DOCSLIB.ORG

(E2EE) Messaging

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
(E2EE) Messaging End-to-End Encrypted (E2EE) Messaging 2021 Rolf Oppliger Slide 1 Presenter • eSECURITY Technologies Rolf Oppliger (founder and owner) • Swiss National Cyber Security Centre NCSC (scientific employee) • University of Zurich (adjunct professor) • Artech House (author and series editor for information security and privacy) → rolf-oppliger.ch or rolf-oppliger.com 2021 Rolf Oppliger Slide 2 Reference Book © Artech House (2020) ISBN 978-1-63081-732-9 → Personal → Artech House (UK) 2021 Rolf Oppliger Slide 3 Disclaimers • The slides are relatively simple, down-to-earth, and not visually stimulating • Mathematical fundamentals are not addressed • Alice, Bob, Carol, Dave, Eve, and the rest of the gang are posted as missing (cf. Disillusioning http://xkcd.com/1323/ Alice and Bob, IEEE Security & Privacy, Vol. 15, No. 5, September/October 2017, pp. 82 - 84) • The world of cryptography is somehow restricted and does not properly take into account human aspects and the subtleties of machine-user interaction (cf. video) http://xkcd.com/538/ 2021 Rolf Oppliger Slide 4 Preliminary Remark • Crypto Wars • I (1970s): Publication and standardization • II (1990s): Export controls • III (now): E2EE messaging («going dark») 2021 Rolf Oppliger Slide 5 Outline 1. Introduction 2. Cryptographic Techniques 3. «Conventional» Approaches and Solutions 4. «Modern» Approaches and Solutions 5. Conclusions and Outlook 2021 Rolf Oppliger Slide 6 1. Introduction • Text-based messaging (e-mail) has been one of the first (asynchronous) applications on the Internet (message format is specified in RFC 5322) • The Internet mail architecture is spe- cified in informa- tional RFC 5598 • SMTP (RFC 5321), POP3 (RFC 1939), and IMAP4 (RFC 2060) are the core protocols 2021 Rolf Oppliger Slide 7 • The Extensible Messaging and Presence Protocol (XMPP) – formerly known as Jabber – is an open XML- based protocol for real-time communication (instant messaging) • It is specified in Internet Standards Track RFCs 6120 (core), 6121 (instant messaging and presence), and 7622 (address format) • It enables many synchronous applications, including instant messaging, presence and collaboration • There are a few alternatives to XMPP, such as MQTT or SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE) • XMPP can be layered on top of TLS to provide transport layer security 2021 Rolf Oppliger Slide 8 • RFC 3923 specifies how to invoke S/MIME for message signing and encryption in an XMPP setting • There are only a few implementations (e.g., Sixscape) • In spite of the existence of XMPP, most messenger apps use proprietary protocols and are based on a simple (and centralized) architecture • WhatsApp • Yahoo Messenger • Facebook Messenger • … • This is fundamentally different from e-mail • The architecture is susceptible to man-in-the-middle (MITM) attacks 2021 Rolf Oppliger Slide 9 • During the past decade, instant messaging (in various forms) and pro- prietary messaging apps have become very successful • The empire (of telcos) strikes back and tries to re- vitalize the success story of SMS (and MMS) with the Rich Communication Services (RCS) stan- dardized by the GSM Association in 2012 • On the technical side, RCS is based on HTTP(S), SIP(S), MSRP(S), and Session Initiation Protocol (S)RTP Message Session Relay Protocol • Google is also heading towards RCS with its Jibe platform and RCS client Messages (that replaces Google Allo) • Since November 2020, Google Messages imple- ments E2EE with the Signal protocol (beta release) • The outcome of this power game is open 2021 Rolf Oppliger Slide 10 2. Cryptographic Techniques • All approaches and solutions for secure Internet messaging are based on cryptography and cryptographic systems (cryptosystems) • There are many systems to choose from Unkeyed (keyless) Secret Key (symmetric) Public Key (asymmetric) • Random generators • Pseudorandom generators • Key establishment • Random functions • Pseudorandom functions • Asymmetric encryption • One-way functions • Symmetric encryption • Digital signatures • Hash functions • Message authentication • Public key certification • Authenticated encryption • Protocols 2021 Rolf Oppliger Slide 11 • The «conventional» approaches and solutions employ hybrid message encryption (aka «digital envelopes») and digital signatures E (k) E (m) D (m) pkB k skA Message m sent from A to B • The «modern» approaches and solutions employ • Ephemeral Diffie-Hellman key exchange To provide (perfect) forward secrecy • Ratchet-based key derivation and post-compromise security (PCS) • Message authentication codes (MACs) • Deniable authentication To provide plausible deniability • Malleable encryption (in contrast to nonrepudiation) • … 2021 Rolf Oppliger Slide 12 • Example (Diffie-Hellman key exchange) • Safe prime p = 23 → q = (23-1)/2 = 11 is a also prime (i.e., Sophie Germain prime) * • Z23 = {1,2,…,22} has subgroup G = {1,2,3,4, 6,8,9,12,13,16,18} with |G| = q = 11 elements • 3 is a generator of G (i.e., 30 = 1, 31 = 3, 32 = 9, 33 = 4, 34 = 12, 35 = 13, 36 = 16, 37 = 2, 38 = 6, 39 = 18, and 310 = 8) • G and g are input parameters 6 • A randomly selects xa= 6 and computes ya = 3 mod 23 = 16 9 • B randomly selects xb= 9 and computes yb = 3 mod 23 = 18 • A and B exchange their y-values, i.e., ya and yb • A computes 186 mod 23 = 8 • B computes 169 mod 23 = 8 • 8 is the shared secret 2021 Rolf Oppliger Slide 13 • The notion of (perfect) forward secrecy has a long tradition in crypto- graphic protocol design (e.g., IPsec/IKE) • The notion of post-compromise security (PCS) is relatively new, subtle, and maybe even illusive • In either case, the question is whether (past or future) communications can be protected in spite of a compromise of a long-term key 2021 Rolf Oppliger Slide 14 3. «Conventional» Approaches and Solutions • The «conventional» approaches and solutions are based on hybrid message encryption and digital signatures • This is true for Privacy Enhanced Mail (PEM) and MIME Object Security Services (MOSS) • It is also true for PGP/OpenPGP and Secure MIME (S/MIME) • For more than 15 years (early 1990s to mid-2000) it was thought that secure Internet messaging was a solved problem • But something went wrong and people did not really use the respective solutions 2021 Rolf Oppliger Slide 15 • There are many usability concerns (related to PGP/OpenPGP) • Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 (1999) • Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express (2005) • Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client (2015) • … • S/MIME is better integrated into MUAs (e.g., Microsoft Outlook), and hence the usability concerns are less obvious • But S/MIME still requires users to make informed decisions and public key certificates to be available in the field • There are recent discussions about the security of S/MIME and PGP/ OpenPGP (e.g., EFAIL, signature spoofing attacks, … ) 2021 Rolf Oppliger Slide 16 PGP/OpenPGP • Pretty Good Privacy (PGP) was originally developed by Phil Zimmermann in 1991 ( 30 years ago) • It natively used IDEA, MD5, and RSA • Due to a patent litigation, PGP was modified to incorpo- rate the RSAREF library of RSA Security • PGP was the focal point of Cypto War II • In 1997, the IETF chartered an Open Specification for Pretty Good Privacy (openpgp) WG that remained active until 2017 • The result is OpenPGP that is currently specified in RFC 4880 (OpenPGP Message Format) and RFC 3156 (MIME Security with OpenPGP) 2021 Rolf Oppliger Slide 17 • Today, there are many implementations of OpenPGP – for many MUAs on