Cryptographic Tools For Everyday Use Aleksandar Nikoli´c University of Novi Sad Faculty of Technical Sciences Chair of Informatics [email protected] April 12, 2013 Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 1 / 28 Overview 1 Introduction 2 The Tools Pretty Good Privacy TrueCrypt OpenVPN Tor 3 Conclusion Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 2 / 28 Introduction Introduction What is this lecture about? Introducing the tools everybody can use and benefit from. Practical lecture - hands-on approach. Open Source, Free, High-grade Cryptographic tools: Encrypted eMail TrueCrypt OpenVPN Tor Project Cipherpunks and Cryptowars Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 3 / 28 Introduction Cypherpunks and Cryptowars In early 90ies, governments wanted to regulate the use and export rights for cryptographic code. Many individuals and organizations concerned with their privacy and protecting their data were engaged in a struggle against these governmental initiatives. Cypherpunk is an activist that advocates the use and availability of strong cryptography for privacy, security, and as means against censorship. To some degree, cypherpunks have won the cryptowars and enabled the availability of strong ciphers for everybody. Well, almost everybody. Some governments still limit the strength of ciphers their citizens can use. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 4 / 28 Introduction Notable cypherpunks are Matt Blaze (Clipper chip flaw), Daniel J. Bernstein (Export laws), Philip Zimmermann (PGP Book). Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 5 / 28 The Tools Cypherpunks and Cryptowars In this section, we will introduce a few freely available cryptographic tools that can make your life easier and less worrisome. For each tool, we will present a hypothetical situation where it can be useful. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 6 / 28 The Tools Pretty Good Privacy Pretty Good Privacy Securing email communication Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 7 / 28 The Tools Pretty Good Privacy What problems are we trying to solve? Say your inbox falls into the wrong hands. Lets assume you keep your eMail account secure, but people you send eMail to might not. Mail can be intercepted. Mail sender and other data can be faked. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 8 / 28 The Tools Pretty Good Privacy Pretty Good Privacy - Secure eMail Developed by Phil Zimmerman. Allows both signing and encryption of eMail communication. Relies on the Web Of Trust. Can be used for other purposes as well. OpenPGP standard. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 9 / 28 The Tools Pretty Good Privacy Pretty Good Privacy - How it works? You create public/private key pair. Public key can be published on key servers. http://pgp.mit.edu/ http://keyserver.pgp.com Use private key to sign eMails. Recipient uses your public key to verify. Use recipients public key to encrypt. Recipient can decrypt using his own private key. How/why do we trust the keys? Exchanged either personally or over a secure channel. Or rely on the Web Of Trust. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 10 / 28 The Tools Pretty Good Privacy Thunderbird + Enigmail Thunderbird - free/open source email client. Enigmail - free/open source plugin for Thunderbird. Uses GPG and offers email encryption, signing, verification and key management. Easy key pair generation, publication, key importing. Lets see it in action! Install the tools. Generate the keys. Send and receive encrypted/signed mail. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 11 / 28 The Tools Pretty Good Privacy My PGP Info PGP ID: 0xC328C4D0 - can be used to find my key on the servers. Fingerprint: BEFA 4A5F 902D C9CB 887E 3D54 3DDB D334 C328 C4D0 Public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.0 mQENBEiGI4oBCADp+fRsRevEhZAq+9pU4/5gpCZr3soKARWsHUIEzq14gTgQvEjKBivNss7F +NV35A/09Qgwanjo6lUKZy/oF1y6PChyJrhpeP1ub1Xx2vrtEA24fLBgcv/gmShOY+PlJOUl 4NJrwIOq6NEBJ8sGMXRrBpl5K8yPfbEc6LNa4JRIvKZxT1qdeGzM+tm3FFWOQHIxqTWlBncM vO4pWmoqjbdAFvx/iDgDWma/3PbdQ4UEjOQdHpuvxEJOgHiTDqjK6gh9NK/hbqCKsBIEGrGf SWlCNcTD6wLtTXF79N4iRYgbG/3piJDBNq3zwBaRI5c3mdWBGKPF8yDxR509cIt63IvFABEB AAG0J0FsZWtzYW5kYXIgTmlrb2xpYyA8YW5pa29saWNAdW5zLmFjLnJzPokBNgQTAQIAIAUC TBiGKwIbLwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJED3b0zTDKMTQp2oIALn4rfvFgPjx Wds2Bd3FxqspgVNdYSHTgpQhNwEMy1hfo1W7umx+e27A3UB7ScG97VoQRCgSZ506Rf8q8+QM XoPEsJZz6IJbd1b5YmmEN3mMZ3l1gNVt0hSRz6A4h/+Lq5cBg7G2xsv/rHfnxtzH9kjVe74Q