Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Introduction to Cryptography, PGP and disk encryption

Introduction to cryptography from the first Dublin Cryptoparty, 28th September 2012. Hosted by DU Pirate Party in TCD. This presentation is available under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported liscense
by

Donncha O Cearbhaill

on 5 February 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Introduction to Cryptography, PGP and disk encryption

#CryptoParty Introduction
What is a #CryptoParty?
They are events for interested parites "the most basic crypto programs and the fundamental concepts of their operation!"
Gonna assume most people are
using Windowz :(
TrueCrypt
/ LUKS

Disk encryption software.
Friday 28th September 2012
by @DonnchaC
(PGP: 0x5064B083 AEC10762 )
Hosted by DU Pirate Party
www.pirates.ie
CryptoParties allow us to teach, learn and share basic crypto tools

CryptoParties are free to attend, public, and are commercially non-aligned.
"Privacy is the power to selectively reveal oneself to the world."
- Cypherpunk Manifesto, 1993.
Why is cypto need?
Online privacy is impossible without cryptographic tools. Unfortunately most crypto tools can be non-user friendly and difficult to get started with.
Crypto is necessary for privacy in the digital age. Privacy isn't secrecy.
We currently live in a country with extensive DNS monitoring.
Why crypto is needed?
By the end of this cryptopsrty you should have a better idea of the privacy risks online.
What we hope to achieve
Eircom are currently blocking "The Piratebay by court order. To enable this they are intercepting DNS trafffic which is then filtered to block TPB
Online advertising companies such as Google and Facebook are reliant on building vast profiles based on your online activities.
Every page you view which uses Google Analytics or has a "Like" button is potentially recording and tracking your online activity.
You should be able to:
Understand the basic concepts of cryptography
Set up PGP encryption keys, send, receive and check message signatures securely
Understand the basics of disk encryption and setting up LUKS/TrueCrypt.
Using Tor/VPN's for anonymity and privacy online - covered later by @thomaskerin
They are not lectures, the talks will
be quick introductions.
Cryptoparties are
"parties"!
Primarily we will be helping one another set up these basic crypto tools and hopefully have some fun while we are at it.
Crypto 101
Cryptography is Dangerous
(and Beautiful)
The theory behind cryptography is solid and proven
Unfortunatly its all to easy to make mistakes. The software might not implement the crypto correctly.
Crypto can give a false sense of security
All issues from human error such as not securely removing original message after encryption
K.I.S.S
First Steps
Use strong passphrases
Threat Analysis
Know your adversary?
Privacy from online advertisers requires a different level of precautions and security when compared with journalists and activists working under repressive regimes
If possible use a phrase or sentence with the addition of some special characters
Don't use short passwords and NEVER write them down!
Classes of Cryptography
Symmetric
cryptography uses one key for encryption and decryption
Asymmetric
cryptography involves
a pair of keys. A public key for encryption and a private key for decryption
PGP / GPG Encryption
PGP (Pretty Good Privacy) is an example of asymetric encryption
Software implementing the PGP algorithm alllow you to encrypt, decrypt and digitally sign messages.
You share your public key with everyone. When a message is encrypted with your public key, only you, with the corresponding private
key will be able to decrypt it.
What does a key look like?
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQENBFAUQFABCADHRe1Q/jZnCjz7yz7zSz9lBuHzcGHfzCshL1FZSW+W3iENWNob
0iihmengF9sNLldYYyyDtTmOsJofy7j83rDNao8L+c+12hQae5ZyveHMarc7bzFo
LLXi1NuHYDZhYjLxeZ3IV2w2pEdWmS5t/ftoif2IMM2mQdk9UeE6fH3jfN5Zws0+
56apPzqeNgUbwBwtJ6kgK0tFbvD6XovKS6IuTXE35wAxYZ+IjY230bwXqvGrFAq1
DFB0Vbuiet0ndfaVW1jBk6+WXEeaUD1fBTGekbuQ7YYvpr+45aAm3p6zAYetxOJ+
x8myfwa8M8L5Xk1lLdYTI95tqQLNvZ+CExbdABEBAAG0IkRvbm5jaGEgPGRvbm5j
aGFjYXJyb2xsQGdtYWlsLmNvbT6JATgEEwECACIFAlAUQFACGwMGCwkIBwMCBhUI
AgkKCwQWAgMBAh4BAheAAAoJEFBksIOuwQdiG74IAITUl8lGoX9P0gg7neWau/Hw
2cCQmy8WA7C5MNPt6uNu11T8A5Il3NGzNZRg920uao2Fg0PXqvG93he1CPLHa+I3
