alice & bob public key cryptography 101 - uncon dpc
TRANSCRIPT
Alice & Bob
DPC Uncon - May 2011Amsterdam - Netherlands
Public key cryptography 101
‣ http://joind.in/3466
Friday, May 20, 2011
Who am I?
Joshua Thijssen (32)Senior Software Engineer @ Enrise
Development in PHP, Python, Perl, C, Java....
Blogs: http://www.adayinthelifeof.nlhttp://www.enrise.com/blog
Email: [email protected]
Twitter: @jaytaph
Friday, May 20, 2011
What are we discussing?
‣ An introduction into public key encryption
‣ But first of all...
‣ Who are Alice and Bob???
Friday, May 20, 2011
Terminology (1)
Friday, May 20, 2011
Terminology (1)
Meet Alice,
and Bob.
Friday, May 20, 2011
Terminology (2)
Fictional characters who are representing either side of the (communication) line.
Person A(lice) is sending a message to person B(ob).
Friday, May 20, 2011
Terminology (3)
http://labs.google.com/sets?hl=en&q1=plaintext&q2=ciphertext&q3=cipher&q4=deterministic&q5=rsa&btn=Large+Set
http://www.wordle.net/create
Friday, May 20, 2011
Encryption history
Before we look at good encryptions,let’s take a look at some bad ones...
http://www.flickr.com/photos/wwworks/4612188594/sizes/m/in/photostream/
Friday, May 20, 2011
Encryption history (1)
“algorithm”:A = 1, B = 2, C = 3, ...., Z = 26
‣ SUBSTITUTION SCHEME
Friday, May 20, 2011
Encryption history (1)
Encrypted message: 12,1,13,5
“algorithm”:A = 1, B = 2, C = 3, ...., Z = 26
‣ SUBSTITUTION SCHEME
Friday, May 20, 2011
Encryption history (1)
Encrypted message: 12,1,13,5
“algorithm”:A = 1, B = 2, C = 3, ...., Z = 26
=L,A,M,E
‣ SUBSTITUTION SCHEME
Friday, May 20, 2011
“algorithm”:A = (A + key) mod 26, B = (B + key) mod 26
.... Z = (Z + key) mod 26
or:m = m + k mod 26
‣ CAESAREAN CIPHER
Encryption history (2)
Friday, May 20, 2011
“algorithm”:A = (A + key) mod 26, B = (B + key) mod 26
.... Z = (Z + key) mod 26
or:m = m + k mod 26
Message: L A M E
‣ CAESAREAN CIPHER
Encryption history (2)
Friday, May 20, 2011
“algorithm”:A = (A + key) mod 26, B = (B + key) mod 26
.... Z = (Z + key) mod 26
or:m = m + k mod 26
Message: L A M ECiphertext (key=1): M B N F
‣ CAESAREAN CIPHER
Encryption history (2)
Friday, May 20, 2011
“algorithm”:A = (A + key) mod 26, B = (B + key) mod 26
.... Z = (Z + key) mod 26
or:m = m + k mod 26
Message: L A M ECiphertext (key=1): M B N FCiphertext (key=-1): K Z L D
‣ CAESAREAN CIPHER
Encryption history (2)
Friday, May 20, 2011
“algorithm”:A = (A + key) mod 26, B = (B + key) mod 26
.... Z = (Z + key) mod 26
or:m = m + k mod 26
Message: L A M ECiphertext (key=1): M B N FCiphertext (key=-1): K Z L DCiphertext (key=26): L A M E
‣ CAESAREAN CIPHER
Encryption history (2)
Friday, May 20, 2011
“algorithm”:A = (A + key) mod 26, B = (B + key) mod 26
.... Z = (Z + key) mod 26
or:m = m + k mod 26
Message: L A M ECiphertext (key=1): M B N FCiphertext (key=-1): K Z L DCiphertext (key=26): L A M ECiphertext (key=0): L A M E
‣ CAESAREAN CIPHER
Encryption history (2)
Friday, May 20, 2011
“algorithm”:A = (A + key) mod 26, B = (B + key) mod 26
.... Z = (Z + key) mod 26
or:m = m + k mod 26
Message: L A M ECiphertext (key=1): M B N FCiphertext (key=-1): K Z L DCiphertext (key=26): L A M ECiphertext (key=0): L A M ECiphertext (key=13): Y N Z R (ROT13)
‣ CAESAREAN CIPHER
Encryption history (2)
Friday, May 20, 2011
Encryption history (3)
‣ FLAWS IN THESE CIPHERS
Friday, May 20, 2011
Encryption history (3)
‣ Key is too easy to guess.
