Everyday Cryptography

Similar documents
Concepts in Crypto. Parker Micah PGP: 4FF3 AA1B D29E DE C F88 9A

PRETTY EASY PRIVACY

Secure Client Applications

Signing and Encryption with GnuPG

Introduce. your tech. Who? Why? Expectations? Operating System? Client or Webmail? Provider?

Cryptography for Software and Web Developers

Tutorial: Encrypted with Thunderbird and Enigmail. Author: Shashank Areguli. Published: Ed (August 9, 2014)

Encrypting removable storage devices Removable device encryption R/W compatible with Linux and Windows

Encrypting your Communications using PGP

SECURE COMMUNICATIONS: PAST, PRESENT, FUTURE

The Surveillance State and what to do about it

Introduction to Encryption What it s all about

Opportunistic Security

Internet Security. Contents. ITS335: IT Security. Internet Security. Secure . Summary

Dip a toe in crypto (aka encryption and GnuPG) Zak Rogoff & Steve Revilak

Encrypting Your Files. Because nobody else will And would you trust them if they did?

Encrypting with KMail, Mozilla Thunderbird, and Evolution LOCK AND KEY BY FRAUKE OSTER

Securing . (with extra benefits) Helen George Jeremy George Nexus Resources, Inc. 1

Signing and Encryption with GnuPG

Alice and Bob are Really Confused

HW/Lab 1: Security with PGP, and Crypto CS 336/536: Computer Network Security DUE 09/28/2015 (11am)

Encrypted File Systems. Don Porter CSE 506

File and encryption with GPG4win & Enigmail

An Introduction to Secure . Presented by: Addam Schroll IT Security & Privacy Analyst

Network Security Protocols

White paper. Why Encrypt? Securing without compromising communications

Disk encryption... (not only) in Linux. Milan Brož

Secure User Guide. PGP (Pretty Good Privacy)

GPG - GNU Privacy Guard

CPSC 467: Cryptography and Computer Security

Debian s role in establishing an alternative to Skype

Introduction to Cryptography

Securing Data at Rest ViSolve IT Security Team

Guidelines on use of encryption to protect person identifiable and sensitive information

INTERNET DOCUMENT SECURITY & PRIVACY RESOURCES

Jive Connects for Openfire

Internet Programming. Security

By: Magiel van der Meer. Supervisors: Marc Smeets Jeroen van der Ham

For Paranoid People. by _NSAKEY

INTRODUCTION TO CRYPTOGRAPHY

Encryption: Ensuring Information Security

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Single Sign-On Framework in Tizen Contributors: Alexander Kanavin, Jussi Laako, Jaska Uimonen

Michael Seltzer COMP 116: Security Final Paper. Client Side Encryption in the Web Browser Mentor: Ming Chow

CS 3251: Computer Networking 1 Security Protocols I

Security. Michael E. Locasto University of Calgary

SecureCom Mobile s mission is to help people keep their private communication private.

1. Scope of Service. 1.1 About Boxcryptor Classic

Securing your Linksys Wireless Router BEFW11S4 Abstract

Security: Focus of Control. Authentication

Analyzing the Security Schemes of Various Cloud Storage Services

Using Your PGP Tool to Update Your Address Settings for Encrypted Messaging

Better Safe Than Sorry

SafeCall Secure Communication System

Secure User Guide

How To Secure Your From Being Hacked On A Pc Or Mac Or Ipad (For Free) For A Long Time (For A Long Period Of Time) For Free (For Commercial) For Your Money (For Business) For The Long Term

Lecture 6 - Cryptography

Maxis BizVoice For iphone User Guide. Version 1.0

Open Technologies in the Education Enterprise

XEP-0210: Requirements for Encrypted Sessions

Pretty Good Privacy with GnuPG

How To Encrypt Data With Encryption

Kingston University London

Mcabber User Guide. franky

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Using etoken for SSL Web Authentication. SSL V3.0 Overview

CS 4803 Computer and Network Security

GPG4win / Kleopatra Documentation. Secure file and encryption by using GnuPG for Windows

Encrypting a USB Drive Using TrueCrypt

Cyber Warnings E-Magazine August 2015 Edition Copyright Cyber Defense Magazine, All rights reserved worldwide

How to Create and Maintain an Anonymous Identity Online

The Handbook V 1.8 Adaptations by Ludwig Hügelschäfer Based on Version 1 by Daniele Raffo with Patrick Brunschwig and Robert J. Hansen.

