Upgrade to Pro — share decks privately, control downloads, hide ads and more …

End-to-End encryption cookbook

End-to-End encryption cookbook

7b2fdba8077c8495b3caa6f36d0928da?s=128

Marcin Krzyzanowski

July 15, 2016
Tweet

Transcript

  1. END-TO-END ENCRYPTION COOKBOOK

  2. MARCIN KRZYŻANOWSKI @krzyzanowskim github.com/krzyzanowskim krzyzanowskim.com CryptoSwift ObjectivePGP swingdev.io

  3. AGENDA • What is E2EE • Naive approach • Real

    world solutions • fundamentals • protocols
  4. END-TO-END ENCRYPTION HOT TOPIC

  5. None
  6. None
  7. http://www.apple.com/uk/privacy/approach-to-privacy/

  8. http://www.apple.com/uk/privacy/approach-to-privacy/ - Apple has no way to decrypt iMessage and

    FaceTime data when it’s in transit between devices. - We wouldn’t be able to comply with a wiretap order even if we wanted to. - So unlike other companies’ messaging services, Apple doesn’t scan your communications
  9. End-to-end encryption (E2EE) is a system of communication where only

    the communicating users can read the messages. prevents potential eavesdroppers from being able to access conversation.
  10. End-to-end encryption (E2EE) is a system of communication where only

    the communicating users can read the messages.
  11. End-to-end encryption (E2EE) is a system of communication where only

    the communicating users can read the messages.
  12. End-to-end encryption (E2EE) is a system of communication where only

    the communicating users can read the messages.
  13. End-to-end encryption (E2EE) is a system of communication where only

    the communicating users can read the messages.
  14. CIPHER + PASSWORD NAIVE E2EE • Two ends • CIPHER

    • AES, ChaCha20… • PASSWORD/KEY • password • time based one-time password • Distribute password • printed, mailed, whispered • shared table of passwords, time based password
  15. CIPHER + PASSWORD NAIVE E2EE password54321 password54321 encrypt encrypt decrypt

    decrypt
  16. CIPHER + PASSWORD NAIVE E2EE password54321 password54321 decrypt encrypt messaging

    server
  17. CIPHER + PASSWORD NAIVE E2EE password54321 password54321 decrypt encrypt messaging

    server
  18. CIPHER + PASSWORD NAIVE E2EE password54321 password54321 decrypt encrypt messaging

    server CAN’T DECRYPT
  19. REAL WORLD http://polyarista.tripod.com

  20. — Napoleon Bonaparte HISTORY IS WRITTEN BY THE WINNERS” “

    HISTORY
  21. DIFFIE HELLMAN DIFFIE-HELLMAN ingredients

  22. BASICS DIFFIE-HELLMAN • Key exchange algorithm • RFC2631 Diffie-Hellman Key

    Agreement Method • Diffie-Hellman is for negotiating a secret between parties who don't already share one. • Uses modular exponentiation • public agreed p=3 and q=17 (3 mod 17) • A selects randomly number 15 (3^15 mod 17 = 6) • A sends 6 publicly to B • B selects randomly number 13 (3^13 mod 17 = 12) • B sends 12 publicly to A • A takes 12 (from B) and does 12^15 mod 17 = 10 (10 is shared secret) • B takes 6 (from A) and does 6^13 mod 17 = 10 (10 is shared secret) • From now one A and B can use shared secret to encrypt communication • 15 and 13 are private while 6 and 12 are public
  23. BASICS DIFFIE-HELLMAN • Key exchange algorithm • RFC2631 Diffie-Hellman Key

    Agreement Method • Diffie-Hellman is for negotiating a secret between parties who don't already share one. • Uses modular exponentiation • public agreed p=3 and q=17 (3 mod 17) • A selects randomly number 15 (3^15 mod 17 = 6) • A sends 6 publicly to B • B selects randomly number 13 (3^13 mod 17 = 12) • B sends 12 publicly to A • A takes 12 (from B) and does 12^15 mod 17 = 10 (10 is shared secret) • B takes 6 (from A) and does 6^13 mod 17 = 10 (10 is shared secret) • From now one A and B can use shared secret to encrypt communication • 15 and 13 are private while 6 and 12 are public
  24. RIVEST SHAMIR ADELMAN RSA ingredients