multiple platforms • Either the MUAs natively support OpenPGP, or plug-ins provide the res- pective functionality • Most importantly, there is a free software implementation known as GNU Privacy Guard (GnuPG or GPG) • GPG was originally developed by Werner Koch on behalf of a German ministry • It was later taken over by the GnuPG Project and raised € 36,732 in crowdfunding in February 2014 • Today, GnuPG is further developed and is currently the most widely deployed implemention of Open- PGP (at least in Europe) 2021 Rolf Oppliger Slide 18 • An OpenPGP message can be sent in the message body part of an RFC 5322-compliant message • Enrypted (digitally enveloped) message • Digitally signed message 2021 Rolf Oppliger Slide 19 • In many situations it is advantageous to combine PGP and OpenPGP with the Multi-purpose Internet Mail Extensions (MIME) system • RFC 1847 specifies 2 security multiparts • multipart/encrypted • multipart/signed • RFC 3156 specifies 3 content types (or «protocol» parameters) • application/pgp-encrypted • application/pgp-signature • application/pgp-keys 2021 Rolf Oppliger Slide 20 • Exemplary message (digitally signed and enveloped) 2 multiparts decrypt 2021 Rolf Oppliger Slide 21 • Messages are always processed in the same order • Digital signature • Compression • Encryption • Transfer encoding • PGP/OpenPGP uses a distinct for- mat for public key certificates and a web of trust • The cryptographic algorithms are currently being updated to meet the state of the art 2021 Rolf Oppliger Slide 22 S/MIME • In the second half of the 1990s, Secure MIME (S/MIME) evolved from PEM and MOSS • Version 1 (1995) • Version 2 (1998, RFCs 2311, 2312) • Version 3 (1999, RFCs 2630, 2631, 2632, 2633, 2634) • Version 3 was updated twice • Version 3.1 (2004, RFCs 3850, 3851) • Version 3.2 (2010, RFCs 5750, 5751, 5752) • S/MIME version 4.0 (RFCs 8550, 8551) was officially released in 2019 2021 Rolf
Load more

Recommended publications
  • MASTERCLASS GNUPG MASTERCLASS You Wouldn’T Want Other People Opening Your Letters and BEN EVERARD Your Data Is No Different
    MASTERCLASS GNUPG MASTERCLASS You wouldn’t want other people opening your letters and BEN EVERARD your data is no different. Encrypt it today! SECURE EMAIL WITH GNUPG AND ENIGMAIL Send encrypted emails from your favourite email client. our typical email is about as secure as a The first thing that you need to do is create a key to JOHN LANE postcard, which is good news if you’re a represent your identity in the OpenPGP world. You’d Ygovernment agency. But you wouldn’t use a typically create one key per identity that you have. postcard for most things sent in the post; you’d use a Most people would have one identity, being sealed envelope. Email is no different; you just need themselves as a person. However, some may find an envelope – and it’s called “Encryption”. having separate personal and professional identities Since the early 1990s, the main way to encrypt useful. It’s a personal choice, but starting with a single email has been PGP, which stands for “Pretty Good key will help while you’re learning. Privacy”. It’s a protocol for the secure encryption of Launch Seahorse and click on the large plus-sign email that has since evolved into an open standard icon that’s just below the menu. Select ‘PGP Key’ and called OpenPGP. work your way through the screens that follow to supply your name and email address and then My lovely horse generate the key. The GNU Privacy Guard (GnuPG), is a free, GPL-licensed You can, optionally, use the Advanced Key Options implementation of the OpenPGP standard (there are to add a comment that can help others identify your other implementations, both free and commercial – key and to select the cipher, its strength and set when the PGP name now refers to a commercial product the key should expire.
