understanding email encryption nicolas t. courtois - university college london
TRANSCRIPT
![Page 1: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/1.jpg)
understanding email encryption
Nicolas T. Courtois - University College London
![Page 2: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/2.jpg)
email Encryption
Nicolas T. Courtois2
Conventional Encryption
![Page 3: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/3.jpg)
email Encryption
Nicolas T. Courtois3
Secret-Key Encryption
Alice
Bob
![Page 4: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/4.jpg)
email Encryption
Nicolas T. Courtois4
Secret-Key Encryption
Alice
Bob
![Page 5: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/5.jpg)
email Encryption
Nicolas T. Courtois5
Example
Truecrypt hard drive encryption
Danger: shared key…
If only one computer is infected… all security gone forever (past, future, all
people)
![Page 6: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/6.jpg)
email Encryption
Nicolas T. Courtois6
Asymmetric Techniques
![Page 7: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/7.jpg)
email Encryption
Nicolas T. Courtois7
Vocabulary
Public-Key Cryptography == Asymmetric Cryptographythere is no secret in encryption,
there is one in decryption
• A Private Key =a.k.a.= Secret Key• A Public Key.
![Page 8: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/8.jpg)
email Encryption
Nicolas T. Courtois8
Public Key Cryptography
Public key: can be distributed to
many parties. Does not have to be public
![Page 9: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/9.jpg)
email Encryption
Nicolas T. Courtois9
Public Key Encryption - 3 Algorithms
encryption algorithm
m
pk
(public key)
decryption algorithm
sk
(private key)
c
m or invalid
Eve
key generation algorithm
c
past: setup phase
r
![Page 10: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/10.jpg)
email Encryption
Nicolas T. Courtois10
Setup / Establishing Trust(PKI=Public Key Infrastructure)
![Page 11: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/11.jpg)
email Encryption
Nicolas T. Courtois11
What’s Wrong Here?
Key management?
EPK(A)(m)A B
SKA PKA PKA
![Page 12: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/12.jpg)
email Encryption
Nicolas T. Courtois12
Even More Wrong
a dog?a dog?
EPK(A)(m)A B
SKA PKA PKCert
PKA
![Page 13: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/13.jpg)
email Encryption
Nicolas T. Courtois13
Right Solution with PKI
authentication of the key by the means of a Digital Signature
signatures suddenly needed ALSO FOR ENCRYPTION
PGP will ask us to sign keys… proof of trust
h(rB), B, EPK(A)(rB, B)A B
SKA PKA PKCert
certA
PKA
![Page 14: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/14.jpg)
email Encryption
Nicolas T. Courtois14
Digital Signatures
![Page 15: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/15.jpg)
email Encryption
Nicolas T. Courtois15
[Manual and Digital] Signatures
Two main functions:1. Identify the signer2. Approbation of the document.
![Page 16: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/16.jpg)
email Encryption
Nicolas T. Courtois16
Manual Digital SignaturesTwo main functions
1. Identify the signer2. Approbation
Consequence => A digital signature does depend on the document.
(need to protect document integrity, did not exist before !)
…in electronic word:1. Easy to copy !2. Easy to alter the
document !
![Page 17: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/17.jpg)
email Encryption
Nicolas T. Courtois17
Digital Signatures
signing algorithm
m
sk
(private key)
verification algorithm
pk
(public key)
(m,)
yes/no
forgery
![Page 18: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/18.jpg)
email Encryption
Nicolas T. Courtois18
Requirements so far:
Three main functions:1. Identify the signer2. Approbation3. Integrity of the message
![Page 19: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/19.jpg)
email Encryption
Nicolas T. Courtois19
Integrity: Hash-then-Sign
A hash function (or hash algorithm) is a reproducible method of turning data (usually a message or a file) into a number suitable to be handled by a computer. These functions provide a way of creating a small digital "fingerprint" from any kind of data. The function chops and mixes (i.e., substitutes or transposes) the data to create the fingerprint, often called a hash value. The hash value is commonly represented as a short string of random-looking letters and numbers (Binary data written in hexadecimal notation).
DigitalSignature e.g. RSA-
PSS
H
>=160 bits
0- bits
>=80 bits
098f6bcd4621d373cade4e832627b4
H(m)
m
![Page 20: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/20.jpg)
email Encryption
Nicolas T. Courtois20
Digital Signatures - Bonus
Another main function !1. Identify the signer (certify origin, Identify the signer (certify origin,
solved)solved)2. Approbation (Approbation (hard to get !)hard to get !)3. Integrity of the message (solved)Integrity of the message (solved)4. Automatic verification,
and another bonus: Public Verifiability
![Page 21: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/21.jpg)
email Encryption
Nicolas T. Courtois21
Vocabularyfrequently confused
Digital Signatures Advanced Electronic Signatures.
Electronic Signatures.
crypto only •crypto - a D.S.
•secure device
•qualified certif.
just some electronic tag/evidence…
![Page 22: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/22.jpg)
email Encryption
Nicolas T. Courtois22
Electronic and Advanced Signatures (in The European Directive)
1. Electronic Signature.Definition [EU]: data in electronic form which are attached to, or logically
associated with, other electronic data and which serve as a method of authentication.