PRODUCT COMPARISON CHART COMPARE THE COMPLETE ZOIPER PRODUCT LINE

Secure Mail Message Retrieval Instructions

Virtual Private Networks

PGP(R) Desktop Version 10.0 for Mac OS X Release Notes

Digital Security and Privacy

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

PGP Desktop Quick Start Guide Version 10.2

Key & Data Storage on Mobile Devices

Chapter 10. Network Security

Applying Cryptography as a Service to Mobile Applications

Retrieving Internet chat history with the same ease as a squirrel cracks nuts

Remaining Anonymous. Osman Surkatty surkatty.org

PENN. Social Sciences Computing a division of SAS Computing. SAS Computing SSC. File Security. John Marcotte Director of SSC.

Biography of Trainer. Education. Experience. Summary. TLS/SSL : Securing your website PGP : Secure your communication. Topic

Secure Storage. Lost Laptops

Key Management (Distribution and Certification) (1)

Crypho Security Whitepaper

How to use PGP Encryption with iscribe

GPG installation and configuration

Chapter 32 Internet Security

Site Administrator User Guide. show, tell, share

SIP and VoIP 1 / 44. SIP and VoIP

THUNDERBIRD WORKBOOK

The Public Key Muddle

Cloud Computing for Education Workshop

PGP Desktop Quick Start Guide version 9.6

Secure in times of rising mobile communication

Securing Data on Microsoft SQL Server 2012

Transcription:

Everyday Cryptography Michael F. Herbst michael.herbst@iwr.uni-heidelberg.de http://blog.mfhs.eu Interdisziplinäres Zentrum für wissenschaftliches Rechnen Ruprecht-Karls-Universität Heidelberg 24 November 2014 1 / 22

Table of Contents 1 Why cryptography? Why even bother? 2 Encrypted communication Instant Messaging 3 Hard disk encryption Encrypting your files 4 Summary 1 / 22

Table of Contents 1 Why cryptography? Why even bother? 2 Encrypted communication Instant Messaging 3 Hard disk encryption Encrypting your files 4 Summary 2 / 22

Why even bother? Why cryptography? Global total surveillance selector-based surveillance Responsibility for people around us as well Privacy and confidentiality Keeping (company) secrets Cryptonoise 3 / 22

Why even bother? Why use free software? Free Software 0 Use the software as you wish 1 Study the program in source and adapt it as you wish 2 Redistribute copies to help your neighbour 3 Distribute modified copies to help the whole community Free Software has higher potential to be secure All Software contains bugs Bugs can be fixed by everyone for everyone You or person you trust can review source Only free software is really trustworthy 4 / 22

Table of Contents 1 Why cryptography? Why even bother? 2 Encrypted communication Instant Messaging 3 Hard disk encryption Encrypting your files 4 Summary 5 / 22

Unencrypted Emails 6 / 22

Unencrypted Emails 6 / 22

Unencrypted Emails #$!? #$!? 6 / 22

Unencrypted Emails #$!? #$!? 6 / 22

Unencrypted Emails #$!? #$!? 6 / 22

Demo DEMO 7 / 22

Using Transport Layer Security (TLS) #$!? #$!? 8 / 22

Using Transport Layer Security (TLS) #$!? #$!? 8 / 22

Using Transport Layer Security (TLS) #$!? #$!? 8 / 22

Using Transport Layer Security (TLS) #$!? #$!? 8 / 22

Using End2End encryption (e.g. Pretty Good Privacy) #$!? #$!? 9 / 22

Asymmetric encryption (here: PGP) A Bob s computer Alice s Public Key #$!? Eve and the internet A A A Alice s computer Alice s Private Alice s Key Private Key Alice s Public Key 10 / 22

