security talk pretty good privacy (pgp/gnupg) · pdf file20061025 pgp/gnupg 3...
TRANSCRIPT
![Page 1: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/1.jpg)
20061025 PGP/GNUpg 1
Security Talk: PGP/GNUpg
Security Talk
Pretty Good Privacy (PGP/GNUpg)
Brian Epstein <[email protected]>
![Page 2: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/2.jpg)
20061025 PGP/GNUpg 2
Security Talk: PGP/GNUpg
● AIC triad – PGP/GNUpg● History of PGP/GNUpg/OpenPGP● Shared Key Cryptography● Public Key Cryptography● Cryptographic Hashing● Web of Trust
![Page 3: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/3.jpg)
20061025 PGP/GNUpg 3
Security Talk: PGP/GNUpg
● Main Principles in Security– Availability– Integrity– Confidentiality
● PGP/GNUpg covers Integrity and Confidentiality
![Page 4: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/4.jpg)
20061025 PGP/GNUpg 4
Security Talk: PGP/GNUpg
History of Pretty Good Privacy
● Pretty Good Privacy (PGP) created in 1991 by Phil Zimmermann
● OpenPGP rfc2440 created in 1998
● GNU Privacy Guard (GNUpg or GPG) created in 1999
● Commercial PGP changed hands twice in the past decade
![Page 5: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/5.jpg)
20061025 PGP/GNUpg 5
Security Talk: PGP/GNUpg
Shared Key Cryptography● Also known as symmetric key, single-key or private key cryptography
● Analogous to a regular door key
– Cereal box decoder ring– ZIP file encryption– Excel Spreadsheet encryption
![Page 6: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/6.jpg)
20061025 PGP/GNUpg 6
Security Talk: PGP/GNUpg
Shared Key Cryptography● Strengths
– Easy to use– Quick to understand– Keeps data confidentiality
● Weaknesses
– Vulnerable key exchange– Number of keys required is n(n – 1)/2– No integrity checking available (we don't know who encrypted)
![Page 7: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/7.jpg)
20061025 PGP/GNUpg 7
Security Talk: PGP/GNUpg
Public Key Cryptography● Also known as asymmetric key or split key cryptography
● Each person has two keys
– Public key to share with the world– Private key to keep very secret.
![Page 8: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/8.jpg)
20061025 PGP/GNUpg 8
Security Talk: PGP/GNUpg
Public Key Cryptography● Public key
– Data encrypted by this key can only be opened by its Private Key– Encrypting with public key ensures confidentiality– Alice encrypts with Bob's public key so that only Bob can read
● Private key
– Data encrypted by this key can only be opened by its Public Key– Encrypting with private key ensures integrity– Alice encrypts with her private key to prove to Bob that she
authored the email
![Page 9: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/9.jpg)
20061025 PGP/GNUpg 9
Security Talk: PGP/GNUpg
Public Key Cryptography● Strengths
– Number of keys required is n*2– Keeps data integrity– Keeps data confidentiality
● Weaknesses
– Vulnerable key exchange– Key trust (PKI or Web of Trust)– More difficult to manage
![Page 10: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/10.jpg)
20061025 PGP/GNUpg 10
Security Talk: PGP/GNUpg
PKI versus Web of Trust● Public Key Infrastructure (PKI) has a trust tree
![Page 11: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/11.jpg)
20061025 PGP/GNUpg 11
Security Talk: PGP/GNUpg
PKI versus Web of Trust● PKI Strengths
– Single point of trust● PKI Weaknesses
– Must have a shared point of trust– Verisign, Thawte, RSA certificates– Must spend money
![Page 12: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/12.jpg)
20061025 PGP/GNUpg 12
Security Talk: PGP/GNUpg
PKI versus Web of Trust● Web of Trust Strengths
– No single point of trust– Mesh network of trust– Usually free
● Web of Trust Weaknesses– Requires more work to setup consistently– How much do you trust your web?
![Page 13: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/13.jpg)
20061025 PGP/GNUpg 13
Security Talk: PGP/GNUpg
Web of Trust● Should not be spoke and wheel● Should look like a web
![Page 14: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/14.jpg)
20061025 PGP/GNUpg 14
Security Talk: PGP/GNUpg
● Good Web of Trust
![Page 15: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/15.jpg)
20061025 PGP/GNUpg 15
Security Talk: PGP/GNUpg
● Spoke and Wheel
![Page 16: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/16.jpg)
20061025 PGP/GNUpg 16
Security Talk: PGP/GNUpg
● Broken Spoke and Wheel
![Page 17: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/17.jpg)
20061025 PGP/GNUpg 17
Security Talk: PGP/GNUpg
IAS Web of Trust
![Page 18: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/18.jpg)
20061025 PGP/GNUpg 18
Security Talk: PGP/GNUpg
Demo
![Page 19: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/19.jpg)
20061025 PGP/GNUpg 19
Security Talk: PGP/GNUpg
Questions?
![Page 20: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/20.jpg)
20061025 PGP/GNUpg 20
Security Talk: PGP/GNUpg
Thanks, time to party!