    [Show full text]
  • Biting Into Forbidden Fruit
    Biting into the forbidden fruit Lessons from trusting Javascript crypto Krzysztof Kotowicz, OWASP Appsec EU, June 2014 About me • Web security researcher • HTML5 • UI redressing • browser extensions • crypto • I was a Penetration Tester @ Cure53 • Information Security Engineer @ Google Disclaimer: “My opinions are mine. Not Google’s”. Disclaimer: All the vulns are fixed or have been publicly disclosed in the past. Introduction JS crypto history • Javascript Cryptography Considered Harmful http://matasano.com/articles/javascript- cryptography/ • Final post on Javascript crypto http://rdist.root.org/2010/11/29/final-post-on- javascript-crypto/ JS crypto history • Implicit trust in the server to deliver the code • SSL/TLS is needed anyway • Any XSS can circumvent the code • Poor library quality • Poor crypto support • No secure keystore • JS crypto is doomed to fail Doomed to fail? Multiple crypto primitives libraries, symmetric & asymmetric encryption, TLS implementation, a few OpenPGP implementations, and a lot of user applications built upon them. Plus custom crypto protocols. https://crypto.cat/ https://www.mailvelope.com/ http://openpgpjs.org/ JS crypto is a fact • Understand it • Look at the code • Find the vulnerabilities • Analyze them • Understand the limitations and workarounds • Answer the question: can it be safe? JS crypto vulns in the wild • Language issues • Caused by a flaw of the language • Web platform issues • Cased by the web • Other standard bugs • out of scope for this presentation Language issues Language issues matter
    [Show full text]
  • A Decentralized Private Marketplace: DRAFT 0.1
    A Decentralized Private Marketplace: DRAFT 0.1 Ido Kaiser1 Abstract— The online services we use are increasingly de- structure provided by the Bitcoin blockchain but is equally manding more of our personal data, a disturbing trend that applicable to any of it derivatives, meaning the marketplace threatens the privacy of users on a global scale. Entities such as is indifferent about the underlying cryptocurrency used for Google, Facebook and Yahoo have grown into colossal, seem- ingly unaccountable corporations by monetizing their users’ payments. personal data. These entities are charged with keeping said data secure and, in the case of social and economic interactions, II. HIGH LEVEL OVERVIEW safeguarding the privacy of their users. Centralized security The overview consists of two main components: a models are not applicable to the new generation of technologies blockchain and a data storage network. Technically speaking such as Bitcoin. This paper discusses a system which combines these networks can operate over the same set of nodes. But a Bitmessage-style network with anonymous payment schemes to create a privacy-centric marketplace. Furthermore we apply for clarity we separate them to highlight that it does not have a multi-signature escrow technique involving insurance deposits to be the same set. should which deter fraudulent actors from participating in trades, given that their incentive is to make a profit. A. Blockchain The blockchain is typically tasked with processing pay- I. INTRODUCTION ments but for our purpose it will also be storing the market- Satoshi Nakamoto, the visionary and creator of Bitcoin[1], place index and the identities.
    [Show full text]
  • January 2020 Zillman Column
    2020 Guide to Online Privacy Resources and Tools By Marcus P. Zillman, M.S., A.M.H.A. Executive Director - Virtual Private Library http://www.VirtualPrivateLibrary.org The January 2020 Zillman Column features the 2020 Guide to Online Privacy Resources and Tools and is a very comprehensive listing of Internet and Web privacy resources, sources and sites on the Internet for the latest competent sources and research. The below list of sources is taken partially from my Subject Tracer™ white paper titled Privacy Resources 2020 and is constantly updated with Subject Tracer™ bots at the following URL: http://www.PrivacyResources.info/ http://www.StealthMode.info/ These resources and sources will help you to discover the many pathways available through the Internet to find the latest Internet and web search and discovery research, resources, sources and sites. As this site is constantly updated it would be to your benefit to bookmark and return to the above URL frequently. Figure 1: 2020 Guide to Online Privacy Resources and Tools 1 January 2020 Zillman Column – 2020 Guide to Online Privacy Resources and Tools http://www.zillmancolumns.com/ [email protected] eVoice: (800) 858-1462 © 2020 Marcus P. Zillman, M.S., A.M.H.A. 2020 Guide to Online Privacy Resources and Tools: 10 Best Security and Privacy Apps for Smartphones and Tablets http://drippler.com/drip/10-best-security-privacy-apps-smartphones-tablets 10 Minute Mail http://10minutemail.com/10MinuteMail/index.html 10 Privacy Gadgets To Help You Keep a Secret http://www.popsci.com/keep-your-secrets-a-secret