‣ FLAWS IN THESE CIPHERS
Friday, May 20, 2011
Encryption history (3)
‣ Key is too easy to guess.
‣ Key has to be send to Bob.
‣ FLAWS IN THESE CIPHERS
Friday, May 20, 2011
Encryption history (3)
‣ Key is too easy to guess.
‣ Key has to be send to Bob.
‣ Deterministic.
‣ FLAWS IN THESE CIPHERS
Friday, May 20, 2011
Encryption history (3)
‣ Key is too easy to guess.
‣ Key has to be send to Bob.
‣ Deterministic.
‣ Prone to frequency analysis.
‣ FLAWS IN THESE CIPHERS
Friday, May 20, 2011
Frequency Analysis (1)
Friday, May 20, 2011
Frequency Analysis (1)
‣ The usage of every letter in the English (or any other language) can be represented by a percentage.
Friday, May 20, 2011
Frequency Analysis (1)
‣ The usage of every letter in the English (or any other language) can be represented by a percentage.
‣ ‘E’ is used 12.7% of the times in english texts, the ‘Z’ only 0.074%.
Friday, May 20, 2011
Frequency Analysis (2)
http://www.gutenberg.org/cache/epub/14082/pg14082.txt
Once upon a midnight dreary, while I pondered, weak and weary,Over many a quaint and curious volume of forgotten lore—While I nodded, nearly napping, suddenly there came a tapping,As of some one gently rapping—rapping at my chamber door."'Tis some visitor," I muttered, "tapping at my chamber door— Only this and nothing more."
Ah, distinctly I remember, it was in the bleak December,And each separate dying ember wrought its ghost upon the floor.Eagerly I wished the morrow;—vainly I had sought to borrowFrom my books surcease of sorrow—sorrow for the lost Lenore—For the rare and radiant maiden whom the angels name Lenore— Nameless here for evermore.
And the silken sad uncertain rustling of each purple curtainThrilled me—filled me with fantastic terrors never felt before;So that now, to still the beating of my heart, I stood repeating"'Tis some visitor entreating entrance at my chamber door—Some late visitor entreating entrance at my chamber door;— This it is and nothing more."
‣ EDGAR ALLAN POE: THE RAVEN
Friday, May 20, 2011
Frequency Analysis (3)
A small bit of text can result in differences, but still there are some letters we can deduce..
‣ “THE RAVEN”, FIRST PARAGRAPH
Friday, May 20, 2011
Frequency Analysis (3)
A small bit of text can result in differences, but still there are some letters we can deduce..
‣ “THE RAVEN”, FIRST PARAGRAPH
Friday, May 20, 2011
Frequency Analysis (4)
We can deduce almost all letters just without even CARING about the crypto algorithm used.
‣ “THE RAVEN”, ALL PARAGRAPHS
Friday, May 20, 2011
Encryption algorithms (1)
‣ SYMMETRICAL ALGORITHMS
Friday, May 20, 2011
Encryption algorithms (1)
‣ Previous examples were symmetrical encryptions.
‣ SYMMETRICAL ALGORITHMS
Friday, May 20, 2011
Encryption algorithms (1)
‣ Previous examples were symmetrical encryptions.
‣ Same key is used for both encryption and decryption.
‣ SYMMETRICAL ALGORITHMS
Friday, May 20, 2011
Encryption algorithms (1)
‣ Previous examples were symmetrical encryptions.