![Page 21: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/21.jpg)
20061025 PGP/GNUpg 1
Security Talk: PGP/GNUpg
Security Talk
Pretty Good Privacy (PGP/GNUpg)
Brian Epstein <[email protected]>
![Page 22: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/22.jpg)
20061025 PGP/GNUpg 2
Security Talk: PGP/GNUpg
● AIC triad – PGP/GNUpg● History of PGP/GNUpg/OpenPGP● Shared Key Cryptography● Public Key Cryptography● Cryptographic Hashing● Web of Trust
![Page 23: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/23.jpg)
20061025 PGP/GNUpg 3
Security Talk: PGP/GNUpg
● Main Principles in Security– Availability– Integrity– Confidentiality
● PGP/GNUpg covers Integrity and Confidentiality
![Page 24: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/24.jpg)
20061025 PGP/GNUpg 4
Security Talk: PGP/GNUpg
History of Pretty Good Privacy
● Pretty Good Privacy (PGP) created in 1991 by Phil Zimmermann
● OpenPGP rfc2440 created in 1998
● GNU Privacy Guard (GNUpg or GPG) created in 1999
● Commercial PGP changed hands twice in the past decade
Phil Zimmermann was the target of a criminal investigation for US export restrictions. Case was dropped in 1996, and PGP, Inc. was founded.
Network Associates Inc (NAI) acquired PGP Inc. in 1997.
PGP Corp acquired PGP from NAI in 2002.GNUpg was first released in 1999. It follows the
OpenPGP standard, RFC2440, released in 1998.
![Page 25: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/25.jpg)
20061025 PGP/GNUpg 5
Security Talk: PGP/GNUpg
Shared Key Cryptography● Also known as symmetric key, single-key or private key cryptography
● Analogous to a regular door key
– Cereal box decoder ring– ZIP file encryption– Excel Spreadsheet encryption
![Page 26: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/26.jpg)
20061025 PGP/GNUpg 6
Security Talk: PGP/GNUpg
Shared Key Cryptography● Strengths
– Easy to use– Quick to understand– Keeps data confidentiality
● Weaknesses
– Vulnerable key exchange– Number of keys required is n(n – 1)/2– No integrity checking available (we don't know who encrypted)
![Page 27: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/27.jpg)
20061025 PGP/GNUpg 7
Security Talk: PGP/GNUpg
Public Key Cryptography● Also known as asymmetric key or split key cryptography
● Each person has two keys
– Public key to share with the world– Private key to keep very secret.
![Page 28: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/28.jpg)
20061025 PGP/GNUpg 8
Security Talk: PGP/GNUpg
Public Key Cryptography● Public key
– Data encrypted by this key can only be opened by its Private Key– Encrypting with public key ensures confidentiality– Alice encrypts with Bob's public key so that only Bob can read
● Private key
– Data encrypted by this key can only be opened by its Public Key– Encrypting with private key ensures integrity– Alice encrypts with her private key to prove to Bob that she
authored the email
![Page 29: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/29.jpg)
20061025 PGP/GNUpg 9
Security Talk: PGP/GNUpg
Public Key Cryptography● Strengths
– Number of keys required is n*2– Keeps data integrity– Keeps data confidentiality
● Weaknesses
– Vulnerable key exchange– Key trust (PKI or Web of Trust)– More difficult to manage
![Page 30: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/30.jpg)
20061025 PGP/GNUpg 10
Security Talk: PGP/GNUpg
PKI versus Web of Trust● Public Key Infrastructure (PKI) has a trust tree
![Page 31: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/31.jpg)
20061025 PGP/GNUpg 11
Security Talk: PGP/GNUpg
PKI versus Web of Trust● PKI Strengths
– Single point of trust● PKI Weaknesses
– Must have a shared point of trust– Verisign, Thawte, RSA certificates– Must spend money
![Page 32: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/32.jpg)
20061025 PGP/GNUpg 12
Security Talk: PGP/GNUpg
PKI versus Web of Trust● Web of Trust Strengths
– No single point of trust– Mesh network of trust– Usually free
● Web of Trust Weaknesses– Requires more work to setup consistently– How much do you trust your web?
![Page 33: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/33.jpg)
20061025 PGP/GNUpg 13
Security Talk: PGP/GNUpg
Web of Trust● Should not be spoke and wheel● Should look like a web
![Page 34: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/34.jpg)
20061025 PGP/GNUpg 14
Security Talk: PGP/GNUpg
● Good Web of Trust
![Page 35: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/35.jpg)
20061025 PGP/GNUpg 15
Security Talk: PGP/GNUpg
● Spoke and Wheel
![Page 36: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/36.jpg)
20061025 PGP/GNUpg 16
Security Talk: PGP/GNUpg
● Broken Spoke and Wheel
![Page 37: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/37.jpg)
20061025 PGP/GNUpg 17
Security Talk: PGP/GNUpg
IAS Web of Trust
![Page 38: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/38.jpg)
20061025 PGP/GNUpg 18
Security Talk: PGP/GNUpg
Demo
![Page 39: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/39.jpg)
20061025 PGP/GNUpg 19
Security Talk: PGP/GNUpg
Questions?
![Page 40: Security Talk Pretty Good Privacy (PGP/GNUpg) · PDF file20061025 PGP/GNUpg 3 Security Talk: PGP/GNUpg Main Principles in Security – Availability – Integrity – Confidentiality](https://reader034.vdocuments.us/reader034/viewer/2022042708/5a78a2817f8b9a7b698de377/html5/thumbnails/40.jpg)
20061025 PGP/GNUpg 20
Security Talk: PGP/GNUpg
Thanks, time to party!