Cryptographic Tools For Everyday Use
Aleksandar Nikoli´c
University of Novi Sad Faculty of Technical Sciences Chair of Informatics [email protected]
April 12, 2013
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 1 / 28 Overview
1 Introduction
2 The Tools Pretty Good Privacy TrueCrypt OpenVPN Tor
3 Conclusion
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 2 / 28 Introduction Introduction
What is this lecture about? Introducing the tools everybody can use and benefit from. Practical lecture - hands-on approach. Open Source, Free, High-grade Cryptographic tools: Encrypted eMail TrueCrypt OpenVPN Tor Project Cipherpunks and Cryptowars
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 3 / 28 Introduction Cypherpunks and Cryptowars
In early 90ies, governments wanted to regulate the use and export rights for cryptographic code. Many individuals and organizations concerned with their privacy and protecting their data were engaged in a struggle against these governmental initiatives. Cypherpunk is an activist that advocates the use and availability of strong cryptography for privacy, security, and as means against censorship. To some degree, cypherpunks have won the cryptowars and enabled the availability of strong ciphers for everybody. Well, almost everybody. Some governments still limit the strength of ciphers their citizens can use. . .
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 4 / 28 Introduction
Notable cypherpunks are Matt Blaze (Clipper chip flaw), Daniel J. Bernstein (Export laws), Philip Zimmermann (PGP Book). . .
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 5 / 28 The Tools Cypherpunks and Cryptowars
In this section, we will introduce a few freely available cryptographic tools that can make your life easier and less worrisome. For each tool, we will present a hypothetical situation where it can be useful.
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 6 / 28 The Tools Pretty Good Privacy
Pretty Good Privacy Securing email communication
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 7 / 28 The Tools Pretty Good Privacy What problems are we trying to solve?
Say your inbox falls into the wrong hands. Lets assume you keep your eMail account secure, but people you send eMail to might not. Mail can be intercepted. Mail sender and other data can be faked.
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 8 / 28 The Tools Pretty Good Privacy Pretty Good Privacy - Secure eMail
Developed by Phil Zimmerman. Allows both signing and encryption of eMail communication. Relies on the Web Of Trust. Can be used for other purposes as well. OpenPGP standard.
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 9 / 28 The Tools Pretty Good Privacy Pretty Good Privacy - How it works?
You create public/private key pair. Public key can be published on key servers. http://pgp.mit.edu/ http://keyserver.pgp.com Use private key to sign eMails. Recipient uses your public key to verify. Use recipients public key to encrypt. Recipient can decrypt using his own private key. How/why do we trust the keys? Exchanged either personally or over a secure channel. Or rely on the Web Of Trust.
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 10 / 28 The Tools Pretty Good Privacy Thunderbird + Enigmail
Thunderbird - free/open source email client. Enigmail - free/open source plugin for Thunderbird. Uses GPG and offers email encryption, signing, verification and key management. Easy key pair generation, publication, key importing. . . Lets see it in action! Install the tools. Generate the keys. Send and receive encrypted/signed mail.
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 11 / 28 The Tools Pretty Good Privacy My PGP Info
PGP ID: 0xC328C4D0 - can be used to find my key on the servers. Fingerprint: BEFA 4A5F 902D C9CB 887E 3D54 3DDB D334 C328 C4D0 Public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.0
mQENBEiGI4oBCADp+fRsRevEhZAq+9pU4/5gpCZr3soKARWsHUIEzq14gTgQvEjKBivNss7F +NV35A/09Qgwanjo6lUKZy/oF1y6PChyJrhpeP1ub1Xx2vrtEA24fLBgcv/gmShOY+PlJOUl 4NJrwIOq6NEBJ8sGMXRrBpl5K8yPfbEc6LNa4JRIvKZxT1qdeGzM+tm3FFWOQHIxqTWlBncM vO4pWmoqjbdAFvx/iDgDWma/3PbdQ4UEjOQdHpuvxEJOgHiTDqjK6gh9NK/hbqCKsBIEGrGf SWlCNcTD6wLtTXF79N4iRYgbG/3piJDBNq3zwBaRI5c3mdWBGKPF8yDxR509cIt63IvFABEB AAG0J0FsZWtzYW5kYXIgTmlrb2xpYyA8YW5pa29saWNAdW5zLmFjLnJzPokBNgQTAQIAIAUC TBiGKwIbLwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJED3b0zTDKMTQp2oIALn4rfvFgPjx Wds2Bd3FxqspgVNdYSHTgpQhNwEMy1hfo1W7umx+e27A3UB7ScG97VoQRCgSZ506Rf8q8+QM XoPEsJZz6IJbd1b5YmmEN3mMZ3l1gNVt0hSRz6A4h/+Lq5cBg7G2xsv/rHfnxtzH9kjVe74Q k0ItXweG5mZR1/PnnpW/JyUcmBp0jKCVgXf5pwdP5Ntqg6SirG9I8thdxmwzuL2hBHbvh6iW dk5v6Px9Jwx3s0FNDFyMH0LEDPPfmpRUVsDhiNefQx68raFqBYha0OBNfUYowkYAZ9EHZK0Q OcOBnw04DMt5TefD0BjbzgcJ9GDWEfyqzWfn6YBXZAS0K0FsZWtzYW5kYXIgTmlrb2xpYyA8 bmlrb2xpYy5hbGVrQGdtYWlsLmNvbT6JATYEEwECACAFAkiGI4oCGy8GCwkIBwMCBBUCCAME FgIDAQIeAQIXgAAKCRA929M0wyjE0LzJB/4rCbrFo3Yqqow+8xPCAUekl0m+rSPy1m2yFqaY ufl+OWHd8lhH9w44BytX+9W7laUWzxleH5/9QjjQ8g/Jqi/kSjBUQZkLZxexyWSUV59FrgPS dWeKGM3mOIKVEU0FJebgGkmOG0XHHC3u5d8inK+g0IPeycJyWB0eHhDYe/VnodSXg9oIeeem wP/Pruf3drjHFDLzQkAh9PbfxQxbQFnSOO51mq5MDmfGo+CSH7YPximNY3LvrAkh+u0fgomq V0hu1Eg3ls6AdczDNRHMmlETqfcdrQTIrBRlx2NsHgo/4cygFjCV3gXi+ofcd4eVX0Avha+3 1N9lKw2mAB08IQwT =Ucln -----END PGP PUBLIC KEY BLOCK-----
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 12 / 28 The Tools TrueCrypt
TrueCrypt File and disk encryption
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 13 / 28 The Tools TrueCrypt What problem does it solve?