‣ Same key is used for both encryption and decryption.
‣ Good symmetrical encryptions: AES, Blowfish, (3)DES
‣ SYMMETRICAL ALGORITHMS
Friday, May 20, 2011
Encryption algorithms (2)
‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS
Friday, May 20, 2011
Encryption algorithms (2)
‣ How do we send over the key securely?
‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS
Friday, May 20, 2011
Encryption algorithms (2)
‣ How do we send over the key securely?
‣ O hai egg, meet chicken.
‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS
Friday, May 20, 2011
Public key encryption
Another encryption method:
asymmetrical encryption or public key encryption.
‣ FINALLY, WE HAVE ARRIVED...
Friday, May 20, 2011
Public key encryption (1)
Two keys instead of one:
public key - available for everybody. Can be published on your blog.
private key - For your eyes only!
Friday, May 20, 2011
Public key encryption (2)
http://upload.wikimedia.org/wikipedia/commons/f/f9/Public_key_encryption.svg
‣ USES 2 KEYS INSTEAD OF ONE: A KEYPAIR
Friday, May 20, 2011
Public key encryption (3)
It is NOT possible to decrypt the message with same key that is used to encrypt.
We can encrypt with either key.
but
Friday, May 20, 2011
Public key encryption (4)
‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTION
Friday, May 20, 2011
Public key encryption (4)
‣ Can be used for encrypting data.
‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTION
Friday, May 20, 2011
Public key encryption (4)
‣ Can be used for encrypting data.
‣ Can be used for data validation and authentication (signing).
‣ MULTIPLE APPLICATIONS FOR PUBLIC KEY ENCRYPTION
Friday, May 20, 2011
Symmetrical vs Asymmetrical (1)
Symmetrical
✓ quick.
✓ not resource intensive.
✓ useful for small and large messages.
✗ need to send over the key to the other side.
Asymmetrical
✓ no need to send over the (whole) key.
✓ can be used for encryption and validation (signing).
✗ very resource intensive.
✗ only useful for small messages.
Friday, May 20, 2011
Symmetrical vs Asymmetrical (2)
Use symmetrical encryption for the (large) message and encrypt the key used with an asymmetrical
encryption method.
Friday, May 20, 2011
Symmetrical vs Asymmetrical (3)
Hybrid
✓ quick
✓ not resource intensive
✓ useful for small and large messages
✓ safely exchange key data
Friday, May 20, 2011
Symmetrical vs Asymmetrical (3)
+
Hybrid
✓ quick
✓ not resource intensive
✓ useful for small and large messages
✓ safely exchange key data
Friday, May 20, 2011
Symmetrical vs Asymmetrical (3)
+ =
http://www.zastavki.com/pictures/1152x864/2008/Animals_Cats_Small_cat_005241_.jpg
Hybrid
✓ quick
✓ not resource intensive
✓ useful for small and large messages
✓ safely exchange key data
Friday, May 20, 2011
How does it work?
We will focus on the popular RSA, but there are other algorithms as well:
DH, DSS(DSA) etc...
Friday, May 20, 2011
How does it work? (1)
Public key encryption works on the premise that it is practically impossible to refactor a large number back into 2
separate prime numbers.
Friday, May 20, 2011
How does it work? (1)
Public key encryption works on the premise that it is practically impossible to refactor a large number back into 2
separate prime numbers.
Prime number is only divisible by 1 and itself: 2, 3, 5, 7, 11, 13, 17, 19 etc...
Friday, May 20, 2011
How does it work? (2)
Friday, May 20, 2011
How does it work? (2)
‣ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible)
Friday, May 20, 2011
How does it work? (2)
‣ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible)
‣ Brute-force decrypting is always lurking around (quicker machines, better algorithms).
Friday, May 20, 2011
How does it work? (2)
‣ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible)
‣ Brute-force decrypting is always lurking around (quicker machines, better algorithms).
‣ Good enough today != good enough tomorrow.
