3: TLS 1.3 only supports cipher suites with ECDHE and forward secrecy β no configuration needed. All TLS 1.3 suites automatically satisfy requirements 1 and 3.
3. Cipher suite selection for TLS 1.2: Configure to allow only suites with ECDHE (preferred) or DHE in the name. Examples: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. Disable any suite with RSA key exchange (e.g., TLS_RSA_WITH_AES_256_CBC_SHA256) β these provide no forward secrecy.
4. Certificate: Use an RSA 3072-bit or ECDSA P-256 certificate. The certificate is used for authentication/identity verification; the session key is derived via ECDHE independently of the certificate's key.
5. Result: Every connection generates fresh ephemeral keys. Compromise of the server's certificate private key cannot decrypt any past or future sessions' actual data. Each session's forward secrecy is guaranteed by the ephemeral DH exchange.