What happen if key during key exchange is stolen?

Question

I am imagining a key exchange protocol. I wonder how to secure the connection if an intruder can obtain the shared key during key exchange protocol.

Is there anything I can do to secure the connection?

Thank you.

There is a lot you can do, but you probably should do only one thing and that is enabling TLS. — Artjom B., Oct 24 '15 at 09:40
I'm voting to close this question as off-topic because it lacks a significant programming component. — President James K. Polk, Oct 24 '15 at 14:03

score 2 · Answer 1 · edited Apr 13 '17 at 12:48

If it is a cryptographic key exchange protocol than you do not need to wory.

It works like this: A has a secret, used to compute a public info. B has a secret, used to compute a public info. When public info of A is computed with secret of B it gives a secret key. The same result is if public info of B is computed with secret of A. So basically only public info is sent over the wire.

Read more about this at: https://en.m.wikipedia.org/wiki/Diffie-Hellman_key_exchange

And do not try this at home, there are a lot of things that can be exploited in classic textbook crypthography, with solution known by experts. Always use a solution implemented by experts. See: https://crypto.stackexchange.com/questions/20085/which-attacks-are-possible-against-raw-textbook-rsa

You can prevent the stealing of the key by using good protocols. But if an intruder finds a way to steal the key or more likely replace it, there is nothing you can do.

Plain (EC)DH is still vulnerable against a man-in-the-middle attack. You need some other means of ensuring that the public info that is sent, is actually authentic (signed). RSA is a way to do this. — Artjom B., Oct 24 '15 at 10:30

score 1 · Answer 2 · answered Oct 24 '15 at 13:18

If you don't have any information that you can trust then you cannot setup a secure connection, simply because you don't know the end point. Key agreement algorithms are however setup in such a way that obtaining the shared secret is hard.

Take for instance ephemeral-ephemeral (Elliptic Curve) Diffie-Hellman. This provides perfect forward security. Even if all the messages between the two parties are intercepted the shared secret cannot be obtained from the messages (other than brute forcing the key itself, or obtaining it from one of the parties). As noted before, key agreement requires authentication, which may fail during the setup of the connection.

If a key is obtained by an attacker then you first need to find out that this is the case. Once the key is available to the attacker all security properties obtained by using the key are lost.

Hi, I love this answer. Thanks – dhayyati Nov 01 '15 at 03:42 — dhayyati, Nov 01 '15 at 03:42

What happen if key during key exchange is stolen?

2 Answers2