Friday, May 20, 2011
How does it work? (3)
(it’s 13 and 17 btw)
Friday, May 20, 2011
How does it work? (3)
“large” number: 221
(it’s 13 and 17 btw)
Friday, May 20, 2011
How does it work? (3)
“large” number: 221
but we cannot calculate its prime factors without brute force.There is no “formula” (like e=mc2)
(it’s 13 and 17 btw)
Friday, May 20, 2011
Math example
‣ LET’S DO SOME MATH
Friday, May 20, 2011
Math example
This is mathness!
Friday, May 20, 2011
Math example
No, this is RSAAAAAAAA
Friday, May 20, 2011
Math example
Friday, May 20, 2011
Math example
‣ p = (large) prime number‣ q = (large) prime number (but not too close to p)
‣ n = p . q (= bit length of the rsa-key)
‣ φ = (p-1) . (q-1) (the φ thingie is called phi)
‣ e = gcd(e, φ) = 1‣ d = e^-1 mod φ‣ public key = tuple (n, e) ‣ private key = tuple (n, d)
Friday, May 20, 2011
Math example
Friday, May 20, 2011
Math example
Step 1: select primes P and Q
‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?
Friday, May 20, 2011
Math example
Step 1: select primes P and Q
‣ P = 11
‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?
Friday, May 20, 2011
Math example
Step 1: select primes P and Q
‣ P = 11
‣ Q = 3
‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ?
Friday, May 20, 2011
Math example
Step 2: calculate N and Phi
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ?
Friday, May 20, 2011
Math example
‣ N = P . Q = 11 . 3 = 33
Step 2: calculate N and Phi
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ?
Friday, May 20, 2011
Math example
‣ N = P . Q = 11 . 3 = 33
‣ Phi = (11-1) . (3-1) = 10 . 2 = 20
Step 2: calculate N and Phi
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ?
Friday, May 20, 2011
Math example
Step 3: find e
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?
Friday, May 20, 2011
Math example
Step 3: find e
‣ e = 3 (Fermat prime: 3, 17, 65537)
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?
Friday, May 20, 2011
Math example
Step 3: find e
‣ e = 3 (Fermat prime: 3, 17, 65537)
‣ gcd(e, phi) = 1 ==> gcd(3, 20) = 1
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ?
Friday, May 20, 2011
Math example
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
Step 4: find d
Friday, May 20, 2011
Math example
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
Step 4: find d
‣ Extended Euclidean Algorithm gives 7
Friday, May 20, 2011
Math example
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
Step 4: find d
‣ Extended Euclidean Algorithm gives 7
‣ brute force: (e.d mod n = 1)
Friday, May 20, 2011
Math example
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
Step 4: find d
‣ Extended Euclidean Algorithm gives 7
‣ brute force: (e.d mod n = 1)
3 . 1 = 3 mod 20 = 33 . 2 = 6 mod 20 = 63 . 3 = 9 mod 20 = 93 . 4 = 12 mod 20 = 123 . 5 = 15 mod 20 = 15
3 . 6 = 18 mod 20 = 183 . 7 = 21 mod 20 = 1 3 . 8 = 24 mod 20 = 43 . 9 = 27 mod 20 = 7
Friday, May 20, 2011
Math example
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7
Friday, May 20, 2011
Math example
That’s it:
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7
Friday, May 20, 2011
Math example
That’s it:
‣ public key = (n, e) = (33, 3)
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7
Friday, May 20, 2011
Math example
That’s it:
‣ public key = (n, e) = (33, 3)
‣ private key = (n, d) = (33, 7)
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7
Friday, May 20, 2011
Math example
The actual math is much more complex since we use very large numbers, but it all comes
down to these (relatively simple) calculations..