2. Advanced Electronic Signature.
2x link.
An electronic signature that: • is uniquely linked to a signatory and capable of identifying the signatory, and
created by means the signatory can maintain under his sole control,• and linked to the data being signed such that any change of the data is
detectable.
![Page 23: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/23.jpg)
email Encryption
Nicolas T. Courtois23
Non Repudiation
1. Identify the signer
Non-repudiation (aka Imputability).The signer is the ONLY and UNIQUE
person which can create the (signed) document.
![Page 24: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/24.jpg)
email Encryption
Nicolas T. Courtois24
Protocols and Software Products:
Security of Email
![Page 25: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/25.jpg)
email Encryption
Nicolas T. Courtois25
SMTP Protocol
THE original email protocol.
Emails: no encryption (in cleartext) and no authentication.
In addition everybody can send email => epidemics of spam!!!!
![Page 26: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/26.jpg)
email Encryption
Nicolas T. Courtois26
Standards for Secure Email
Two main open standards:• PGP
– [Phil Zimmerman, US activist, 1991], – much later became open standard GnuPG [RFC2440]– some PGP products are certified by US gov NIST
• S/MIME [RSA Labs]– free implementation in Open SSL
same general method called hybrid encryption:
![Page 27: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/27.jpg)
email Encryption
Nicolas T. Courtois27
Hybrid Encryption
PK encryption algorithm +
“good” padding
mi
pk
(public key)
sk
(private key)
ci
mi
Eve
key generation algorithm
ci
past: setup phase
block cipher + mode
block cipher + mode
randomkey K
K
K
PK decryption algorithm +
verif. padding
encapsulated key
Key Encapsulation Module
K
K
IV
r
Data Encapsulation Module
![Page 28: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/28.jpg)
email Encryption
Nicolas T. Courtois28
Background
![Page 29: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/29.jpg)
email Encryption
Nicolas T. Courtois29
Why Encrypt Email?
Phil Zimmerman writes:
Why don't you always send your paper mail on postcards? […]
You must be a subversive or a drug dealer if you hide your mail inside envelopes. […]
Are you trying to hide something?
![Page 30: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/30.jpg)
email Encryption
Nicolas T. Courtois30
PGP Revolution
Zimmerman in 1991 wrote the first email encryption program which was adopted worldwide. He says:
:
Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers
[…]But ordinary people and grassroots political
organisations didn’t have…[…]Until now.
![Page 31: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/31.jpg)
email Encryption
Nicolas T. Courtois31
How to use PGP
![Page 32: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/32.jpg)
email Encryption
Nicolas T. Courtois32
Software 1+2
Frequently there are two separate programs:1. Key management and command line tool
– PGP=paid, – GnuPG = free
2. Encryption/Decryption/Signature/Verification programs or front-ends
![Page 33: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/33.jpg)
email Encryption
Nicolas T. Courtois33
Example
1. Install GnuPG from gnupg.org
2. Instal Enigmail -- for Mozilla Thunderbird
![Page 34: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/34.jpg)
email Encryption
Nicolas T. Courtois34
Software
1. Key management and command line: • Example: GnuPG from gnupg.orgGnuPG (free
GNU version of PGP = RFC4880)– Almost invisible tool, works in the background…– Download from gnupg.org
• Requires a compiler such as Visual Studio 8, use nmake or so..
• Version 1.4.9. Easy to install: http://www.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.9.exe
• Version 2.0. is provided by third party: • http://gpg4win.de/download.html
![Page 35: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/35.jpg)
email Encryption
Nicolas T. Courtois35
Example – 1.
After installation:
![Page 36: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/36.jpg)
email Encryption
Nicolas T. Courtois36
Software 2.
2. Encryption/Decryption/Signature/Verification
• Frontends: http://gnupg.org/related_software/frontends.en.html
• Enigmail -- for Mozilla Thunderbird• Enigform ---- Mozilla Firefox• EudoraGPG --- for Eudora• ez-pine-gpg ---- pine• GPGOE ---- plugin for Outlook Express• Mac GNU Privacy Guard , GPGMail etc.. ---- for Apple
![Page 37: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/37.jpg)
email Encryption
Nicolas T. Courtois37
3. Encrypt plain text?
Text<->text programs -- cut and paste (works with gmail and IM!)
GPG4Win – on Windows allows to encrypt files/email/text easily
Mc OS X:• GPGDropThing – • FireGPG which is a Firefox plugin. How to
use it?
