A Public Key. - Nicolas T. Courtois
advertisement
understanding email encryption Nicolas T. Courtois - University College London email Encryption Conventional Encryption 2 Nicolas T. Courtois email Encryption Secret-Key Encryption Bob Alice 3 Nicolas T. Courtois email Encryption Secret-Key Encryption Bob Alice 4 Nicolas T. Courtois email Encryption Example Truecrypt hard drive encryption Danger: shared key… If only one computer is infected… all security gone forever (past, future, all people) 5 Nicolas T. Courtois email Encryption Asymmetric Techniques 6 Nicolas T. Courtois email Encryption Vocabulary Public-Key Cryptography == Asymmetric Cryptography there is no secret in encryption, there is one in decryption • • 7 A Private Key =a.k.a.= Secret Key A Public Key. Nicolas T. Courtois email Encryption Public Key Cryptography Public key: can be distributed to many parties. Does not have to be public 8 Nicolas T. Courtois email Encryption Public Key Encryption - 3 Algorithms r m m or invalid Eve encryption algorithm c c decryption algorithm past: setup phase pk (public key) 9 Nicolas T. Courtois key generation algorithm sk (private key) email Encryption Setup / Establishing Trust (PKI=Public Key Infrastructure) 10 Nicolas T. Courtois email Encryption SKA PKA What’s Wrong Here? PKA EPK(A)(m) B A Key management? 11 Nicolas T. Courtois email Encryption SKA PKA Even More Wrong PKCert PKA EPK(A)(m) B A a dog? 12 Nicolas T. Courtois email Encryption SKA PKA Right Solution with PKI PKA PKCert certA h(rB), B, EPK(A)(rB, B) B A authentication of the key by the means of a Digital Signature signatures suddenly needed ALSO FOR ENCRYPTION PGP will ask us to sign keys… proof of trust 13 Nicolas T. Courtois email Encryption Digital Signatures 14 Nicolas T. Courtois email Encryption [Manual and Digital] Signatures Two main functions: 1. Identify the signer 2. Approbation of the document. 15 Nicolas T. Courtois email Encryption Manual Digital Signatures Two main functions 1. Identify the signer 2. Approbation …in electronic word: 1. Easy to copy ! 2. Easy to alter the document ! Consequence => A digital signature does depend on the document. (need to protect document integrity, did not exist before !) 16 Nicolas T. Courtois email Encryption Digital Signatures m signing algorithm yes/no (m,) verification algorithm forgery 17 sk pk (private key) (public key) Nicolas T. Courtois email Encryption Requirements so far: Three main functions: 1. Identify the signer 2. Approbation 3. Integrity of the message 18 Nicolas T. Courtois email Encryption Integrity: Hash-then-Sign m A hash function (or hash algorithm) is a reproducible method of turning data (usually a message or a file) into a number suitable to be handled by a computer. These functions provide a way of creating a small digital "fingerprint" from any kind of data. The function chops and mixes (i.e., substitutes or transposes) the data to create the fingerprint, often called a hash value. The hash value is commonly represented as a short string of random-looking letters and numbers (Binary data written in hexadecimal notation). 0- bits 19 Nicolas T. Courtois H(m) H Digital Signature e.g. RSAPSS >=160 bits 098f6bcd46 21d373cade 4e832627b4 >=80 bits email Encryption Digital Signatures - Bonus Another main function ! 1. Identify the signer (certify origin, solved) 2. Approbation (hard to get !) 3. Integrity of the message (solved) 4. Automatic verification, and another bonus: Public Verifiability 20 Nicolas T. Courtois email Encryption Vocabulary frequently confused crypto only •crypto - a D.S. Digital Signatures •secure device •qualified certif. Advanced Electronic Signatures. Electronic Signatures. just some electronic tag/evidence… 21 Nicolas T. Courtois email Encryption Electronic and Advanced Signatures (in The European Directive) 1. Electronic Signature. Definition [EU]: data in electronic form which are attached to, or logically associated with, other electronic data and which serve as a method of authentication. 2. Advanced Electronic Signature. 