Friday, May 20, 2011
Encrypting & decrypting
Encrypting a message:c = me mod n
Decrypting a message:m = cd mod n
Friday, May 20, 2011
Encrypting & decrypting (1)
Encrypting a message: private key = (n,d) = (33, 7):
m = 13, 20, 15, 5
13^7 mod 33 = 720^7 mod 33 = 2615^7 mod 33 = 275^7 mod 33 = 14
c = 7, 26, 27,14
Friday, May 20, 2011
Encrypting & decrypting (2)
Decrypting a message: public key = (n,e) = (33, 3):
c = 7, 26, 27, 14
7^3 mod 33 = 1326^3 mod 33 = 2027^3 mod 33 = 1514^3 mod 33 =5
m = 13, 20, 15, 5
Friday, May 20, 2011
Encrypting & decrypting (3)
Friday, May 20, 2011
‣ A message is an “integer”, not a block of data.
Encrypting & decrypting (3)
Friday, May 20, 2011
‣ A message is an “integer”, not a block of data.
‣ A message must be between 2 and n-1.
Encrypting & decrypting (3)
Friday, May 20, 2011
‣ A message is an “integer”, not a block of data.
‣ A message must be between 2 and n-1.
‣ Deterministic, so we must use a padding scheme to make it non-deterministic.
Encrypting & decrypting (3)
Friday, May 20, 2011
‣ Public Key Cryptography Standard #1
‣ Pads data with (random) bytes up to n bits in length (v1.5 or OAEP/v2.x).
‣ Got it flaws and weaknesses too. Always use the latest available version (v2.1)
Encrypting & decrypting (4)
‣ http://www.rsa.com/rsalabs/node.asp?id=2125
Friday, May 20, 2011
‣ PKCS#1 (v1.5) IN ACTION
Data = 4E636AF98E40F3ADCFCCB698F4E80B9F
The encoded message block, EMB, after encoding but before encryption, with random padding bytes shown in green:0002257F48FD1F1793B7E5E02306F2D3228F5C95ADF5F31566729F132AA12009E3FC9B2B475CD6944EF191E3F59545E671E474B555799FE3756099F044964038B16B2148E9A2F9C6F44BB5C52E3C6C8061CF694145FAFDB24402AD1819EACEDF4A36C6E4D2CD8FC1D62E5A1268F496004E636AF98E40F3ADCFCCB698F4E80B9F
After RSA encryption, the output is:3D2AB25B1EB667A40F504CC4D778EC399A899C8790EDECEF062CD739492C9CE58B92B9ECF32AF4AAC7A61EAEC346449891F49A722378E008EFF0B0A8DBC6E621EDC90CEC64CF34C640F5B36C48EE9322808AF8F4A0212B28715C76F3CB99AC7E609787ADCE055839829E0142C44B676D218111FFE69F9D41424E177CBA3A435B
http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes
Encrypting & decrypting (5)
Friday, May 20, 2011
Implementations of public keys in real life
http://farm4.static.flickr.com/3538/3420164047_09ccc14e29.jpgFriday, May 20, 2011
Web communication
public key encryption in
Web communications(aka: I never use my credit card for internet purchases. It’s not safe.
Instead, I gave it to the waiter who walked away with it into the kitchen for 5 minutes..)
Friday, May 20, 2011
Web communication (1)
‣ BACK IN TIME
Welcome to 1991: HTTP is plaintext. Everybody can be trusted. This page is under construction, here’s a photo of my cat and a link to geocities.
Friday, May 20, 2011
Web communication (2)
‣ BUT NOW...
Friday, May 20, 2011
Web communication (2)
‣ BUT NOW...
‣ Free WiFi everywhere
Friday, May 20, 2011
Web communication (2)
‣ BUT NOW...
‣ Free WiFi everywhere
‣ Traffic snooping
Friday, May 20, 2011
Web communication (2)
‣ BUT NOW...
‣ Free WiFi everywhere
‣ Traffic snooping
‣ Authorization: Basic? (yes, VERY basic)
Friday, May 20, 2011
Web communication (3)
‣ USING HTTPS
Friday, May 20, 2011
Web communication (3)
‣ USING HTTPS
‣ HTTP encapsulated by TLS (previously SSL).
Friday, May 20, 2011
Web communication (3)
‣ USING HTTPS
‣ HTTP encapsulated by TLS (previously SSL).