k0ItXweG5mZR1/PnnpW/JyUcmBp0jKCVgXf5pwdP5Ntqg6SirG9I8thdxmwzuL2hBHbvh6iW dk5v6Px9Jwx3s0FNDFyMH0LEDPPfmpRUVsDhiNefQx68raFqBYha0OBNfUYowkYAZ9EHZK0Q OcOBnw04DMt5TefD0BjbzgcJ9GDWEfyqzWfn6YBXZAS0K0FsZWtzYW5kYXIgTmlrb2xpYyA8 bmlrb2xpYy5hbGVrQGdtYWlsLmNvbT6JATYEEwECACAFAkiGI4oCGy8GCwkIBwMCBBUCCAME FgIDAQIeAQIXgAAKCRA929M0wyjE0LzJB/4rCbrFo3Yqqow+8xPCAUekl0m+rSPy1m2yFqaY ufl+OWHd8lhH9w44BytX+9W7laUWzxleH5/9QjjQ8g/Jqi/kSjBUQZkLZxexyWSUV59FrgPS dWeKGM3mOIKVEU0FJebgGkmOG0XHHC3u5d8inK+g0IPeycJyWB0eHhDYe/VnodSXg9oIeeem wP/Pruf3drjHFDLzQkAh9PbfxQxbQFnSOO51mq5MDmfGo+CSH7YPximNY3LvrAkh+u0fgomq V0hu1Eg3ls6AdczDNRHMmlETqfcdrQTIrBRlx2NsHgo/4cygFjCV3gXi+ofcd4eVX0Avha+3 1N9lKw2mAB08IQwT =Ucln -----END PGP PUBLIC KEY BLOCK----- Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 12 / 28 The Tools TrueCrypt TrueCrypt File and disk encryption Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 13 / 28 The Tools TrueCrypt What problem does it solve? Say your laptop gets stolen. Or you simply lose your USB flash drive. Or someone accesses your computer while you are not around. Not just for storage, for sending files too. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 14 / 28 The Tools TrueCrypt TrueCrypt - Data Encryption Free/Open Source software offering high grade file and disk encryption. Performs on-the-fly encryption/decryption and has minimal effect on your work. Supports many different modes: Creating simple file containers - mounted as virtual hard drives. Full disk encryption - whole drive protected. System disk encryption - secure whole operating system from boot up. Allows plausible deniability by creating hidden volumes. A volume inside a volume. One as a decoy and one containing actual data, two passwords. Reveal only decoy volume password. No way to prove existence of hidden volume. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 15 / 28 The Tools TrueCrypt Creating containers and encrypting files Crucial to choose a strong passphrase. Whole volume is encrypted using a specified symmetric cipher. Passphrase is hashed. The container can be moved around. When mounted appears as a new hard drive. Lets see it in action: Create the volume. Encrypt files. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 16 / 28 The Tools OpenVPN OpenVPN Creating secure tunnels over insecure channel Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 17 / 28 The Tools OpenVPN What problem does it solve? Say you are in a caf´e, connected to open wireless network. You are connected to the Internet over an insecure channel (tho Internet itself can be considered insecure channel). How do you know the WiFi network isn’t monitored, password captured, data logged . By creating a secure tunnel to a known trusted gateway, we can use an insecure channel in a secure manner. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 18 / 28 The Tools OpenVPN OpenVPN - Secure Internet Tunnel VPN - Virtual Private Networks Creating virtual networks over internet. OpenVPN - free/open source implementation. Enables creation of encrypted communication over untrusted channel. Provides added privacy. You can set up your own server and there are many online providers. Some even say that they don’t keep the logs, which would make your connection virtually untraceable. Except that they probably do keep the logs. Don’t rely on VPN for anonymity! Use it only for keeping your data private over an insecure channel. Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 19 / 28 The Tools OpenVPN Using OpenVPN Can use various ciphers, highly configurable. Public/private keys used for authentication. Appears as a new (virtual) network interface on the system (usually denoted tun0 and tap0). By adding a default route to configuration, all your network traffic, after you are connected to the VPN, will go trough the VPN tunnel. Lets see how it works! Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 20 / 28 The Tools Tor The Onion Router Browser Internet Anonymously Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 21 / 28 The Tools Tor What problem does it solve? Say you are a journalist, working on a sensitive investigation. Or a human rights activist, spreading sensitive information. Or a Law Enforcement Officer investigating known criminals. Sometimes you don’t want your Internet browsing to lead back to you. It can be very unhealthy to have criminals and/or governments against you :) Aleksandar Nikoli´c (FTN) Cryptography for The Masses April 12, 2013 22 / 28 The Tools Tor Tor - Anonymous Internet Access The Onion Router Project - free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business