How is the connection between the server and an ID-card established and what protects it against man-in-the-middle attacks?
First of all – what is a man-in-the-middle attack?
The English expression ‘man-in-the-middle’ is also preferred in colloquial Estonian when man-in-the-middle attacks are described, probably because it’s very figurative: a third party or an attacker interferes when information moves from point A to point B and thereby gains control over the information. Attacks means interference whereby information is altered and situations where an unauthorised party obtains access to information they have no right to access.
How is the connection established?
Exchanging certificates is the first step in the establishment of the connection.
Both the client, i.e. their ID-card, and the server have their secret keys and also know the counterparty’s certificate. A random message is selected for exchanging certificates, which is signed by one of the parties with their secret key and sent to the other party (e.g. a client sends the message via a browser).
The counterparty then checks the signature using the sender’s certificate that is known to them.
- If server authentication is used, only the server signs the message in such a manner and sends it to the client (i.e. their browser) for verification.
- It is a two-way process upon the bilateral authentication of both the client and the server, and both parties verify each other’s authenticity ‘independently’.
Giving a digital signature becomes possible only after the signatory has been properly identified.
Regarding web servers, the likelihood of a man-in-the-middle attack is so small that it can practically be ruled out. Firstly, the attacker should be able to forge the signatures of the client as well as the server. Secondly, they should be able to create forged certificates, which are equivalent to the ones signed by Sertifitseerimiskeskus. This cannot be done with contemporary computing capacities.