Asymmetric encryption (here: PGP) A Bob s computer Alice s Public Key #$!? Eve and the internet A Alice s computer Alice s Private Key 10 / 22

Asymmetric encryption (here: PGP) A Bob s computer Alice s Public Key #$!? Eve and the internet A Alice s computer Alice s Private Key 10 / 22

Asymmetric encryption (here: PGP) A Bob s computer Alice s Public Key #$!? Eve and the internet A Alice s computer Alice s Private Key 10 / 22

What do you need? Programs Thunderbird and Enigmail (Windows, LinuX, OS X) GPGTools (OS X with Apple Mail) They all use: GnuPG Links https://www.mozilla.org/thunderbird/ https://www.enigmail.net https://gpgtools.org/ https://www.gnupg.org/ 11 / 22

Instant Messaging Instant Messaging: Typical setup Without any encryption 12 / 22

Instant Messaging Instant Messaging: Typical setup Without any encryption With TLS encryption 12 / 22

Instant Messaging Secure Instant Messaging Protocol Asymmetric encryption Off-the-record (OTR) messaging https://otr.cypherpunks.ca/ Works with many chat protocols and everyone who has plugin Perfect forward secrecy Can establish secret connection via passphrase and other channel Programs Multiprotocol: Facebook chat, Google Talk, SIP, XMPP (Jabber), IRC, MSN,... Adium https://www.adium.im/ (OS X) Pidgin https://pidgin.im/ (Windows, LinuX) Jitsi https://jit.si/ (Windows, LinuX, OS X) 13 / 22

Instant Messaging Secure Video Chats Jitsi (https://jit.si/) not only good for chatting Open source Skype alternative Uses End2End encrypted video and audio Relatively new project (buggy, some pitfalls) Aims to be easy-to-use and secure-by-default 14 / 22

Table of Contents 1 Why cryptography? Why even bother? 2 Encrypted communication Instant Messaging 3 Hard disk encryption Encrypting your files 4 Summary 15 / 22

Encrypting your files Hardware vs. software encryption Hardware encryption Crypto built-in to hard-drive / chip Software encryption Crypto realised by program running Both can be totally transparent to user Both can be attacked if physical access Attacking hardware encryption a little easier (warm-replug-attacks) Hardware-encryption less portable Software encryption almost always the better choice Warm-replug-attack https://events.ccc.de/congress/2012/fahrplan/ events/5091.en.html 16 / 22

Encrypting your files Software encryption software LinuX dm-crypt and LUKS (package: cryptsetup) https://code.google.com/p/cryptsetup/ Transparent crypto layer Windows and OS X TrueCrypt 7.1a (not the 7.2 Version) Important: Use this link https://www.heise.de/download/truecrypt.html (VeraCrypt use with care) 17 / 22

Encrypting your files Software encryption software LinuX dm-crypt and LUKS (package: cryptsetup) https://code.google.com/p/cryptsetup/ Transparent crypto layer Windows and OS X TrueCrypt 7.1a (not the 7.2 Version) Important: Use this link https://www.heise.de/download/truecrypt.html (VeraCrypt use with care) 17 / 22

Table of Contents 1 Why cryptography? Why even bother? 2 Encrypted communication Instant Messaging 3 Hard disk encryption Encrypting your files 4 Summary 18 / 22

Summary By default everyday communication cannot be considered secure Crytpographic alternatives exist Setting up crypto initially is a barrier Once it runs properly: Almost no extra effort needed Regain privacy and trust 19 / 22

Why cryptography? Encrypted communication Hard disk encryption Summary Need any help? Go to a cryptoparty e.g. http://cryptoparty-hd.de You can give me your email and I ll let you know when the next one happens...duh! 20 / 22

Images From https://en.wikipedia.org/wiki/file: Asymmetric_cryptography_-_step_2.svg From the Tango Icon Theme http://tango.freedesktop.org The rest is my own work or derived of one of the above All released under CC by-sa 4.0 21 / 22

Links https://jit.si/ https://www.enigmail.net http://cryptoparty-hd.de This presentation will soon be on http://blog.mfhs.eu This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International Licence. 22 / 22

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information