understanding email encryption Nicolas T. Courtois – University
57 Slides1.26 MB
understanding email encryption Nicolas T. Courtois - University College London
email Encryption Conventional Encryption 2 Nicolas T. Courtois
email Encryption Secret-Key Encryption Bob Alice 3 Nicolas T. Courtois
email Encryption Secret-Key Encryption Bob Alice 4 Nicolas T. Courtois
email Encryption Example Truecrypt hard drive encryption Danger: shared key If only one computer is infected all security gone forever (past, future, all people) 5 Nicolas T. Courtois
email Encryption Asymmetric Techniques 6 Nicolas T. Courtois
email Encryption Vocabulary Public-Key Cryptography Asymmetric Cryptography there is no secret in encryption, there is one in decryption A Private Key a.k.a. Secret Key A Public Key. 7 Nicolas T. Courtois
email Encryption Public Key Cryptography Public key: can be distributed to many parties. Does not have to be public 8 Nicolas T. Courtois
email Encryption Public Key Encryption - 3 Algorithms r m m or invalid Eve encryption algorithm c c decryption algorithm past: setup phase pk (public key) 9 Nicolas T. Courtois key generation algorithm sk (private key)
email Encryption Setup / Establishing Trust (PKI Public Key Infrastructure) 10 Nicolas T. Courtois
email Encryption SKA PKA What’s Wrong Here? EPK(A)(m) A Key management? 11 Nicolas T. Courtois PKA B
email Encryption SKA PKA Even More Wrong PKCert PKA EPK(A)(m) A a dog? 12 Nicolas T. Courtois B
email Encryption SKA PKA Right Solution with PKI PKA certA h(rB), B, EPK(A)(rB, B) A authentication of the key by the means of a Digital Signature signatures suddenly needed ALSO FOR ENCRYPTION PGP will ask us to sign keys proof of trust 13 Nicolas T. Courtois PKCert B
email Encryption Digital Signatures 14 Nicolas T. Courtois
email Encryption [Manual and Digital] Signatures Two main functions: 1. Identify the signer 2. Approbation of the document. 15 Nicolas T. Courtois
email Encryption Manual Digital Signatures Two main functions 1. Identify the signer 2. Approbation in electronic word: 1. Easy to copy ! 2. Easy to alter the document ! Consequence A digital signature does depend on the document. (need to protect document integrity, did not exist before !) 16 Nicolas T. Courtois
email Encryption Digital Signatures m signing algorithm yes/no (m, ) verification algorithm forgery 17 sk pk (private key) (public key) Nicolas T. Courtois
email Encryption Requirements so far: Three main functions: 1. Identify the signer 2. Approbation 3. Integrity of the message 18 Nicolas T. Courtois
email Encryption Integrity: Hash-then-Sign m A hash function (or hash algorithm) is a reproducible method of turning data (usually a message or a file) into a number suitable to be handled by a computer. These functions provide a way of creating a small digital "fingerprint" from any kind of data. The function chops and mixes (i.e., substitutes or transposes) the data to create the fingerprint, often called a hash value. The hash value is commonly represented as a short string of random-looking letters and numbers (Binary data written in hexadecimal notation). 0- bits 19 Nicolas T. Courtois H(m) H Digital Signature e.g. RSAPSS 160 bits 098f6bcd46 21d373cade 4e832627b4 80 bits
email Encryption Digital Signatures - Bonus Another main function ! 1. Identify the signer (certify origin, solved) 2. Approbation (hard (hard to get !) 3. Integrity of the message (solved) 4. Automatic verification, and another bonus: Public Verifiability 20 Nicolas T. Courtois
email Encryption Vocabulary frequently confused crypto only crypto - a D.S. Digital Signatures secure device qualified certif. Advanced Electronic Signatures. Electronic Signatures. just some electronic tag/evidence 21 Nicolas T. Courtois