    [Show full text]
  • A History of End-To-End Encryption and the Death of PGP
    25/05/2020 A history of end-to-end encryption and the death of PGP Hey! I'm David, a security engineer at the Blockchain team of Facebook (https://facebook.com/), previously a security consultant for the Cryptography Services of NCC Group (https://www.nccgroup.com). I'm also the author of the Real World Cryptography book (https://www.manning.com/books/real-world- cryptography?a_aid=Realworldcrypto&a_bid=ad500e09). This is my blog about cryptography and security and other related topics that I Ûnd interesting. A history of end-to-end encryption and If you don't know where to start, you might want to check these popular the death of PGP articles: posted January 2020 - How did length extension attacks made it 1981 - RFC 788 - Simple Mail Transfer Protocol into SHA-2? (/article/417/how-did-length- extension-attacks-made-it-into-sha-2/) (https://tools.ietf.org/html/rfc788) (SMTP) is published, - Speed and Cryptography the standard for email is born. (/article/468/speed-and-cryptography/) - What is the BLS signature scheme? (/article/472/what-is-the-bls-signature- This is were everything starts, we now have an open peer-to-peer scheme/) protocol that everyone on the internet can use to communicate. - Zero'ing memory, compiler optimizations and memset_s (/article/419/zeroing-memory- compiler-optimizations-and-memset_s/) 1991 - The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations The US government introduces the 1991 Senate Bill 266, (/article/461/the-9-lives-of-bleichenbachers- which attempts to allow "the Government to obtain the cat-new-cache-attacks-on-tls- plain text contents of voice, data, and other implementations/) - How to Backdoor Di¸e-Hellman: quick communications when appropriately authorized by law" explanation (/article/360/how-to-backdoor- from "providers of electronic communications services di¸e-hellman-quick-explanation/) and manufacturers of electronic communications - Tamarin Prover Introduction (/article/404/tamarin-prover-introduction/) service equipment".
    [Show full text]
  • Wiretapping End-To-End Encrypted Voip Calls Real-World Attacks on ZRTP
    Institute of Operating Systems and Computer Networks Wiretapping End-to-End Encrypted VoIP Calls Real-World Attacks on ZRTP Dominik Schürmann, Fabian Kabus, Gregor Hildermeier, Lars Wolf, 2017-07-18 wiretapping difficulty End-to-End Encryption SIP + DTLS-SRTP (SIP + Datagram Transport Layer Security-SRTP) End-to-End Encryption & Authentication SIP + SRTP + ZRTP Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time Transport Protocol) 2017-07-18 Dominik Schürmann Wiretapping End-to-End Encrypted VoIP Calls Page 2 of 13 wiretapping difficulty End-to-End Encryption & Authentication SIP + SRTP + ZRTP Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time Transport Protocol) End-to-End Encryption SIP + DTLS-SRTP (SIP + Datagram Transport Layer Security-SRTP) 2017-07-18 Dominik Schürmann Wiretapping End-to-End Encrypted VoIP Calls Page 2 of 13 wiretapping difficulty Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time
    [Show full text]
  • M&A @ Facebook: Strategy, Themes and Drivers
    A Work Project, presented as part of the requirements for the Award of a Master Degree in Finance from NOVA – School of Business and Economics M&A @ FACEBOOK: STRATEGY, THEMES AND DRIVERS TOMÁS BRANCO GONÇALVES STUDENT NUMBER 3200 A Project carried out on the Masters in Finance Program, under the supervision of: Professor Pedro Carvalho January 2018 Abstract Most deals are motivated by the recognition of a strategic threat or opportunity in the firm’s competitive arena. These deals seek to improve the firm’s competitive position or even obtain resources and new capabilities that are vital to future prosperity, and improve the firm’s agility. The purpose of this work project is to make an analysis on Facebook’s acquisitions’ strategy going through the key acquisitions in the company’s history. More than understanding the economics of its most relevant acquisitions, the main research is aimed at understanding the strategic view and key drivers behind them, and trying to set a pattern through hypotheses testing, always bearing in mind the following question: Why does Facebook acquire emerging companies instead of replicating their key success factors? Keywords Facebook; Acquisitions; Strategy; M&A Drivers “The biggest risk is not taking any risk... In a world that is changing really quickly, the only strategy that is guaranteed to fail is not taking risks.” Mark Zuckerberg, founder and CEO of Facebook 2 Literature Review M&A activity has had peaks throughout the course of history and different key industry-related drivers triggered that same activity (Sudarsanam, 2003). Historically, the appearance of the first mergers and acquisitions coincides with the existence of the first companies and, since then, in the US market, there have been five major waves of M&A activity (as summarized by T.J.A.