  25. BASICS RSA • Two algorithms (assymetric encryption, digital signatures) •

    Uses existing key material to protect data • Public key to encrypt • Private key to decrypt • idea: lock and unlock are inverse operations • Uses modular exponentiation • me mod N = c (m is plaintext, c is encrypted message, e is encryption) • cd mod N = m (d is decryption, some value d to undo the initial operation) • med mod N = m (d is private key and it’s not easy to find out the value of d) • one way function easy to perform but difficult to reverse
  26. HISTORY PROTOCOLS

  27. HISTORY OPENPGP meal

  28. END TO END ENCRYPTION PRETTY GOOD PRIVACY • Published in

    1991 • “PGP empowers people to take their privacy into their own hands. There has been a growing social need for it. That's why I wrote it” • Protocol • Improved over the time
  29. PRETTY GOOD PRIVACY • PGP uses Private and Public keys

    along with symmetric ciphers (AES) to build encrypted messages and data signatures. • Encryption • Signature • Defines format of keys • Defines format of message that consist of many packages • Provides authentication mechanism • Web of trust - signing party
  30. HISTORY S/MIME meal

  31. S/MIME • Builds over MIME and Cryptographic Message Syntax •

    Relies on X.509 certificates for public key distribution • Depends on the SSL PKI • you have an SSL certificate with your public key, and the fact that it is signed by a certificate authority (CA) "proves" it is really your key. • Certificate enrollment process is complex • Most emailing softwares already implement S/MIME
  32. FAST FORWARD “Off-the-Record Communication, or, Why Not To Use PGP”

  33. OTR PROBLEM “after Alice and Bob have exchanged their message,

    it should be impossible for anyone (including Alice and Bob themselves) to subsequently read or verify the authenticity of the encrypted message, even if they kept a copy of it.”
  34. OTR PROBLEM “after Alice and Bob have exchanged their message,

    it should be impossible for anyone (including Alice and Bob themselves) to subsequently read or verify the authenticity of the encrypted message, even if they kept a copy of it.”
  35. OR, WHY NOT TO USE PGP OFF-THE-RECORD COMMUNICATION • “Quite

    often on the Internet, cryptography is used to protect private, personal communications. However, most commonly, systems such as PGP are used, which use long-lived encryption keys (subject to compromise) for confidentiality, and digital signatures (which provide strong, and in some jurisdictions, legal, proof of authorship) for authenticity” • “we argue that most social communications online should have just the opposite of the above two properties; namely, they should have perfect forward secrecy and repudiability” • “In off-the-record messaging, we would like to have an even stronger property than repudiability: forgeability” meal
  36. OR, WHY NOT TO USE PGP OFF-THE-RECORD COMMUNICATION • “Quite

    often on the Internet, cryptography is used to protect private, personal communications. However, most commonly, systems such as PGP are used, which use long-lived encryption keys (subject to compromise) for confidentiality, and digital signatures (which provide strong, and in some jurisdictions, legal, proof of authorship) for authenticity” • “we argue that most social communications online should have just the opposite of the above two properties; namely, they should have perfect forward secrecy and repudiability” • “In off-the-record messaging, we would like to have an even stronger property than repudiability: forgeability” meal
  37. NEW WORLD

  38. SIGNAL meal

  39. OPEN WHISPER SYSTEMS SIGNAL • Open Whisper Systems • ZRTP

    (by Phil Zimmermann) key- agreement protocol • Curve25519, AES-256, and HMAC- SHA256 • Improved OTR key exchange flow • Double Ratchet Algorithm (Axolotl Ratchet) • Whatsapp Adopts 'Signal' Protocol For Complete End-To-End Encryption, Facebook Messenger, Allo (optional), Viber
  40. SIGNAL PROTOCOL • Poorly documented • Read implementation to understand

    protocol • WhatsApp Encryption Overview - Technical white paper
  41. CYI Cook It Yourself

  42. LIBRARIES • CommonCrypto • OpenSSL • NaCl • ObjectivePGP •

    netpgp • gpgme • github.com/WhisperSystems/libsignal-protocol-c • JavaScript libraries bridged to iOS/macOS Cook It Yourself
  43. SUMMARY • E2EE ensure data is never transmitted in unencrypted

    form between two peers. • PGP relies mostly on public key cryptography. • Long lived keys • Signal relies mostly on Diffie-Hellman key exchange “trick” • Temporary keys
  44. THANK YOU @krzyzanowskim github.com/krzyzanowskim krzyzanowskim.com swingdev.io