Question:
Argue why the attack described below works or does not work. (3p)
In a TLS_RSA connection, the attacker performs a person-in-the-middle attack; they compute their own PMS and exchange the ClientKeyExchange message with their own. The server uses the exchanged ClientKeyExchange message for the key derivation, and thus, the attacker can infer the key material used during the connection and decrypt it.
Explanation:
The question requires an in-depth understanding of the TLS 1.2 handshake, its messages, and the RSA key exchange. To answer it, the student must apply learned concepts and attacker models to an exemplary attack on the protocol dynamically rather than repeating learned knowledge.