Chapter 13 Β· Quiz

Key Exchange Quiz

Select your answer, then click Reveal Answer to check immediately β€” or grade all at once at the bottom.

Question 1: An organization needs to distribute a cryptographic key to branch offices, but their policy requires that the key never travel over any electronic network. Which key exchange method satisfies this requirement?

Correct answer: B. Out-of-band key exchange uses a separate channel from the network β€” physical courier, in-person meeting, or telephone. This is the only option that keeps the key off all electronic networks. In-band methods (A, C, D) all transmit key material over the network.

Question 2: A security engineer wants to configure a web server so that a future compromise of the server's long-term private key cannot be used to decrypt currently recorded TLS sessions. Which feature must be enabled?

Correct answer: B. Forward secrecy (via DHE or ECDHE) ensures that each session uses ephemeral keys. These keys are deleted after the session, so even if the server's long-term private key is later compromised, past sessions cannot be decrypted. RSA key exchange (D) does not provide forward secrecy β€” if the private key is compromised, all past sessions are at risk.

Question 3: During a TLS handshake using traditional RSA key exchange, what does the client encrypt with the server's public key?

Correct answer: C. In RSA-based TLS key exchange, the client generates a random symmetric session key, encrypts it with the server's public key, and sends it. Only the server (with its private key) can decrypt this and recover the session key. The client's private key (A) is never sent. Credentials (B) are sent after the secure channel is established. The certificate (D) comes from the server, not the client.

Question 4: What distinguishes Diffie-Hellman from RSA-based key exchange?

Correct answer: D. The key distinction is that DH allows both parties to arrive at the same shared secret through independent computation β€” the secret itself never crosses the wire. RSA-based exchange involves the client generating and encrypting the session key, then sending it (even encrypted). With DH, an eavesdropper cannot derive the shared secret even with all transmitted values.

Question 5: A session key must have which two properties to be secure?

Correct answer: C. Session keys must be unpredictable (generated from a truly random source so attackers cannot guess them) and ephemeral (temporary β€” changed per session so compromise of one key limits exposure to just that session). Static keys (A) undermine forward secrecy. Public keys (B) are used for asymmetric operations, not session encryption.

Matching: Key Exchange Concepts

Match each term to its correct description.

TERM

Out-of-Band Exchange
Forward Secrecy
ECDHE
Session Key

DESCRIPTION

Key delivered through a separate channel β€” courier, telephone, in-person
Past sessions remain secure even if the long-term private key is later compromised
Elliptic curve ephemeral DH β€” provides forward secrecy with smaller keys; default in TLS 1.3
Temporary symmetric key for one communication session; discarded when session ends

Analysis Question

A company's security team discovers that an attacker has been recording all TLS traffic to their web server for the past two years. The attacker has now obtained the server's RSA private key through a breach. The server used RSA key exchange (not DHE or ECDHE). What is the impact?

The impact is severe: all two years of recorded TLS sessions can now be decrypted. With RSA key exchange (no forward secrecy), the server's private key was used to protect each session's symmetric key. An attacker holding the private key can decrypt the recorded RSA-encrypted session key from each TLS handshake, recover the symmetric session key for each session, then decrypt the actual data traffic. Every login, transaction, and communication over those two years is now exposed.

If the server had used DHE or ECDHE (forward secrecy), the attacker could not decrypt past sessions β€” those ephemeral keys no longer exist. The breach would expose only information the attacker could intercept going forward, not historical recordings.

Performance Task

You are designing the TLS configuration for a financial services company's public website. The CISO's requirements are: (1) all connections must use forward secrecy, (2) TLS 1.0 and 1.1 must be disabled, (3) the key exchange must be resistant to compromise of the server's long-term certificate key. Describe your cipher suite selection and configuration decisions.

Model Answer:

1. TLS version: Enable TLS 1.2 and TLS 1.3 only. Disable TLS 1.0, 1.1, and SSL 3.0 (all deprecated, known vulnerabilities).

2. Cipher suite selection for TLS 1.3: TLS 1.3 only supports cipher suites with ECDHE and forward secrecy β€” no configuration needed. All TLS 1.3 suites automatically satisfy requirements 1 and 3.

3. Cipher suite selection for TLS 1.2: Configure to allow only suites with ECDHE (preferred) or DHE in the name. Examples: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. Disable any suite with RSA key exchange (e.g., TLS_RSA_WITH_AES_256_CBC_SHA256) β€” these provide no forward secrecy.

4. Certificate: Use an RSA 3072-bit or ECDSA P-256 certificate. The certificate is used for authentication/identity verification; the session key is derived via ECDHE independently of the certificate's key.

5. Result: Every connection generates fresh ephemeral keys. Compromise of the server's certificate private key cannot decrypt any past or future sessions' actual data. Each session's forward secrecy is guaranteed by the ephemeral DH exchange.