‣ More or less: an encryption layer on top of http.
Friday, May 20, 2011
Web communication (3)
‣ USING HTTPS
‣ HTTP encapsulated by TLS (previously SSL).
‣ More or less: an encryption layer on top of http.
‣ Hybrid encryption.
Friday, May 20, 2011
Web communication (4)
Friday, May 20, 2011
Web communication (4)
‣ Actual encryption methodology is decided by the browser and the server (highest possible encryption used).
Friday, May 20, 2011
Web communication (4)
‣ Actual encryption methodology is decided by the browser and the server (highest possible encryption used).
‣ Symmetric encryption (AES-256, others)
Friday, May 20, 2011
Web communication (4)
‣ Actual encryption methodology is decided by the browser and the server (highest possible encryption used).
‣ Symmetric encryption (AES-256, others)
‣ But both sides needs the same key, so we have the same problem as before: how do we send over the key?
Friday, May 20, 2011
Web communication (5)
Friday, May 20, 2011
Web communication (5)
‣ Key is exchanged in a public/private encrypted communication.
Friday, May 20, 2011
Web communication (5)
‣ Key is exchanged in a public/private encrypted communication.
‣ Which public key?
Friday, May 20, 2011
Web communication (5)
‣ Key is exchanged in a public/private encrypted communication.
‣ Which public key?
‣ It is stored inside the server’s SSL certificate
Friday, May 20, 2011
Web communication (6)
‣ “GLOBAL” HTTPS HANDSHAKE
Friday, May 20, 2011
Web communication (6)
‣ “GLOBAL” HTTPS HANDSHAKE
‣ Browser sends over its encryption methods.
Friday, May 20, 2011
Web communication (6)
‣ “GLOBAL” HTTPS HANDSHAKE
‣ Browser sends over its encryption methods.‣ Server decides which one to use.
Friday, May 20, 2011
Web communication (6)
‣ “GLOBAL” HTTPS HANDSHAKE
‣ Browser sends over its encryption methods.‣ Server decides which one to use.‣ Server send certificate(s).
Friday, May 20, 2011
Web communication (6)
‣ “GLOBAL” HTTPS HANDSHAKE
‣ Browser sends over its encryption methods.‣ Server decides which one to use.‣ Server send certificate(s).‣ Client sends “session key” encrypted by the
public key found in the server certificate.
Friday, May 20, 2011
Web communication (6)
‣ “GLOBAL” HTTPS HANDSHAKE
‣ Browser sends over its encryption methods.‣ Server decides which one to use.‣ Server send certificate(s).‣ Client sends “session key” encrypted by the
public key found in the server certificate.‣ Server and client uses the “session key” for
symmetrical encryption.
Friday, May 20, 2011
Web communication (7)
Friday, May 20, 2011
Web communication (7)
‣ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption.
Friday, May 20, 2011
Web communication (7)
‣ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption.
‣ SSL/TLS is a separate talk (it’s way more complex as this)
Friday, May 20, 2011
Web communication (7)
‣ Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption.
‣ SSL/TLS is a separate talk (it’s way more complex as this)
‣ http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html
Friday, May 20, 2011
Email communication
public key encryption in
Email communication
(aka: the worst communication method invented when it comes to privacy or secrecy, except for yelling)
Friday, May 20, 2011
Email communication (2)
http://torontoemerg.files.wordpress.com/2010/09/spam.gif
http://change-your-ip.com/wp-content/uploads/image/nigerian_419_scam.jpg
Friday, May 20, 2011
Email communication (3)
‣ DID YOU EVER SEND/RECEIVE EMAILS LIKE THIS?
Friday, May 20, 2011
Email communication (4)
Friday, May 20, 2011
Email communication (4)
‣ Did Bill really send this email?
Friday, May 20, 2011
Email communication (4)
‣ Did Bill really send this email?
‣ Do we know for sure that nobody has read this email (before it came to us?)
Friday, May 20, 2011
Email communication (4)
‣ Did Bill really send this email?