Say your laptop gets stolen. . . Or you simply lose your USB flash drive. . . Or someone accesses your computer while you are not around. . . Not just for storage, for sending files too.
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 14 / 28 The Tools TrueCrypt TrueCrypt - Data Encryption
Free/Open Source software offering high grade file and disk encryption. Performs on-the-fly encryption/decryption and has minimal effect on your work. Supports many different modes: Creating simple file containers - mounted as virtual hard drives. Full disk encryption - whole drive protected. System disk encryption - secure whole operating system from boot up. Allows plausible deniability by creating hidden volumes. A volume inside a volume. One as a decoy and one containing actual data, two passwords. Reveal only decoy volume password. No way to prove existence of hidden volume.
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 15 / 28 The Tools TrueCrypt Creating containers and encrypting files
Crucial to choose a strong passphrase. Whole volume is encrypted using a specified symmetric cipher. Passphrase is hashed. The container can be moved around. When mounted appears as a new hard drive. Lets see it in action: Create the volume. Encrypt files. . .
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 16 / 28 The Tools OpenVPN
OpenVPN Creating secure tunnels over insecure channel
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 17 / 28 The Tools OpenVPN What problem does it solve?
Say you are in a caf´e, connected to open wireless network. You are connected to the Internet over an insecure channel (tho Internet itself can be considered insecure channel). How do you know the WiFi network isn’t monitored, password captured, data logged . . . By creating a secure tunnel to a known trusted gateway, we can use an insecure channel in a secure manner.
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 18 / 28 The Tools OpenVPN OpenVPN - Secure Internet Tunnel
VPN - Virtual Private Networks Creating virtual networks over internet. OpenVPN - free/open source implementation. Enables creation of encrypted communication over untrusted channel. Provides added privacy. You can set up your own server and there are many online providers. Some even say that they don’t keep the logs, which would make your connection virtually untraceable. Except that they probably do keep the logs. Don’t rely on VPN for anonymity! Use it only for keeping your data private over an insecure channel.
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 19 / 28 The Tools OpenVPN Using OpenVPN
Can use various ciphers, highly configurable. Public/private keys used for authentication. Appears as a new (virtual) network interface on the system (usually denoted tun0 and tap0). By adding a default route to configuration, all your network traffic, after you are connected to the VPN, will go trough the VPN tunnel. Lets see how it works!
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 20 / 28 The Tools Tor
The Onion Router Browser Internet Anonymously
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 21 / 28 The Tools Tor What problem does it solve?
Say you are a journalist, working on a sensitive investigation. Or a human rights activist, spreading sensitive information. Or a Law Enforcement Officer investigating known criminals. Sometimes you don’t want your Internet browsing to lead back to you. It can be very unhealthy to have criminals and/or governments against you :)
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 22 / 28 The Tools Tor Tor - Anonymous Internet Access
The Onion Router Project - free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities. . . Prevents anyone from learning your location and browsing habits. A network of volunteer-run nodes. Two types of nodes: Tor relay - your connection bounces trough these nodes. Tor Exit Node - your connection appears to originate from one of these nodes. Your connection is bounced trough a number of random tor relays, exits trough an exit node, with no way of determining where it actually originated. Tor Hidden Service/Server - a server accessible only trough Tor network. No way to trace where it actually is.
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 23 / 28 The Tools Tor Tor browser bundle
Vidalia Bundle - A version of Firefox specially configured to be used with Tor. Easy and (at least theoretically) fool proof - just install and run. A prefered way of using Tor for non-technical people. Just remember, Tor gives you anonymity and not privacy. To achieve both, use Tor to connect to VPN gateway and in that order only! Lets see it in action!
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 24 / 28 The Tools Tor Tor - the bad sides
Can be used by criminals, terrorists, child predators . . . There are a number of shady hidden services: Silk Road - black market selling (amongst other things) every single drug known to man kind. Black Market Reloaded - similar idea. Various electronic criminal message boards and so on. . . I strongly advise against visiting any of these hidden services. Tor is a powerful technology and as such, can be used for evil as much as for good. Because of this, many major websites (Google, Facebook . . . ) filter Tor traffic in some way. In some countries it’s even illegal to use it. And some even actively try to block it. It should be used very responsibly, and not all the time as that may rise some suspicions you might not want.
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 25 / 28 Conclusion Conclusion
Availability of high-grade cryptographic algorithms and proper tools enables people to take greater control over their data. Everybody should take matters of privacy and security very seriously in this digital age. It’s good to have a healthy dose of paranoia, it doesn’t work retroactively. Technology is blind - it enables good and bad usage equally.
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 26 / 28 Conclusion
The End
Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 27 / 28