email Encryption Electronic and Advanced Signatures (in The European Directive) 1. Electronic Signature. Definition [EU]: data in electronic form which are attached to, or logically associated with, other electronic data and which serve as a method of authentication. 2. Advanced Electronic Signature. 2x link. An electronic signature that: is uniquely linked to a signatory and capable of identifying the signatory, and created by means the signatory can maintain under his sole control, and linked to the data being signed such that any change of the data is detectable. 22 Nicolas T. Courtois
email Encryption Non Repudiation 1. Identify the signer Non-repudiation (aka Imputability). The signer is the ONLY and UNIQUE person which can create the (signed) document. 23 Nicolas T. Courtois
email Encryption Protocols and Software Products: Security of Email 24 Nicolas T. Courtois
email Encryption SMTP Protocol THE original email protocol. Emails: no encryption (in cleartext) and no authentication. In addition everybody can send email epidemics of spam!!!! 25 Nicolas T. Courtois
email Encryption Standards for Secure Email Two main open standards: PGP – – – [Phil Zimmerman, US activist, 1991], much later became open standard GnuPG [RFC2440] some PGP products are certified by US gov NIST S/MIME [RSA Labs] – free implementation in Open SSL same general method called hybrid encryption: 26 Nicolas T. Courtois
email Encryption Hybrid Encryption random key K IV mi mi Data Encapsulation Module K block cipher mode Eve ci ci block cipher mode K Key Encapsulation Module r PK encryption algorithm K “good” padding encapsulated key PK decryption algorithm verif. padding past: setup phase pk (public key) 27 Nicolas T. Courtois key generation algorithm sk (private key) K
email Encryption Background 28 Nicolas T. Courtois
email Encryption Why Encrypt Email? Phil Zimmerman writes: Why don't you always send your paper mail on postcards? [ ] You must be a subversive or a drug dealer if you hide your mail inside envelopes. [ ] Are you trying to hide something? 29 Nicolas T. Courtois
email Encryption PGP Revolution Zimmerman in 1991 wrote the first email encryption program which was adopted worldwide. He says: : Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers [ ] But ordinary people and grassroots political organisations didn’t have [ ] Until now. 30 Nicolas T. Courtois
email Encryption How to use PGP 31 Nicolas T. Courtois
email Encryption Software 1 2 Frequently there are two separate programs: 1. Key management and command line tool – – PGP paid, GnuPG free 2. Encryption/Decryption/Signature/ Verification programs or front-ends 32 Nicolas T. Courtois
email Encryption Example 1. Install GnuPG from gnupg.org 2. Instal Enigmail -- for Mozilla Thunderbird 33 Nicolas T. Courtois
email Encryption Software 1. Key management and command line: – – Example: GnuPG from gnupg.orgGnuPG (free GNU version of PGP RFC4880) Almost invisible tool, works in the background Download from gnupg.org 34 Requires a compiler such as Visual Studio 8, use nmake or so. Version 1.4.9. Easy to install: http://www.mirrorservice.org/sites/ftp.gnupg.org/gcrypt /binary/gnupg-w32cli-1.4.9.exe Version 2.0. is provided by third party: http://gpg4win.de/download.html Nicolas T. Courtois
email Encryption Example – 1. After installation: 35 Nicolas T. Courtois
email Encryption Software 2. 2. Encryption/Decryption/Signature/Verification Frontends: http://gnupg.org/related software/frontends.en.html Enigmail -- for Mozilla Thunderbird Enigform ---- Mozilla Firefox EudoraGPG --- for Eudora ez-pine-gpg ---- pine GPGOE ---- plugin for Outlook Express Mac GNU Privacy Guard , GPGMail etc. ---- for Apple 36 Nicolas T. Courtois
email Encryption 3. Encrypt plain text? Text - text programs -- cut and paste (works with gmail and IM!) GPG4Win – on Windows allows to encrypt files/email/text easily Mc OS X: GPGDropThing – FireGPG which is a Firefox plugin. How to use it? 37 Nicolas T. Courtois
email Encryption PGP with Gmail and Mac 0S Step 1. Right click, select FireGPG- Encrypt Then and the end there is a COPY TO CLIPBOARD AND CLOSE option then paste the encrypted message in Gmail. creates also a button to encrypt attachments 38 Nicolas T. Courtois