![Page 38: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/38.jpg)
email Encryption
Nicolas T. Courtois38
PGP with Gmail and Mac 0S• Step 1. Right click, select FireGPG->EncryptThen and the end there is a COPY TO CLIPBOARD AND CLOSE option• then paste the encrypted message in Gmail.
creates also a button to encrypt attachments
![Page 39: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/39.jpg)
email Encryption
Nicolas T. Courtois39
Example - Enigmail
2. Instal Enigmail -- for Mozilla Thunderbird
From here:https://addons.mozilla.org/en-US/thunderbird/downloads/file/
92940/enigmail-1.1.2-tb-win.xpi
![Page 40: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/40.jpg)
email Encryption
Nicolas T. Courtois40
Enigmail -- for Mozilla Thunderbird
MUST BE ADDED MANUALLY HERE,
![Page 41: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/41.jpg)
email Encryption
Nicolas T. Courtois41
Enigmail -- for Mozilla Thunderbird
Add it manually! Start Thunderbird. In the menu bar of the main window you will see "Tools". Select this, and
then "Add-ons". This will bring up a new window listing all of your Thunderbird plug-ins. In the lower left-hand corner of this new window you'll see a button marked "Install". Click this button. Tell Thunderbird where you saved the Enigmail .XPI file.
![Page 42: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/42.jpg)
email Encryption
Nicolas T. Courtois42
Example
Enigmail -- for Mozilla Thunderbird
![Page 43: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/43.jpg)
email Encryption
Nicolas T. Courtois43
My Keys
…
…
![Page 44: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/44.jpg)
email Encryption
Nicolas T. Courtois44
Their Properties
![Page 45: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/45.jpg)
email Encryption
Nicolas T. Courtois45
Right Click on One Key
![Page 46: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/46.jpg)
email Encryption
Nicolas T. Courtois46
Key Properties
![Page 47: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/47.jpg)
email Encryption
Nicolas T. Courtois47
Steps1. Install GnuPG software 2. Generate a pair of keys.3. Choose a strong password for storage of…4. Sign your own and other people’s keys. Why?5. Make your key known (publish or distribute).
6. Install an encryption/decryption program or a plug-in for Eudora/Thunderbird/etc.
7. Now:– Everybody can write a PRIVATE encrypted message to
you, only you can..
– You can sign any message, everybody can check it comes from you, nobody can…
![Page 48: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/48.jpg)
email Encryption
Nicolas T. Courtois48
Key Management
Sign your own and other people’s keys. Why?
How?
![Page 49: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/49.jpg)
email Encryption
Nicolas T. Courtois49
Problems with PK crypto and email encryption
![Page 50: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/50.jpg)
email Encryption
Nicolas T. Courtois50
Revolutionary or Dangerous?
The US Customs started a criminal investigation of Zimmermann, for allegedly violating
the Arms Export Control Act…Dropped after 3 years of investigation
and a lot of public/press outrage…
Named one of the:• Top 10 Innovators in E-business (InfoWorld) • 50 most influential people on the Internet
(Newsweek)• Etc.
![Page 51: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/51.jpg)
email Encryption
Nicolas T. Courtois51
* Problems with the PKI Systems• Cf. Ellison and Schneier: “Ten Risks of PKI: What You're Not
Being Told About Public Key Infrastructure”http://www.schneier.com/paper-pki.pdf
• Ben Laurie: Seven and a Half Non-risks of PKI.
http://www.apache-ssl.org/7.5things.txt
![Page 52: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/52.jpg)
email Encryption
Nicolas T. Courtois52
Main Risks / Pitfalls1. Bugs? Backdoors? Source code? People/country
trusted?2. Is it really the key of Bob?
• Certificates: trusting third parties in foreign countries
3. Was his real key lost or stolen (e.g. virus)?• Revocation Lists: lists of blacklisted keys stored on an
Internet server
4. Was my key of good quality?• size (1024 bit: expired 2010)• strength (RSA-PSS 2048 bits)• randomness (mouse keyboard…)
5. Was the message changed at signing time? • Real-time substitution
6. Did parties perform all the checks?7. Shall I save the message?
![Page 53: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/53.jpg)
email Encryption
Nicolas T. Courtois53
**Attack Tree for PGP
© Bruce Schneier
![Page 54: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/54.jpg)
email Encryption
Nicolas T. Courtois54
PKI Comparison• PGP
– web of trust, totally decentralized system• users can chose how much they trust each key• is trust transitive? not really• in particular, can also implement normal hierarchical PKI.
• S/MIME [RSA Labs]– uses the same standard PKI as SSL: X.509 certificates.
In both cases organisations can implement their own closed PKI.
![Page 55: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/55.jpg)
email Encryption
Nicolas T. Courtois55
Happy with Secure Email?
Problems:
BUT:• almost never used,
– if signatures were the default behaviour, we would maybe have less spam?
• need to enrol in advance before email is sent…
– very few people have keys,
![Page 56: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/56.jpg)
email Encryption
Nicolas T. Courtois56
Email Storage
Questions: • should received and decrypted email be stored
encrypted? • why when sending a message we sometimes need
to add ourselves to the recipient list?
![Page 57: Understanding email encryption Nicolas T. Courtois - University College London](https://reader036.vdocuments.site/reader036/viewer/2022062421/56649d345503460f94a0a301/html5/thumbnails/57.jpg)
email Encryption
Nicolas T. Courtois57
Happy with Secure Email?
Problems kind of solved:• confidentiality• authenticity
Unsolved problems: • privacy of the recipient• privacy of the sender• hiding the existence of the message (=>
Steganography).