2x link. An electronic signature that: • is uniquely linked to a signatory and capable of identifying the signatory, and created by means the signatory can maintain under his sole control, • and linked to the data being signed such that any change of the data is detectable. 22 Nicolas T. Courtois email Encryption Non Repudiation 1. Identify the signer Non-repudiation (aka Imputability). The signer is the ONLY and UNIQUE person which can create the (signed) document. 23 Nicolas T. Courtois email Encryption Protocols and Software Products: Security of Email 24 Nicolas T. Courtois email Encryption SMTP Protocol THE original email protocol. Emails: no encryption (in cleartext) and no authentication. In addition everybody can send email => epidemics of spam!!!! 25 Nicolas T. Courtois email Encryption Standards for Secure Email Two main open standards: • PGP – – – • [Phil Zimmerman, US activist, 1991], much later became open standard GnuPG [RFC2440] some PGP products are certified by US gov NIST S/MIME [RSA Labs] – free implementation in Open SSL same general method called hybrid encryption: 26 Nicolas T. Courtois email Encryption Hybrid Encryption random key K IV mi mi Data Encapsulation Module K block cipher + mode block cipher + mode Eve ci K ci Key Encapsulation Module r PK encryption algorithm + K “good” padding encapsulated key PK decryption algorithm + verif. padding past: setup phase pk (public key) 27 Nicolas T. Courtois key generation algorithm sk (private key) K email Encryption Background 28 Nicolas T. Courtois email Encryption Why Encrypt Email? Phil Zimmerman writes: Why don't you always send your paper mail on postcards? […] You must be a subversive or a drug dealer if you hide your mail inside envelopes. […] Are you trying to hide something? 29 Nicolas T. Courtois email Encryption PGP Revolution Zimmerman in 1991 wrote the first email encryption program which was adopted worldwide. He says: : Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers […] But ordinary people and grassroots political organisations didn’t have… […] Until now. 30 Nicolas T. Courtois email Encryption How to use PGP 31 Nicolas T. Courtois email Encryption Software 1+2 Frequently there are two separate programs: 1. Key management and command line tool – – PGP=paid, GnuPG = free 2. Encryption/Decryption/Signature/Verification programs or front-ends 32 Nicolas T. Courtois email Encryption Example 1. Install GnuPG from gnupg.org 2. Instal Enigmail -- for Mozilla Thunderbird 33 Nicolas T. Courtois email Encryption Software 1. Key management and command line: • – – 34 Example: GnuPG from gnupg.orgGnuPG (free GNU version of PGP = RFC4880) Almost invisible tool, works in the background… Download from gnupg.org • • Requires a compiler such as Visual Studio 8, use nmake or so.. Version 1.4.9. Easy to install: http://www.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/binary/g nupg-w32cli-1.4.9.exe • • Version 2.0. is provided by third party: http://gpg4win.de/download.html Nicolas T. Courtois email Encryption Example – 1. After installation: 35 Nicolas T. Courtois email Encryption Software 2. 2. Encryption/Decryption/Signature/Verification • Frontends: http://gnupg.org/related_software/frontends.en.html • • • • • • 36 Enigmail -- for Mozilla Thunderbird Enigform ---- Mozilla Firefox EudoraGPG --- for Eudora ez-pine-gpg ---- pine GPGOE ---- plugin for Outlook Express Mac GNU Privacy Guard , GPGMail etc.. ---- for Apple Nicolas T. Courtois email Encryption 3. Encrypt plain text? Text<->text programs -- cut and paste (works with gmail and IM!) GPG4Win – on Windows allows to encrypt files/email/text easily Mc OS X: • GPGDropThing – • FireGPG which is a Firefox plugin. How to use it? 37 Nicolas T. Courtois email Encryption PGP with Gmail and Mac 0S • Step 1. Right click, select FireGPG->Encrypt Then and the end there is a COPY TO CLIPBOARD AND CLOSE option • then paste the encrypted message in Gmail. creates also a button to encrypt attachments 38 Nicolas T. Courtois email Encryption Example - Enigmail 2. Instal Enigmail -- for Mozilla Thunderbird From here: