OpenWest 2015/End-to-end Encrypted Solutions

From Omnia
Revision as of 22:51, 8 May 2015 by Kenneth (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

End-to-end Encrypted Solutions

by Aaron Toponce (@AaronToponce)

"In the light of the Edward Snowden revelations, I will explain the current landscape of end-to-end encrypted solutions to protect your data from the NSA. I'll explain what the current threats are by the NSA and other well-funded organizations, what they likely can and cannot do, and how to mitigate them by using end-to-end encrypted software tools.

Some of the tools covered will be OpenPGP, OTR, Bitmessage, d-note, and Tox. I'll also talk about the NSA back doored Dual_EC_DRBG algorithm standardized by NIST, and the RDRAND controversy with Intel and Linux kernel developers. I'll call into question some conspiracy theories about the NSA, which will involve Lavabit."

---

CIA Triad

  • Confidentiality
  • Integrity
  • Availability

Information Security:

  • Products (Physical Security)
  • Procedures (Organizational Security)
  • People (Personal Security)

Resources:

  • Communication
  • Hardware
  • Software

Encryption - encoding information such that only authorized parties can read it. Provides only confidentiality.

Authentication - keeping information tamper-resistant while also proving it originated from the sender. Provides only integrity.

Matasano Challenges http://cryptopals.com

Encrypt-then-MAC is the one true way

MAC-then-Encrypt

  • plaintext hashed
  • mac appended to plaintext
  • plaintext and mac encrypted
* no ciphertext integrity
  • plaintext integrity
  • used in OpenSSL

Cryptographic Doom Principle:

  • Doom! when verifying the message is not the first execution
  • MAC-then-Encrypt vulnerable to the padding oracle attack
  • lucky thirteen and POODLE in OpenSSL
  • mac-and-encrypt plaintext recovery attack in openssh up to 5.1
  • mac-and-encrypt can reveal when messages repeat, if the mac doesn't include a sequence number

Suggestion:

  • encrypt-then-mac
  • use aes-gcm
  • or chacha20-poly1305
  • or aes-hmac-sha-256/512
  • or aes-sha3 (not finalized by nist, yet)

Off-the-Record Messaging (OTR)

  • end to end encryption
  • non-repudiation, off the record conversation, that is confidential
  • good for journalists or whistleblowers
  • Socialist Millionaire Protocol - a way to tell if the other person is who they are without actually identifying the other person
    • ask a quesiton that only the other person knows

OTR - Cryptocat

OepnPGP - protocol / RFC (not an implementation)

  • Unencumbered PGP
  • PGP compatible without patents
  • GNU Privacy Guard (GPG) - implementation