email Encryption Example - Enigmail 2. Instal Enigmail -- for Mozilla Thunderbird From here: https://addons.mozilla.org/en-US/thunderbird/downloads/file/ 92940/enigmail-1.1.2-tb-win.xpi 39 Nicolas T. Courtois
email Encryption Enigmail -- for Mozilla Thunderbird MUST BE ADDED MANUALLY HERE, 40 Nicolas T. Courtois
email Encryption Enigmail -- for Mozilla Thunderbird Add it manually! Start Thunderbird. In the menu bar of the main window you will see "Tools". Select this, and then "Add-ons". This will bring up a new window listing all of your Thunderbird plug-ins. In the lower left-hand corner of this new window you'll see a button marked "Install". Click this button. Tell Thunderbird where you saved the Enigmail .XPI file. 41 Nicolas T. Courtois
email Encryption Example Enigmail -- for Mozilla Thunderbird 42 Nicolas T. Courtois
email Encryption My Keys 43 Nicolas T. Courtois
email Encryption Their Properties 44 Nicolas T. Courtois
email Encryption Right Click on One Key 45 Nicolas T. Courtois
email Encryption Key Properties 46 Nicolas T. Courtois
email Encryption Steps 1. 2. 3. 4. 5. Install GnuPG software Generate a pair of keys. Choose a strong password for storage of Sign your own and other people’s keys. Why? Make your key known (publish or distribute). 6. Install an encryption/decryption program or a plugin for Eudora/Thunderbird/etc. Now: 7. – – 47 Everybody can write a PRIVATE encrypted message to you, only you can. You can sign any message, everybody can check it comes from you, nobody can Nicolas T. Courtois
email Encryption Key Management Sign your own and other people’s keys. Why? How? 48 Nicolas T. Courtois
email Encryption Problems with PK crypto and email encryption 49 Nicolas T. Courtois
email Encryption Revolutionary or Dangerous? The US Customs started a criminal investigation of Zimmermann, for allegedly violating the Arms Export Control Act Dropped after 3 years of investigation and a lot of public/press outrage Named one of the: Top 10 Innovators in E-business (InfoWorld) 50 most influential people on the Internet (Newsweek) Etc. 50 Nicolas T. Courtois
email Encryption * Problems with the PKI Systems Cf. Ellison and Schneier: “Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure” http://www.schneier.com/paper-pki.pdf Ben Laurie: Seven and a Half Non-risks of PKI. http://www.apache-ssl.org/7.5things.txt 51 Nicolas T. Courtois
email Encryption Main Risks / Pitfalls 1. Bugs? Backdoors? Source code? People/country trusted? Is it really the key of Bob? 2. 3. Was his real key lost or stolen (e.g. virus)? 4. 5. size (1024 bit: expired 2010) strength (RSA-PSS 2048 bits) randomness (mouse keyboard ) Was the message changed at signing time? 52 Revocation Lists: lists of blacklisted keys stored on an Internet server Was my key of good quality? 6. 7. Certificates: trusting third parties in foreign countries Real-time substitution Did parties perform all the checks? Shall I save the message? Nicolas T. Courtois
email Encryption 53 Nicolas T. Courtois **Attack Tree for PGP Bruce Schneier
email Encryption PKI Comparison PGP – web of trust, totally decentralized system users can chose how much they trust each key is trust transitive? not really in particular, can also implement normal hierarchical PKI. S/MIME [RSA Labs] – uses the same standard PKI as SSL: X.509 certificates. In both cases organisations can implement their own closed PKI. 54 Nicolas T. Courtois
email Encryption Happy with Secure Email? Problems: BUT: almost never used, – need to enrol in advance before email is sent – 55 if signatures were the default behaviour, we would maybe have less spam? very few people have keys, Nicolas T. Courtois
email Encryption Email Storage Questions: should received and decrypted email be stored encrypted? why when sending a message we sometimes need to add ourselves to the recipient list? 56 Nicolas T. Courtois
email Encryption Happy with Secure Email? Problems kind of solved: confidentiality authenticity Unsolved problems: privacy of the recipient privacy of the sender hiding the existence of the message ( Steganography). 57 Nicolas T. Courtois