https://addons.mozilla.org/enUS/thunderbird/downloads/file/92940/enigmail-1.1.2-tb-win.xpi 39 Nicolas T. Courtois email Encryption Enigmail -- for Mozilla Thunderbird MUST BE ADDED MANUALLY HERE, 40 Nicolas T. Courtois email Encryption Enigmail -- for Mozilla Thunderbird Add it manually! Start Thunderbird. In the menu bar of the main window you will see "Tools". Select this, and then "Add-ons". This will bring up a new window listing all of your Thunderbird plug-ins. In the lower left-hand corner of this new window you'll see a button marked "Install". Click this button. Tell Thunderbird where you saved the Enigmail .XPI file. 41 Nicolas T. Courtois email Encryption Example Enigmail -- for Mozilla Thunderbird 42 Nicolas T. Courtois email Encryption My Keys … … 43 Nicolas T. Courtois email Encryption Their Properties 44 Nicolas T. Courtois email Encryption Right Click on One Key 45 Nicolas T. Courtois email Encryption Key Properties 46 Nicolas T. Courtois email Encryption Steps 1. 2. 3. 4. 5. Install GnuPG software Generate a pair of keys. Choose a strong password for storage of… Sign your own and other people’s keys. Why? Make your key known (publish or distribute). 6. Install an encryption/decryption program or a plug-in for Eudora/Thunderbird/etc. Now: 7. – – 47 Everybody can write a PRIVATE encrypted message to you, only you can.. You can sign any message, everybody can check it comes from you, nobody can… Nicolas T. Courtois email Encryption Key Management Sign your own and other people’s keys. Why? How? 48 Nicolas T. Courtois email Encryption Problems with PK crypto and email encryption 49 Nicolas T. Courtois email Encryption Revolutionary or Dangerous? The US Customs started a criminal investigation of Zimmermann, for allegedly violating the Arms Export Control Act… Dropped after 3 years of investigation and a lot of public/press outrage… Named one of the: • Top 10 Innovators in E-business (InfoWorld) • 50 most influential people on the Internet (Newsweek) • Etc. 50 Nicolas T. Courtois email Encryption • • * Problems with the PKI Systems Cf. Ellison and Schneier: “Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure” http://www.schneier.com/paper-pki.pdf Ben Laurie: Seven and a Half Non-risks of PKI. http://www.apache-ssl.org/7.5things.txt 51 Nicolas T. Courtois email Encryption Main Risks / Pitfalls 1. 2. Bugs? Backdoors? Source code? People/country trusted? Is it really the key of Bob? • 3. Was his real key lost or stolen (e.g. virus)? • 4. 5. size (1024 bit: expired 2010) strength (RSA-PSS 2048 bits) randomness (mouse keyboard…) Was the message changed at signing time? • 52 Revocation Lists: lists of blacklisted keys stored on an Internet server Was my key of good quality? • • • 6. 7. Certificates: trusting third parties in foreign countries Real-time substitution Did parties perform all the checks? Shall I save the message? Nicolas T. Courtois email Encryption 53 Nicolas T. Courtois **Attack Tree for PGP © Bruce Schneier email Encryption PKI Comparison • PGP – web of trust, totally decentralized system • • • • users can chose how much they trust each key is trust transitive? not really in particular, can also implement normal hierarchical PKI. S/MIME [RSA Labs] – uses the same standard PKI as SSL: X.509 certificates. In both cases organisations can implement their own closed PKI. 54 Nicolas T. Courtois email Encryption Happy with Secure Email? Problems: BUT: • almost never used, – • if signatures were the default behaviour, we would maybe have less spam? need to enrol in advance before email is sent… – 55 very few people have keys, Nicolas T. Courtois email Encryption Email Storage Questions: • should received and decrypted email be stored encrypted? • why when sending a message we sometimes need to add ourselves to the recipient list? 56 Nicolas T. Courtois email Encryption Happy with Secure Email? Problems kind of solved: • confidentiality • authenticity Unsolved problems: • privacy of the recipient • privacy of the sender • hiding the existence of the message (=> Steganography). 57 Nicolas T. Courtois
