1 / 18

#Syracuse # CryptoParty @SIG315 Presentation by @ MarkScrano

#Syracuse # CryptoParty @SIG315 Presentation by @ MarkScrano. What is a CryptoParty ?. CryptoParties are meetups to share and learn basic cryptographic tools such as PGP/GPG, Tor, OTR, TrueCrypt , etc. At CryptoParty , we teach, learn and share. CypherPunk Manifesto.

drake
Télécharger la présentation

#Syracuse # CryptoParty @SIG315 Presentation by @ MarkScrano

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. #Syracuse #CryptoParty @SIG315 Presentation by @MarkScrano

  2. What is a CryptoParty? • CryptoParties are meetups to share and learn basic cryptographic tools such as PGP/GPG, Tor, OTR, TrueCrypt, etc. At CryptoParty, we teach, learn and share.

  3. CypherPunk Manifesto • Protecting our data, information and privacy is of vital importance, particularly on the internet. We variously lock up and otherwise protect physical objects such as cars, houses and credit cards. But how do we secure our electronic data? How do we protect ourselves on the internet? And how do we know whom to trust, and to what degree? • Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.

  4. Hashing vs. Encrypting Hashing Encryption Variable length digest Ciphertext Examples: AES Blowfish 3DES What is it used for? Confidentiality Security (layered model) • Fixed length digest • Can have collisions • Examples: • MD5 • SHA-0, -1, -2, -3 • What is it used for? • Checksums • Integrity validation • Digital signatures

  5. SSL and TLS • SSL & TLS provide a form of encryption. • Helps protect data in transit. • Tools • Firefox: NoScript, HTTPS Everywhere • Chrome: Use HTTPS, HTTPS Everywhere, --force-https(no http) • Safari: SSL Everywhere

  6. Tor and I2P • The Onion Router • Defend against surveillance • Additional Privacy (IP) • Confidential relationships • Reduce efforts to perform traffic analysis • Hidden services (.onions) • Invisible Internet Project • Anonymous web • End to end encryption • EEP sites • Tails Linux live CD has both securely configured and hardened

  7. VPN • Add a layer of encryption to unsecured websites • Protect from wifi sniffing on open networks • IP anonymity • Get a free/very low cost VPS from Amazon EC2 and run OpenVPN

  8. PGP & GPG • Email Security • Email is sent plaintext • Can be forged/altered • Who do we trust and how can we protect our data? • Public/Private Keys • Public Key Servers • Sign email for integrity • Encrypt email for confidentiality • Applications: • Kleopatra • Enigmail (Thunderbird) • APG (Android)

  9. OTR • Off-the-record chat • Encryption • Authentication • Deniability • Forward Secrecy • Examples: • XMPP/Jabber • Pidgin OTR • CryptoCat

  10. Android • PGP/GPG: • APG (K9 Mail & file manager required) • OTR: • Gibberbot • SMS and MMS • TextSecure • TOR: • OrBotTor on Android • OrWeb Proxy and Privacy Browser • Voice: • Redphone • VPN: • Some built in functions • OpenVPN requires Root

  11. iPhone • OTR: • ChatSecure • PGP/GPG • oPenGP (lite or $3.99) • Symantec PGP Viewer (no sending function) • TOR: • Onion Browser ($.99) • VPN: • Many vendor/service specific options

  12. Truecrypt • Full Disk and Volume Encryption • Automatic, Realtime, User transparent • Provides Confidentiality and offers the ability to include Steganography to create hidden volumes.

  13. Hard Drive Encryption • Windows • EFS (Encrypted File System) • Linux • LUKS (Linux Unified Key Setup) • Mac OS • File Vault

  14. Password protections • Steve Gibson from GRC • Password Haystacks • How secure is your password? • Off the grid • Creates a grid to generate unique secure passwords for use online • Perfect Paper Passwords • One time password implementation

  15. Password Managers • Lastpass • KeePass • Secure storage of password s • Password generators • Plugins for all major browsers and smartphones

  16. Two Factor Authentication • Something you know, something you have, something you are. • Examples • Google Authenticator • SMS to phone • RSA Tokens • Yubikey

  17. Research • Cryptology ePrint Archive • Current research and breakthroughs in Cryptograph • Cryptoparty handbook • Work in progress • On Github

  18. Resources • http://cryptoparty.org/ • https://svn.torproject.org/svn/projects/presentations/ - TOR Presentation SVN • http://crypto.stackexchange.com/ - Q&A Site • https://cacr.uwaterloo.ca/hac/ - Handbook of Applied Cryptography • http://www.cypherpunks.ca/otr/ - OTR Chat • http://support.microsoft.com/kb/308989 - EFS Windows XP • http://windows.microsoft.com/en-US/windows-vista/Encrypt-or-decrypt-a-folder-or-file - EFS Vista & 7 • http://support.microsoft.com/kb/241201 - Certificate backup XP • http://windows.microsoft.com/is-IS/windows-vista/Back-up-Encrypting-File-System-EFS-certificate - Certificate backup Vista & 7 • https://www.grc.com/haystack.htm - Password Haystacks • https://www.grc.com/OffTheGrid.htm - Off the Grid GRC • https://www.grc.com/ppp.htm - Perfect Paper Passwords • https://github.com/cryptoparty/handbook - Cryptoparty Handbook • https://www.coursera.org/crypto/auth/welcome - Cryptography at Stanford University

More Related