Presentation is loading. Please wait.

Presentation is loading. Please wait.

PGP Stephen Smith – December 11, 2013. Outline - Pretty Good Privacy  History  How It Works  How To Use It  Questions  I Get Taken Away In Handcuffs.

Similar presentations


Presentation on theme: "PGP Stephen Smith – December 11, 2013. Outline - Pretty Good Privacy  History  How It Works  How To Use It  Questions  I Get Taken Away In Handcuffs."— Presentation transcript:

1 PGP Stephen Smith – December 11, 2013

2 Outline - Pretty Good Privacy  History  How It Works  How To Use It  Questions  I Get Taken Away In Handcuffs

3 History of PGP

4 Separated At Birth?

5 History of PGP  Uploaded to Peacenet  Message board for activists  Encryption viewed as “munitions”  NSA banned >40-bit ciphers from export  Zimmerman charged as arms dealer  Charges dropped after several years

6 History of PGP  How they got around it  Sold books containing entire source code  Cut binding off, scan with OCR, presto!  Export of books protected under 1 st Amendment  Crypto now free speech too  Bernstein v. United States  Junger v. Daley

7 History of PGP  PGP Corporation founded in 2001  Sold to Symantec in 2010  Open source version also available GnuPG (GNU Privacy Guard)

8 How Does It Work?

9 Step One: Text Compression  Smaller size  Faster transmission  Improved resistance to frequency analysis  Incomplete message = harder to break

10 Step Two: Encryption  Session key is randomly generated  “Random” = very strict meaning in cryptography  Session key used to encrypt message  Cipher used = AES

11 AES  Advanced Encryption Standard  Rijndael Joan Daemen and Vincent Rijmen  Block cipher  As opposed to stream cipher  Chunks data up, shuffles it in predictable fashion  …predictable to anyone with the key, that is

12 AES  Attacked via side channels  Weaknesses in implementation, not math  Math-only attacks getting progressively better

13 Step 3: Authentication  Session key encrypted with sender’s public key  Cipher used = RSA

14 RSA  Ron Rivest, Adi Shamir, Leonard Adleman  Developed 3 years earlier at GCHQ  British NSA  Not declassified until 1997  Explaining it would be a bit mathy for ten minutes  It’s not THAT hard, just a little complex  Involves prime numbers and modular arithmetic You already know one, you’ll know the other in a minute

15 RSA  Attacked by prime factoring  Getting better every year  Shor’s algorithm + quantum computer  Next step = Elliptic Curve Cryptography (ECC)  ECDSA = Elliptic Curve Digital Signature Algorithm  Ars Technica posted a good summary last week

16 Step 4: Hash Production  Message in, hashtext out  Hashtext encrypted with sender’s private key Ensures message can’t be modified and rehashed  Cipher used = SHA

17 SHA  Secure Hashing Algorithm (SHA-3)  Keccak Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche  Hash function  Modular arithmetic  One-way function

18 SHA  Attacked by collisions  Predictable output  Identical output for different input The birthday paradox

19 Step 4.5: Why Three Ciphers?  Message encrypted with AES session key  AES is way faster than RSA  Session key encrypted with RSA public key  RSA has public/private keypairs  Message hashed with SHA  SHA ensures consistent output  Coordinating all this is why PGP is awesome.

20 Step 5: Message Sent & Received  Both aspects of secure email are now present  Encryption  Authentication  Message is sent, entire process is reversed  Session key decrypted by receiver’s private key  Message decrypted with session key  Original hash decrypted with sender’s public key  Received message hashed and compared  Text decompressed

21 Summary  Message is encrypted and signed  Message is transmitted  Message is checked for integrity and decrypted

22 How To Use It  Outlook  PGP For Outlook  Thunderbird  Enigmail  Gmail, Hotmail, etc.  Say hi to the NSA for me!

23 Questions?

24 Sources Cited Singh, S. (2000). The code book: The science of secrecy from ancient egypt to quantum cryptography. New York City: Anchor. Ferguson, N., Schneier, B., & Tadayoshi, K (2010). Cryptography engineering: Design principles and practical applications. New York City: Wiley. PGP International. (1999). How pgp works. Retrieved from http://www.pgpi.org/doc/pgpintro/


Download ppt "PGP Stephen Smith – December 11, 2013. Outline - Pretty Good Privacy  History  How It Works  How To Use It  Questions  I Get Taken Away In Handcuffs."

Similar presentations


Ads by Google