Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
PGP PowerPoint Presentation

PGP

121 Views Download Presentation
Download Presentation

PGP

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. PGP Stephen Smith – December 11, 2013

  2. Outline - Pretty Good Privacy • History • How It Works • How To Use It • Questions • I Get Taken Away In Handcuffs

  3. History of PGP

  4. Separated At Birth?

  5. History of PGP • Uploaded to Peacenet • Message board for activists • Encryption viewed as “munitions” • NSA banned >40-bit ciphers from export • Zimmerman charged as arms dealer • Charges dropped after several years

  6. History of PGP • How they got around it • Sold books containing entire source code • Cut binding off, scan with OCR, presto! • Export of books protected under 1st Amendment • Crypto now free speech too • Bernstein v. United States • Junger v. Daley

  7. History of PGP • PGP Corporation founded in 2001 • Sold to Symantec in 2010 • Open source version also available • GnuPG (GNU Privacy Guard)

  8. How Does It Work?

  9. Step One: Text Compression • Smaller size • Faster transmission • Improved resistance to frequency analysis • Incomplete message = harder to break

  10. Step Two: Encryption • Session key is randomly generated • “Random” = very strict meaning in cryptography • Session key used to encrypt message • Cipher used = AES

  11. AES • Advanced Encryption Standard • Rijndael • Joan Daemen and Vincent Rijmen • Block cipher • As opposed to stream cipher • Chunks data up, shuffles it in predictable fashion • …predictable to anyone with the key, that is

  12. AES • Attacked via side channels • Weaknesses in implementation, not math • Math-only attacks getting progressively better

  13. Step 3: Authentication • Session key encrypted with sender’s public key • Cipher used = RSA

  14. RSA • Ron Rivest, AdiShamir, Leonard Adleman • Developed 3 years earlier at GCHQ • British NSA • Not declassified until 1997 • Explaining it would be a bit mathy for ten minutes • It’s not THAT hard, just a little complex • Involves prime numbers and modular arithmetic • You already know one, you’ll know the other in a minute

  15. RSA • Attacked by prime factoring • Getting better every year • Shor’s algorithm + quantum computer • Next step = Elliptic Curve Cryptography (ECC) • ECDSA = Elliptic Curve Digital Signature Algorithm • ArsTechnica posted a good summary last week

  16. Step 4: Hash Production • Message in, hashtext out • Hashtext encrypted with sender’s private key • Ensures message can’t be modified and rehashed • Cipher used = SHA

  17. SHA • Secure Hashing Algorithm (SHA-3) • Keccak • Guido Bertoni, Joan Daemen, MichaëlPeeters, and Gilles Van Assche • Hash function • Modular arithmetic • One-way function

  18. SHA • Attacked by collisions • Predictable output • Identical output for different input • The birthday paradox

  19. Step 4.5: Why Three Ciphers? • Message encrypted with AES session key • AES is way faster than RSA • Session key encrypted with RSA public key • RSA has public/private keypairs • Message hashed with SHA • SHA ensures consistent output • Coordinating all this is why PGP is awesome.

  20. Step 5: Message Sent & Received • Both aspects of secure email are now present • Encryption • Authentication • Message is sent, entire process is reversed • Session key decrypted by receiver’s private key • Message decrypted with session key • Original hash decrypted with sender’s public key • Received message hashed and compared • Text decompressed

  21. Summary • Message is encrypted and signed • Message is transmitted • Message is checked for integrity and decrypted

  22. How To Use It • Outlook • PGP For Outlook • Thunderbird • Enigmail • Gmail, Hotmail, etc. • Say hi to the NSA for me!

  23. Questions?

  24. Sources Cited Singh, S. (2000). The code book: The science of secrecy from ancient egypt to quantum cryptography. New York City: Anchor. Ferguson, N., Schneier, B., & Tadayoshi, K (2010). Cryptography engineering: Design principles and practical applications. New York City: Wiley. PGP International. (1999). How pgp works. Retrieved from http://www.pgpi.org/doc/pgpintro/