    [Show full text]
  • CS 255: Intro to Cryptography 1 Introduction 2 End-To-End
    Programming Assignment 2 Winter 2021 CS 255: Intro to Cryptography Prof. Dan Boneh Due Monday, March 1st, 11:59pm 1 Introduction In this assignment, you are tasked with implementing a secure and efficient end-to-end encrypted chat client using the Double Ratchet Algorithm, a popular session setup protocol that powers real- world chat systems such as Signal and WhatsApp. As an additional challenge, assume you live in a country with government surveillance. Thereby, all messages sent are required to include the session key encrypted with a fixed public key issued by the government. In your implementation, you will make use of various cryptographic primitives we have discussed in class—notably, key exchange, public key encryption, digital signatures, and authenticated encryption. Because it is ill-advised to implement your own primitives in cryptography, you should use an established library: in this case, the Stanford Javascript Crypto Library (SJCL). We will provide starter code that contains a basic template, which you will be able to fill in to satisfy the functionality and security properties described below. 2 End-to-end Encrypted Chat Client 2.1 Implementation Details Your chat client will use the Double Ratchet Algorithm to provide end-to-end encrypted commu- nications with other clients. To evaluate your messaging client, we will check that two or more instances of your implementation it can communicate with each other properly. We feel that it is best to understand the Double Ratchet Algorithm straight from the source, so we ask that you read Sections 1, 2, and 3 of Signal’s published specification here: https://signal.
    [Show full text]
  • 5.Sustainability
    P2Pvalue More than 95% of the cases surveyed use centralized servers to store the users’ data. Over the whole population of cases this would be lower, as less than 88% has a centralized architecture allowing for central storage. Index infrastructure provision On a scale of 1 to 9, half of the cases have less than 3, and 84.1% of the cases are at the intermediate level of the index (between 4 and 5). None of the cases are at the highest range of the index. 5.Sustainability Regarding the question of profitability versus non profitability character of infrastructure provision, what results from the data on the legal type of infrastructure provision (see table above as part of infrastructure provision section) is that non-profit organizations make up the majority of cases (57%), something that makes sense with the voluntary dimension of the majority of CBPP experiences. Nevertheless, we consider it important to highlight that 28.9% of the cases are for profit organizations, something that is closely related to the diffusion of hybrid cases in CBPP. The data on the type of organization connected to the case (see table at section infrastructure provider) notes that 25.1% of the cases are businesses, which is the second type of most common organization. What we highlight about this data concerning the main strategies to achieve economic sustainability is the high level of importance that is given to the non- monetary contributions. For instance, 51% of respondents assign a value of 10 to non-monetary contributions. Instead, when we analyze all the other strategies of sustainability, the median is very low.
    [Show full text]
  • Group Messaging for Secure Asynchronous Collaboration
    Group Messaging for Secure Asynchronous Collaboration Matthew A. Weidner Churchill College A dissertation submitted to the University of Cambridge in partial fulfilment of the requirements for the degree of Master of Philosophy in Advanced Computer Science University of Cambridge Computer Laboratory William Gates Building 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom Email: [email protected] June 6, 2019 Declaration of originality I, Matthew A. Weidner of Churchill College, being a candidate for the M.Phil in Advanced Computer Science, hereby declare that this report and the work described in it are my own work, unaided except as may be specified below, and that the report does not contain material that has already been used to any substantial extent for a comparable purpose. The word count excludes appendices. Signed: Date: This dissertation is copyright c 2019 Matthew A. Weidner. All trademarks used in this dissertation are hereby acknowledged. Acknowledgements I would like to thank my supervisors, Dr. Alastair Beresford and Dr. Martin Kleppmann, for their time and valuable input on this project throughout the year, including feedback on multiple drafts of this dissertation. I also thank Michael Dodson for providing feedback on a draft of Chapter 4. I was supported by a Churchill Scholarship from the Winston Churchill Foundation of the USA. Group Messaging for Secure Asynchronous Collaboration Abstract End-to-end encrypted applications improve users' privacy by making their data unread- able to anyone besides their intended recipients. In particular, their data is unreadable to application servers. Although end-to-end encryption is currently deployed only for messaging apps, recent academic work shows that it is possible to create end-to-end en- crypted asynchronous collaborative applications, like Google Docs but without a trusted server, by layering Conflict-free Replicated Data Types (CRDTs) on top of a secure group messaging protocol.
