1 / 24

PGP

PGP. Stephen Smith – December 11, 2013. Outline - Pretty Good Privacy. History How It Works How To Use It Questions I Get Taken Away In Handcuffs. History of PGP. Separated At Birth?. History of PGP. Uploaded to Peacenet Message board for activists Encryption viewed as “munitions”

Télécharger la présentation

PGP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PGP Stephen Smith – December 11, 2013

  2. Outline - Pretty Good Privacy • History • How It Works • How To Use It • Questions • I Get Taken Away In Handcuffs

  3. History of PGP

  4. Separated At Birth?

  5. History of PGP • Uploaded to Peacenet • Message board for activists • Encryption viewed as “munitions” • NSA banned >40-bit ciphers from export • Zimmerman charged as arms dealer • Charges dropped after several years

  6. History of PGP • How they got around it • Sold books containing entire source code • Cut binding off, scan with OCR, presto! • Export of books protected under 1st Amendment • Crypto now free speech too • Bernstein v. United States • Junger v. Daley

  7. History of PGP • PGP Corporation founded in 2001 • Sold to Symantec in 2010 • Open source version also available • GnuPG (GNU Privacy Guard)

  8. How Does It Work?

  9. Step One: Text Compression • Smaller size • Faster transmission • Improved resistance to frequency analysis • Incomplete message = harder to break

  10. Step Two: Encryption • Session key is randomly generated • “Random” = very strict meaning in cryptography • Session key used to encrypt message • Cipher used = AES

  11. AES • Advanced Encryption Standard • Rijndael • Joan Daemen and Vincent Rijmen • Block cipher • As opposed to stream cipher • Chunks data up, shuffles it in predictable fashion • …predictable to anyone with the key, that is

  12. AES • Attacked via side channels • Weaknesses in implementation, not math • Math-only attacks getting progressively better

  13. Step 3: Authentication • Session key encrypted with sender’s public key • Cipher used = RSA

  14. RSA • Ron Rivest, AdiShamir, Leonard Adleman • Developed 3 years earlier at GCHQ • British NSA • Not declassified until 1997 • Explaining it would be a bit mathy for ten minutes • It’s not THAT hard, just a little complex • Involves prime numbers and modular arithmetic • You already know one, you’ll know the other in a minute

  15. RSA • Attacked by prime factoring • Getting better every year • Shor’s algorithm + quantum computer • Next step = Elliptic Curve Cryptography (ECC) • ECDSA = Elliptic Curve Digital Signature Algorithm • ArsTechnica posted a good summary last week

  16. Step 4: Hash Production • Message in, hashtext out • Hashtext encrypted with sender’s private key • Ensures message can’t be modified and rehashed • Cipher used = SHA

  17. SHA • Secure Hashing Algorithm (SHA-3) • Keccak • Guido Bertoni, Joan Daemen, MichaëlPeeters, and Gilles Van Assche • Hash function • Modular arithmetic • One-way function

  18. SHA • Attacked by collisions • Predictable output • Identical output for different input • The birthday paradox

  19. Step 4.5: Why Three Ciphers? • Message encrypted with AES session key • AES is way faster than RSA • Session key encrypted with RSA public key • RSA has public/private keypairs • Message hashed with SHA • SHA ensures consistent output • Coordinating all this is why PGP is awesome.

  20. Step 5: Message Sent & Received • Both aspects of secure email are now present • Encryption • Authentication • Message is sent, entire process is reversed • Session key decrypted by receiver’s private key • Message decrypted with session key • Original hash decrypted with sender’s public key • Received message hashed and compared • Text decompressed

  21. Summary • Message is encrypted and signed • Message is transmitted • Message is checked for integrity and decrypted

  22. How To Use It • Outlook • PGP For Outlook • Thunderbird • Enigmail • Gmail, Hotmail, etc. • Say hi to the NSA for me!

  23. Questions?

  24. Sources Cited Singh, S. (2000). The code book: The science of secrecy from ancient egypt to quantum cryptography. New York City: Anchor. Ferguson, N., Schneier, B., & Tadayoshi, K (2010). Cryptography engineering: Design principles and practical applications. New York City: Wiley. PGP International. (1999). How pgp works. Retrieved from http://www.pgpi.org/doc/pgpintro/

More Related