FaceTime data when it’s in transit between devices. - We wouldn’t be able to comply with a wiretap order even if we wanted to. - So unlike other companies’ messaging services, Apple doesn’t scan your communications
Agreement Method • Diffie-Hellman is for negotiating a secret between parties who don't already share one. • Uses modular exponentiation • public agreed p=3 and q=17 (3 mod 17) • A selects randomly number 15 (3^15 mod 17 = 6) • A sends 6 publicly to B • B selects randomly number 13 (3^13 mod 17 = 12) • B sends 12 publicly to A • A takes 12 (from B) and does 12^15 mod 17 = 10 (10 is shared secret) • B takes 6 (from A) and does 6^13 mod 17 = 10 (10 is shared secret) • From now one A and B can use shared secret to encrypt communication • 15 and 13 are private while 6 and 12 are public
Agreement Method • Diffie-Hellman is for negotiating a secret between parties who don't already share one. • Uses modular exponentiation • public agreed p=3 and q=17 (3 mod 17) • A selects randomly number 15 (3^15 mod 17 = 6) • A sends 6 publicly to B • B selects randomly number 13 (3^13 mod 17 = 12) • B sends 12 publicly to A • A takes 12 (from B) and does 12^15 mod 17 = 10 (10 is shared secret) • B takes 6 (from A) and does 6^13 mod 17 = 10 (10 is shared secret) • From now one A and B can use shared secret to encrypt communication • 15 and 13 are private while 6 and 12 are public
Uses existing key material to protect data • Public key to encrypt • Private key to decrypt • idea: lock and unlock are inverse operations • Uses modular exponentiation • me mod N = c (m is plaintext, c is encrypted message, e is encryption) • cd mod N = m (d is decryption, some value d to undo the initial operation) • med mod N = m (d is private key and it’s not easy to find out the value of d) • one way function easy to perform but difficult to reverse
1991 • “PGP empowers people to take their privacy into their own hands. There has been a growing social need for it. That's why I wrote it” • Protocol • Improved over the time
along with symmetric ciphers (AES) to build encrypted messages and data signatures. • Encryption • Signature • Defines format of keys • Defines format of message that consist of many packages • Provides authentication mechanism • Web of trust - signing party
Relies on X.509 certificates for public key distribution • Depends on the SSL PKI • you have an SSL certificate with your public key, and the fact that it is signed by a certificate authority (CA) "proves" it is really your key. • Certificate enrollment process is complex • Most emailing softwares already implement S/MIME
it should be impossible for anyone (including Alice and Bob themselves) to subsequently read or verify the authenticity of the encrypted message, even if they kept a copy of it.”
it should be impossible for anyone (including Alice and Bob themselves) to subsequently read or verify the authenticity of the encrypted message, even if they kept a copy of it.”
often on the Internet, cryptography is used to protect private, personal communications. However, most commonly, systems such as PGP are used, which use long-lived encryption keys (subject to compromise) for confidentiality, and digital signatures (which provide strong, and in some jurisdictions, legal, proof of authorship) for authenticity” • “we argue that most social communications online should have just the opposite of the above two properties; namely, they should have perfect forward secrecy and repudiability” • “In off-the-record messaging, we would like to have an even stronger property than repudiability: forgeability” meal
often on the Internet, cryptography is used to protect private, personal communications. However, most commonly, systems such as PGP are used, which use long-lived encryption keys (subject to compromise) for confidentiality, and digital signatures (which provide strong, and in some jurisdictions, legal, proof of authorship) for authenticity” • “we argue that most social communications online should have just the opposite of the above two properties; namely, they should have perfect forward secrecy and repudiability” • “In off-the-record messaging, we would like to have an even stronger property than repudiability: forgeability” meal
form between two peers. • PGP relies mostly on public key cryptography. • Long lived keys • Signal relies mostly on Diffie-Hellman key exchange “trick” • Temporary keys