‣ Do we know for sure that nobody has read this email (before it came to us?)
‣ Do we know for sure that the contents of the message isn’t tampered with?
Friday, May 20, 2011
Email communication (4)
‣ Did Bill really send this email?
‣ Do we know for sure that nobody has read this email (before it came to us?)
‣ Do we know for sure that the contents of the message isn’t tampered with?
‣ We use signing!
Friday, May 20, 2011
Signing (1)
Friday, May 20, 2011
Signing (1)
‣ Signing a message means adding a signature that authenticates the validity of a message.
Friday, May 20, 2011
Signing (1)
‣ Signing a message means adding a signature that authenticates the validity of a message.
‣ Like md5 or sha1, so when the message changes, so will the signature.
Friday, May 20, 2011
Signing (1)
‣ Signing a message means adding a signature that authenticates the validity of a message.
‣ Like md5 or sha1, so when the message changes, so will the signature.
‣ This works on the premise that Alice and only Alice has the private key that can create the signature.
Friday, May 20, 2011
Signing (2)
http://en.wikipedia.org/wiki/File:Digital_Signature_diagram.svg
Friday, May 20, 2011
Signing (3)
Friday, May 20, 2011
Signing (3)
‣ GPG / PGP: Application for signing and/or encrypting data (or emails).
Friday, May 20, 2011
Signing (3)
‣ GPG / PGP: Application for signing and/or encrypting data (or emails).
‣ Try it yourself with Thunderbird’s Enigmail extension.
Friday, May 20, 2011
Signing (3)
‣ GPG / PGP: Application for signing and/or encrypting data (or emails).
‣ Try it yourself with Thunderbird’s Enigmail extension.
‣ Public keys can be send / found on PGP-servers so you don’t need to send your keys to everybody all the time.
Friday, May 20, 2011
Signing (4)
Friday, May 20, 2011
Signing (5)
Friday, May 20, 2011
Signing (5)
Friday, May 20, 2011
Signing (5)
Friday, May 20, 2011
Email communication (10)
‣ ADVANTAGES OF SIGNING YOUR MAIL
Friday, May 20, 2011
Email communication (10)
‣ ADVANTAGES OF SIGNING YOUR MAIL
‣ Everybody can send emails that ONLY YOU can read.
Friday, May 20, 2011
Email communication (10)
‣ ADVANTAGES OF SIGNING YOUR MAIL
‣ Everybody can send emails that ONLY YOU can read.‣ Everybody can verify that YOU have send the email
and that it is authentic.
Friday, May 20, 2011
Email communication (10)
‣ ADVANTAGES OF SIGNING YOUR MAIL
‣ Everybody can send emails that ONLY YOU can read.‣ Everybody can verify that YOU have send the email
and that it is authentic.‣ Why is this not the standard?
Friday, May 20, 2011
Email communication (10)
‣ ADVANTAGES OF SIGNING YOUR MAIL
‣ Everybody can send emails that ONLY YOU can read.‣ Everybody can verify that YOU have send the email
and that it is authentic.‣ Why is this not the standard?‣ No really, why isn’t it the standard?
Friday, May 20, 2011
Email communication (7)
Friday, May 20, 2011
Email communication (8)
Friday, May 20, 2011
Email communication (9)
Stupidity trumps everything:
Don’t loose your private key(s)
(as I did on multiple occasions)
http://farm4.static.flickr.com/3231/2783827537_b4d2a5cc9a.jpg
Friday, May 20, 2011
Other applications
‣ PUBLIC KEY ENCRYPTION IN OTHER FIELDS
PGP / GPG(encrypt / decrypt sensitive data)
OpenSSH(Secure connection to other systems)
IPSEC(VPN tunnels)
Software signing
Friday, May 20, 2011
‣ FOOTER TEXT
Any questions?
http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg
Friday, May 20, 2011
‣ THANK YOU FOR YOUR ATTENTION
Please rate my talk on joind.in: http://joind.in/3466
Friday, May 20, 2011