    [Show full text]
  • Copyrighted Material
    Stichwortverzeichnis A B Abstreitbarkeit 167 Bequemlichkeit 30 Adblocker 96 Bitcoin 110 – Adblock Plus 96 Blackberry 215 – Disconnect 96 Bookmarks siehe Favoriten – Ghostery 96 Browser 68, 75 – Privacy Badger 96 – Add-on 87, 90 – uBlock 97 – Apple Safari 77 Add-on – Cache 88 – Browser 87, 90 – Chromium 78 – E-Mail-Client 126 – Chronik 87 – Enigmail siehe Enigmail – Fingerprinting 85, 98 – GpgOL 137 – Google Chrome 77 – Mailvelope 130, 132 – HTML-Engine 80 – Thunderbird 139 – Hygiene 88 Adium 170 – Iceweasel 78 Advanced Programming Interface (API) 90, – Inkognito-Modus 86 182 – integrierte Suche 84 Android – Internet Explorer 77 – Android Privacy Guard (App) 156 – Konqueror 78 – K9 Mail (E-Mail-Client) 156 – Microsoft Edge 92 – OpenKeychain (App) 156 – Midori 78 – PGP 156 – Mosaic 68 – R2Mail2 (E-Mail-Client) 158 – Mozilla Firefox 68, 76 – S/MIME 156 – Netscape Navigator 68 Anonymität 206 COPYRIGHTED– Opera 77MATERIAL AOL Instant Messenger (AIM) 164 – Plug-in 87 Apple Mail – Prole (Identitäten) 87 – PGP 145 – Synchronisation von Einstellungen – S/MIME 155 86 Authentizierung 167, 169, 176, 179 – Web (Epiphany) 78 – Adium 172 Buffer Overow 82 – Multifaktor- 201 Bugs 82 – Pidgin 169 Bundesamt für Sicherheit in der Informations- Authentizität 29, 54, 56 technik (BSI) 215 233 Stichwortverzeichnis C – E-Mail-Adresse 119 Caesar-Chiffre 36 – Header 121 Certicate Authority siehe Zertizierungsstelle – Provider 129, 131, 139 Chain of Trust siehe Web of Trust – Server 122 Chaos Computer Club (CCC) 133 Eingangsverschüsselung 125 Chat 161 Electronic
    [Show full text]
  • Policy Options and Regulatory Mechanisms for Managing Radicalization on the Internet
    Policy options and regulatory mechanisms for managing radicalization on the Internet Paris, 30 September 2016 “[…] I firmly believe that in a free democratic society, freedom of speech and expression is one of the most prized freedoms which must be defended and upheld at any cost and this should be particularly so in the land of Voltaire. It is indeed unfortunate that in the world of today, when science and technology have advanced the frontiers of knowledge and mankind is beginning to realize that human happiness can be realized only through inter-dependence and cooperation, the threshold of tolerance should be going down. It is high time man should realize his spiritual dimension and replace bitterness and hatred by love and compassion, tolerance and forgiveness.” Justice Prafullachandra Bhagwati Dan Shefet (Individual Specialist) ACKNOWLEDGEMENTS The author wishes to thank the following for their support, valuable advice and input throughout the drafting of the Report: Dr. Indrajit Banerjee and his team in UNESCO’s Knowledge Societies Division The UNESCO Delegates and Ministries of Justice/Interior of countries that have participated in the Country Survey. Alexander Linden, Honorary advisor to the French Supreme Court Janice Duffy, Researcher, Australia Pavan Duggal, Supreme Court Lawyer, India Tom Høyem, Former Minister in Denmark under Poul Schlüter Francesca Musiani, Researcher at the CNRS Institute for Communication Sciences and Member of the French National Assembly’s Commission on the Law and Rights in the Digital Era Sami Mahbouli, Lawyer at The Tunisian Supreme Court and Columnist Sabine Leutheusser-Schnarrenberger, Former Minister of Justice under Angela Merkel Marc Randazza, First Amendment Attorney, United States Viswa Sadasivan, CEO of Strategic Moves (Consultancy agency in Singapore) and former member of the Singaporean Parliament Mr K.
    [Show full text]