Zu3hg+v4iPXhzzSPhrmw4A2Skn+QYXRei7XOtk7EXzwt/E3RErA7nzi2FIdm78rR
yBEPM9k0N24CX7/atpmwFxF2iP+FA7LGEMj+LkGVaMHUKXx5LRJyG51k90ENE5Ac
J8X5l12bWXteErhxVE0zSgJWkcGjEBFlaL7Qh2Wsu9wsMMP8BJIm3Dsq9S7sqrtf
e76TlOHeopwsrpBfWYM4TY4teFBYEibzPtD+H9hZFuBmww==
=nZ2d
-----END PGP PUBLIC KEY BLOCK-----
Sharing your Pub Key
Public key crypto works best when your key is very public.
Its easier for people to find your key and initiate private communications
There are public keyservers on the internet where you can submit your key and find others key by searching for there name or email
WARNING!!!
Public key crypto depends on your private key being kept priavte!
If it gets compromised by a malware infection or bad physical security of your devices, all your private communications can be compromised an adversery!
PGP has a lack of "forward-secrecy". An adversary able who can monitor your encrypted communications and subsequently compromises your private key via theft or subpoena will be able decrypt your messages!
Technical
Explanation
PGP can be used to sign and protect data from being altered
A special crypto function can be run on data to genrate a "signature"
This signature is created with authors private key. Anyone with their public key can then confirm the data matches the signiture and is unaltered
Very useful! We will verify downloads
with this method later.
OTR (Off-the-record)
The OTR protocol eliminates the forward-secrecy problem.
A unique session key is generated for each IM conversation and it is destroyed at its end.
A powerful adversary will not be able to retroactively decrypt intercepted encrypted messages
https://www.cypherpunks.ca/otr/
Unfortunately crypto alone cannot protect you from adversary who presents threats of detention and/or torture
IM plugin available
Disk Encryption
Also important to protect your data on disk as well as in communication
There are a number of well reviewed, open source, asymmetric disk encryption tools available such as TrueCrypt and LUKS
More on these later!
Feeling a bit lost?
Crypto theory and all the potential pitfalls can be overwhelming. But it is pretty easy to get started!
Getting GPG
https://www.gpgtools.org/ - OSX
http://www.gpg4win.org/ - Windows
Its important to ensure your download is valid and is not backdoored or compromised.
Verifying Downloads
This can be done via the use of hash check-sums. The file data is passed through a special mathematical function, the result, a hash will be very different even if there is only a small change in the original file
You can compare your download with checksums on source site.
There are numerous utilities available to perform hash calculations
Generating GPG Key Pairs
in Kleopatra
1. Send a PGP encrypted message to someone at the #cryptoparty.
Goals:
2. Decrypt a message sent to you
Click File -> New Certificate
Create a personal OpenPGP key pair.
Thanks to Khan Academy for the video
It is very important to secure your private key with a strong passphrase!
Create your key
Once your key pair is created its now time to export your public key to a keyserver.
People can now send you encrypted, private emails! Good job!
Send an encrypted
email
First you need to import the recipient's public key.
File -> Lookup Certificate on Server
Should be possible to find recipient by their email.
Once key is imported you can encrypt a message from text file.
File -> Sign / Encrypt Files
Sign & Encrypt
Select "Text Output"
#gpg --gen-keys
#gpg --list-keys

Export Keys
#gpg -a --export <key id OR email>
GPG for Linux
Import Keys:
#gpg --import keyfile.asc

Validate Fingerprints:
#gpg --fingerprint

Key Signing:
#gpg --edit-key <key id OR email> > sign
Truecrypt and LUKS allow you to encrypt files, partitions or total physical drives.

Truecrypt offers complete encryption where a passphrase must be entered before the system will boot.
Truecrypt also offers hidden volumes
These provide plausable deniability
You can have a encrypted volume which contains non-sensitive data. You can place a hidden volume inside of it which contains your sensitive information.
You can provide outer volume password and adversary cannot prove there is more information
Can be very useful!!
#CRYPTOPARTY
I hope some people found this useful. Now go and spread crypto, teach someone else!

@thomaskerin will be talking next about Tor, VPN's and connection security

https://cryptoparty.org
Full transcript