understanding email encryption nicolas t. courtois - university college london

understanding email encryption

Nicolas T. Courtois - University College London

email Encryption

Nicolas T. Courtois2

Conventional Encryption

email Encryption


Secret-Key Encryption

Alice

Bob

email Encryption


Example

Truecrypt hard drive encryption

Danger: shared key…

If only one computer is infected… all security gone forever (past, future, all

people)

email Encryption


Asymmetric Techniques

email Encryption


Vocabulary

Public-Key Cryptography == Asymmetric Cryptographythere is no secret in encryption,

there is one in decryption

• A Private Key =a.k.a.= Secret Key• A Public Key.

email Encryption


Public Key Cryptography

Public key: can be distributed to

many parties. Does not have to be public

email Encryption


Public Key Encryption - 3 Algorithms

encryption algorithm

m

pk

(public key)

decryption algorithm

sk

(private key)

c

m or invalid

Eve

key generation algorithm

c

past: setup phase

r

email Encryption


Setup / Establishing Trust(PKI=Public Key Infrastructure)

email Encryption


What’s Wrong Here?

Key management?

EPK(A)(m)A B

SKA PKA PKA

email Encryption


Even More Wrong

a dog?a dog?

EPK(A)(m)A B

SKA PKA PKCert

PKA

email Encryption


Right Solution with PKI

authentication of the key by the means of a Digital Signature

signatures suddenly needed ALSO FOR ENCRYPTION

PGP will ask us to sign keys… proof of trust

h(rB), B, EPK(A)(rB, B)A B

SKA PKA PKCert

certA

PKA

email Encryption


Digital Signatures

email Encryption


[Manual and Digital] Signatures

Two main functions:1. Identify the signer2. Approbation of the document.

email Encryption


Manual Digital SignaturesTwo main functions

1. Identify the signer2. Approbation

Consequence => A digital signature does depend on the document.

(need to protect document integrity, did not exist before !)

…in electronic word:1. Easy to copy !2. Easy to alter the

document !

email Encryption


Digital Signatures

signing algorithm

m

sk

(private key)

verification algorithm

pk

(public key)

(m,)

yes/no

forgery

email Encryption


Requirements so far:

Three main functions:1. Identify the signer2. Approbation3. Integrity of the message

email Encryption


Integrity: Hash-then-Sign

A hash function (or hash algorithm) is a reproducible method of turning data (usually a message or a file) into a number suitable to be handled by a computer. These functions provide a way of creating a small digital "fingerprint" from any kind of data. The function chops and mixes (i.e., substitutes or transposes) the data to create the fingerprint, often called a hash value. The hash value is commonly represented as a short string of random-looking letters and numbers (Binary data written in hexadecimal notation).

DigitalSignature e.g. RSA-

PSS

H

>=160 bits

0- bits

>=80 bits

098f6bcd4621d373cade4e832627b4

H(m)

m

email Encryption


Digital Signatures - Bonus

Another main function !1. Identify the signer (certify origin, Identify the signer (certify origin,

solved)solved)2. Approbation (Approbation (hard to get !)hard to get !)3. Integrity of the message (solved)Integrity of the message (solved)4. Automatic verification,

and another bonus: Public Verifiability

email Encryption


Vocabularyfrequently confused

Digital Signatures Advanced Electronic Signatures.

Electronic Signatures.

crypto only •crypto - a D.S.

•secure device

•qualified certif.

just some electronic tag/evidence…

email Encryption


Electronic and Advanced Signatures (in The European Directive)

1. Electronic Signature.Definition [EU]: data in electronic form which are attached to, or logically

associated with, other electronic data and which serve as a method of authentication.

2. Advanced Electronic Signature.

2x link.

An electronic signature that: • is uniquely linked to a signatory and capable of identifying the signatory, and

created by means the signatory can maintain under his sole control,• and linked to the data being signed such that any change of the data is

detectable.

email Encryption


Non Repudiation

1. Identify the signer

Non-repudiation (aka Imputability).The signer is the ONLY and UNIQUE

person which can create the (signed) document.

email Encryption


Protocols and Software Products:

Security of Email

email Encryption


SMTP Protocol

THE original email protocol.

Emails: no encryption (in cleartext) and no authentication.

In addition everybody can send email => epidemics of spam!!!!

email Encryption


Standards for Secure Email

Two main open standards:• PGP

– [Phil Zimmerman, US activist, 1991], – much later became open standard GnuPG [RFC2440]– some PGP products are certified by US gov NIST

• S/MIME [RSA Labs]– free implementation in Open SSL

same general method called hybrid encryption:

email Encryption


Hybrid Encryption

PK encryption algorithm +

“good” padding

mi

pk

(public key)

sk

(private key)

ci

mi

Eve

key generation algorithm

ci

past: setup phase

block cipher + mode

block cipher + mode

randomkey K

K

K

PK decryption algorithm +

verif. padding

encapsulated key

Key Encapsulation Module

K

K

IV

r

Data Encapsulation Module

email Encryption


Background

email Encryption


Why Encrypt Email?

Phil Zimmerman writes:

Why don't you always send your paper mail on postcards? […]

You must be a subversive or a drug dealer if you hide your mail inside envelopes. […]

Are you trying to hide something?

email Encryption


PGP Revolution

Zimmerman in 1991 wrote the first email encryption program which was adopted worldwide. He says:

:

Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers

[…]But ordinary people and grassroots political

organisations didn’t have…[…]Until now.

email Encryption


How to use PGP

email Encryption


Software 1+2

Frequently there are two separate programs:1. Key management and command line tool

– PGP=paid, – GnuPG = free

2. Encryption/Decryption/Signature/Verification programs or front-ends

email Encryption


Example

1. Install GnuPG from gnupg.org

2. Instal Enigmail -- for Mozilla Thunderbird

email Encryption


Software

1. Key management and command line: • Example: GnuPG from gnupg.orgGnuPG (free

GNU version of PGP = RFC4880)– Almost invisible tool, works in the background…– Download from gnupg.org

• Requires a compiler such as Visual Studio 8, use nmake or so..

• Version 1.4.9. Easy to install: http://www.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe

• Version 2.0. is provided by third party: • http://gpg4win.de/download.html

email Encryption


Example – 1.

After installation:

email Encryption


Software 2.

2. Encryption/Decryption/Signature/Verification

• Frontends: http://gnupg.org/related_software/frontends.en.html

• Enigmail -- for Mozilla Thunderbird• Enigform ---- Mozilla Firefox• EudoraGPG --- for Eudora• ez-pine-gpg ---- pine• GPGOE ---- plugin for Outlook Express• Mac GNU Privacy Guard , GPGMail etc.. ---- for Apple

email Encryption


3. Encrypt plain text?

Text<->text programs -- cut and paste (works with gmail and IM!)

GPG4Win – on Windows allows to encrypt files/email/text easily

Mc OS X:• GPGDropThing – • FireGPG which is a Firefox plugin. How to

use it?

email Encryption


PGP with Gmail and Mac 0S• Step 1. Right click, select FireGPG->EncryptThen and the end there is a COPY TO CLIPBOARD AND CLOSE option• then paste the encrypted message in Gmail.

creates also a button to encrypt attachments

email Encryption


Example - Enigmail

2. Instal Enigmail -- for Mozilla Thunderbird

From here:https://addons.mozilla.org/en-US/thunderbird/downloads/file/

92940/enigmail-1.1.2-tb-win.xpi

email Encryption


Enigmail -- for Mozilla Thunderbird

MUST BE ADDED MANUALLY HERE,

email Encryption



Add it manually! Start Thunderbird. In the menu bar of the main window you will see "Tools". Select this, and

then "Add-ons". This will bring up a new window listing all of your Thunderbird plug-ins. In the lower left-hand corner of this new window you'll see a button marked "Install". Click this button. Tell Thunderbird where you saved the Enigmail .XPI file.

email Encryption


Example


email Encryption


My Keys

…

…

email Encryption


Their Properties

email Encryption


Right Click on One Key

email Encryption


Key Properties

email Encryption


Steps1. Install GnuPG software 2. Generate a pair of keys.3. Choose a strong password for storage of…4. Sign your own and other people’s keys. Why?5. Make your key known (publish or distribute).

6. Install an encryption/decryption program or a plug-in for Eudora/Thunderbird/etc.

7. Now:– Everybody can write a PRIVATE encrypted message to

you, only you can..

– You can sign any message, everybody can check it comes from you, nobody can…

email Encryption


Key Management

Sign your own and other people’s keys. Why?

How?

email Encryption


Problems with PK crypto and email encryption

email Encryption


Revolutionary or Dangerous?

The US Customs started a criminal investigation of Zimmermann, for allegedly violating

the Arms Export Control Act…Dropped after 3 years of investigation

and a lot of public/press outrage…

Named one of the:• Top 10 Innovators in E-business (InfoWorld) • 50 most influential people on the Internet

(Newsweek)• Etc.

email Encryption


* Problems with the PKI Systems• Cf. Ellison and Schneier: “Ten Risks of PKI: What You're Not

Being Told About Public Key Infrastructure”http://www.schneier.com/paper-pki.pdf

• Ben Laurie: Seven and a Half Non-risks of PKI.

http://www.apache-ssl.org/7.5things.txt

email Encryption


Main Risks / Pitfalls1. Bugs? Backdoors? Source code? People/country

trusted?2. Is it really the key of Bob?

• Certificates: trusting third parties in foreign countries

3. Was his real key lost or stolen (e.g. virus)?• Revocation Lists: lists of blacklisted keys stored on an

Internet server

4. Was my key of good quality?• size (1024 bit: expired 2010)• strength (RSA-PSS 2048 bits)• randomness (mouse keyboard…)

5. Was the message changed at signing time? • Real-time substitution

6. Did parties perform all the checks?7. Shall I save the message?

email Encryption


PKI Comparison• PGP

– web of trust, totally decentralized system• users can chose how much they trust each key• is trust transitive? not really• in particular, can also implement normal hierarchical PKI.

• S/MIME [RSA Labs]– uses the same standard PKI as SSL: X.509 certificates.

In both cases organisations can implement their own closed PKI.

email Encryption


Happy with Secure Email?

Problems:

BUT:• almost never used,

– if signatures were the default behaviour, we would maybe have less spam?

• need to enrol in advance before email is sent…

– very few people have keys,

email Encryption


Email Storage

Questions: • should received and decrypted email be stored

encrypted? • why when sending a message we sometimes need

to add ourselves to the recipient list?

email Encryption


Happy with Secure Email?

Problems kind of solved:• confidentiality• authenticity

Unsolved problems: • privacy of the recipient• privacy of the sender• hiding the existence of the message (=>

Steganography).

understanding email encryption nicolas t. courtois - university college london

Documents