300 likes | 465 Views
Cryptography. Practical Understanding & Applications. Topics to be Discussed. Practical Understanding Definitions Necessary considerations Types of encryption Trusted encryption methods Applications Secure Email (OpenPGP) Hard Disk Protection (TrueCrypt). Practical Understanding.
E N D
Cryptography Practical Understanding & Applications
Topics to be Discussed • Practical Understanding • Definitions • Necessary considerations • Types of encryption • Trusted encryption methods • Applications • Secure Email (OpenPGP) • Hard Disk Protection (TrueCrypt)
Practical Understanding Basic Concepts & Definitions
What is Cryptography? • Definition - the use of encryption methods to conceal “plaintext” data (messages, files, etc.) • Encryption pre-dates computing • Caesar Cipher • Enigma machine
Why do we need Cryptography? • Plaintext data is vulnerable to 4 attack types: • Interruption • Interception • Modification • Fabrication • Used to ensure: • Confidentiality • Integrity
Key Considerations • Theoretically vs. Practically Breakable • Moore’s Law • Key Management • Key Distribution
Encryption Types • Symmetric Encryption • Same key utilization for encryption/decryption • Asymmetric Encryption • Different keys utilized for encryption/decryption • Most schemes involve a “private” and “public” key concept
Validated Encryption Schemes • Symmetric • Triple-DES • AES • Asymmetric • RSA • PGP
Applications Two Key Examples of Cryptography
Secure Email • