understanding email encryption nicolas t. courtois - university college london
TRANSCRIPT
understanding email encryption
Nicolas T. Courtois - University College London
email Encryption
Nicolas T. Courtois2
Conventional Encryption
email Encryption
Nicolas T. Courtois3
Secret-Key Encryption
Alice
Bob
email Encryption
Nicolas T. Courtois4
Secret-Key Encryption
Alice
Bob
email Encryption
Nicolas T. Courtois5
Example
Truecrypt hard drive encryption
Danger: shared key…
If only one computer is infected… all security gone forever (past, future, all
people)
email Encryption
Nicolas T. Courtois6
Asymmetric Techniques
email Encryption
Nicolas T. Courtois7
Vocabulary
Public-Key Cryptography == Asymmetric Cryptographythere is no secret in encryption,
there is one in decryption
• A Private Key =a.k.a.= Secret Key• A Public Key.
email Encryption
Nicolas T. Courtois8
Public Key Cryptography
Public key: can be distributed to
many parties. Does not have to be public
email Encryption
Nicolas T. Courtois9
Public Key Encryption - 3 Algorithms
encryption algorithm
m
pk
(public key)
decryption algorithm
sk
(private key)
c
m or invalid
Eve
key generation algorithm
c
past: setup phase
r
email Encryption
Nicolas T. Courtois10
Setup / Establishing Trust(PKI=Public Key Infrastructure)
email Encryption
Nicolas T. Courtois11
What’s Wrong Here?
Key management?
EPK(A)(m)A B
SKA PKA PKA
email Encryption
Nicolas T. Courtois12
Even More Wrong
a dog?a dog?
EPK(A)(m)A B
SKA PKA PKCert
PKA
email Encryption
Nicolas T. Courtois13
Right Solution with PKI
authentication of the key by the means of a Digital Signature
signatures suddenly needed ALSO FOR ENCRYPTION
PGP will ask us to sign keys… proof of trust
h(rB), B, EPK(A)(rB, B)A B
SKA PKA PKCert
certA
PKA
email Encryption
Nicolas T. Courtois14
Digital Signatures
email Encryption
Nicolas T. Courtois15
[Manual and Digital] Signatures
Two main functions:1. Identify the signer2. Approbation of the document.
email Encryption
Nicolas T. Courtois16
Manual Digital SignaturesTwo main functions
1. Identify the signer2. Approbation
Consequence => A digital signature does depend on the document.
(need to protect document integrity, did not exist before !)
…in electronic word:1. Easy to copy !2. Easy to alter the
document !
email Encryption
Nicolas T. Courtois17
Digital Signatures
signing algorithm
m
sk
(private key)
verification algorithm
pk
(public key)
(m,)
yes/no
forgery
email Encryption
Nicolas T. Courtois18
Requirements so far:
Three main functions:1. Identify the signer2. Approbation3. Integrity of the message
email Encryption
Nicolas T. Courtois19
Integrity: Hash-then-Sign
A hash function (or hash algorithm) is a reproducible method of turning data (usually a message or a file) into a number suitable to be handled by a computer. These functions provide a way of creating a small digital "fingerprint" from any kind of data. The function chops and mixes (i.e., substitutes or transposes) the data to create the fingerprint, often called a hash value. The hash value is commonly represented as a short string of random-looking letters and numbers (Binary data written in hexadecimal notation).
DigitalSignature e.g. RSA-
PSS
H
>=160 bits
0- bits
>=80 bits
098f6bcd4621d373cade4e832627b4
H(m)
m
email Encryption
Nicolas T. Courtois20
Digital Signatures - Bonus
Another main function !1. Identify the signer (certify origin, Identify the signer (certify origin,
solved)solved)2. Approbation (Approbation (hard to get !)hard to get !)3. Integrity of the message (solved)Integrity of the message (solved)4. Automatic verification,
and another bonus: Public Verifiability
email Encryption
Nicolas T. Courtois21
Vocabularyfrequently confused
Digital Signatures Advanced Electronic Signatures.
Electronic Signatures.
crypto only •crypto - a D.S.
•secure device
•qualified certif.
just some electronic tag/evidence…
email Encryption
Nicolas T. Courtois22
Electronic and Advanced Signatures (in The European Directive)
1. Electronic Signature.Definition [EU]: data in electronic form which are attached to, or logically
associated with, other electronic data and which serve as a method of authentication.
2. Advanced Electronic Signature.
2x link.
An electronic signature that: • is uniquely linked to a signatory and capable of identifying the signatory, and
created by means the signatory can maintain under his sole control,• and linked to the data being signed such that any change of the data is
detectable.
email Encryption
Nicolas T. Courtois23
Non Repudiation
1. Identify the signer
Non-repudiation (aka Imputability).The signer is the ONLY and UNIQUE
person which can create the (signed) document.
email Encryption
Nicolas T. Courtois24
Protocols and Software Products:
Security of Email
email Encryption
Nicolas T. Courtois25
SMTP Protocol
THE original email protocol.
Emails: no encryption (in cleartext) and no authentication.
In addition everybody can send email => epidemics of spam!!!!
email Encryption
Nicolas T. Courtois26
Standards for Secure Email
Two main open standards:• PGP
– [Phil Zimmerman, US activist, 1991], – much later became open standard GnuPG [RFC2440]– some PGP products are certified by US gov NIST
• S/MIME [RSA Labs]– free implementation in Open SSL
same general method called hybrid encryption:
email Encryption
Nicolas T. Courtois27
Hybrid Encryption
PK encryption algorithm +
“good” padding
mi
pk
(public key)
sk
(private key)
ci
mi
Eve
key generation algorithm
ci
past: setup phase
block cipher + mode
block cipher + mode
randomkey K
K
K
PK decryption algorithm +
verif. padding
encapsulated key
Key Encapsulation Module
K
K
IV
r
Data Encapsulation Module
email Encryption
Nicolas T. Courtois28
Background
email Encryption
Nicolas T. Courtois29
Why Encrypt Email?
Phil Zimmerman writes:
Why don't you always send your paper mail on postcards? […]
You must be a subversive or a drug dealer if you hide your mail inside envelopes. […]
Are you trying to hide something?
email Encryption
Nicolas T. Courtois30
PGP Revolution
Zimmerman in 1991 wrote the first email encryption program which was adopted worldwide. He says:
:
Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers
[…]But ordinary people and grassroots political
organisations didn’t have…[…]Until now.
email Encryption
Nicolas T. Courtois31
How to use PGP
email Encryption
Nicolas T. Courtois32
Software 1+2
Frequently there are two separate programs:1. Key management and command line tool
– PGP=paid, – GnuPG = free
2. Encryption/Decryption/Signature/Verification programs or front-ends
email Encryption
Nicolas T. Courtois33
Example
1. Install GnuPG from gnupg.org
2. Instal Enigmail -- for Mozilla Thunderbird
email Encryption
Nicolas T. Courtois34
Software
1. Key management and command line: • Example: GnuPG from gnupg.orgGnuPG (free
GNU version of PGP = RFC4880)– Almost invisible tool, works in the background…– Download from gnupg.org
• Requires a compiler such as Visual Studio 8, use nmake or so..
• Version 1.4.9. Easy to install: http://www.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe
• Version 2.0. is provided by third party: • http://gpg4win.de/download.html
email Encryption
Nicolas T. Courtois35
Example – 1.
After installation:
email Encryption
Nicolas T. Courtois36
Software 2.
2. Encryption/Decryption/Signature/Verification
• Frontends: http://gnupg.org/related_software/frontends.en.html
• Enigmail -- for Mozilla Thunderbird• Enigform ---- Mozilla Firefox• EudoraGPG --- for Eudora• ez-pine-gpg ---- pine• GPGOE ---- plugin for Outlook Express• Mac GNU Privacy Guard , GPGMail etc.. ---- for Apple
email Encryption
Nicolas T. Courtois37
3. Encrypt plain text?
Text<->text programs -- cut and paste (works with gmail and IM!)
GPG4Win – on Windows allows to encrypt files/email/text easily
Mc OS X:• GPGDropThing – • FireGPG which is a Firefox plugin. How to
use it?
email Encryption
Nicolas T. Courtois38
PGP with Gmail and Mac 0S• Step 1. Right click, select FireGPG->EncryptThen and the end there is a COPY TO CLIPBOARD AND CLOSE option• then paste the encrypted message in Gmail.
creates also a button to encrypt attachments
email Encryption
Nicolas T. Courtois39
Example - Enigmail
2. Instal Enigmail -- for Mozilla Thunderbird
From here:https://addons.mozilla.org/en-US/thunderbird/downloads/file/
92940/enigmail-1.1.2-tb-win.xpi
email Encryption
Nicolas T. Courtois40
Enigmail -- for Mozilla Thunderbird
MUST BE ADDED MANUALLY HERE,
email Encryption
Nicolas T. Courtois41
Enigmail -- for Mozilla Thunderbird
Add it manually! Start Thunderbird. In the menu bar of the main window you will see "Tools". Select this, and
then "Add-ons". This will bring up a new window listing all of your Thunderbird plug-ins. In the lower left-hand corner of this new window you'll see a button marked "Install". Click this button. Tell Thunderbird where you saved the Enigmail .XPI file.
email Encryption
Nicolas T. Courtois42
Example
Enigmail -- for Mozilla Thunderbird
email Encryption
Nicolas T. Courtois43
My Keys
…
…
email Encryption
Nicolas T. Courtois44
Their Properties
email Encryption
Nicolas T. Courtois45
Right Click on One Key
email Encryption
Nicolas T. Courtois46
Key Properties
email Encryption
Nicolas T. Courtois47
Steps1. Install GnuPG software 2. Generate a pair of keys.3. Choose a strong password for storage of…4. Sign your own and other people’s keys. Why?5. Make your key known (publish or distribute).
6. Install an encryption/decryption program or a plug-in for Eudora/Thunderbird/etc.
7. Now:– Everybody can write a PRIVATE encrypted message to
you, only you can..
– You can sign any message, everybody can check it comes from you, nobody can…
email Encryption
Nicolas T. Courtois48
Key Management
Sign your own and other people’s keys. Why?
How?
email Encryption
Nicolas T. Courtois49
Problems with PK crypto and email encryption
email Encryption
Nicolas T. Courtois50
Revolutionary or Dangerous?
The US Customs started a criminal investigation of Zimmermann, for allegedly violating
the Arms Export Control Act…Dropped after 3 years of investigation
and a lot of public/press outrage…
Named one of the:• Top 10 Innovators in E-business (InfoWorld) • 50 most influential people on the Internet
(Newsweek)• Etc.
email Encryption
Nicolas T. Courtois51
* Problems with the PKI Systems• Cf. Ellison and Schneier: “Ten Risks of PKI: What You're Not
Being Told About Public Key Infrastructure”http://www.schneier.com/paper-pki.pdf
• Ben Laurie: Seven and a Half Non-risks of PKI.
http://www.apache-ssl.org/7.5things.txt
email Encryption
Nicolas T. Courtois52
Main Risks / Pitfalls1. Bugs? Backdoors? Source code? People/country
trusted?2. Is it really the key of Bob?
• Certificates: trusting third parties in foreign countries
3. Was his real key lost or stolen (e.g. virus)?• Revocation Lists: lists of blacklisted keys stored on an
Internet server
4. Was my key of good quality?• size (1024 bit: expired 2010)• strength (RSA-PSS 2048 bits)• randomness (mouse keyboard…)
5. Was the message changed at signing time? • Real-time substitution
6. Did parties perform all the checks?7. Shall I save the message?
email Encryption
Nicolas T. Courtois53
**Attack Tree for PGP
© Bruce Schneier
email Encryption
Nicolas T. Courtois54
PKI Comparison• PGP
– web of trust, totally decentralized system• users can chose how much they trust each key• is trust transitive? not really• in particular, can also implement normal hierarchical PKI.
• S/MIME [RSA Labs]– uses the same standard PKI as SSL: X.509 certificates.
In both cases organisations can implement their own closed PKI.
email Encryption
Nicolas T. Courtois55
Happy with Secure Email?
Problems:
BUT:• almost never used,
– if signatures were the default behaviour, we would maybe have less spam?
• need to enrol in advance before email is sent…
– very few people have keys,
email Encryption
Nicolas T. Courtois56
Email Storage
Questions: • should received and decrypted email be stored
encrypted? • why when sending a message we sometimes need
to add ourselves to the recipient list?
email Encryption
Nicolas T. Courtois57
Happy with Secure Email?
Problems kind of solved:• confidentiality• authenticity
Unsolved problems: • privacy of the recipient• privacy of the sender• hiding the existence of the message (=>
Steganography).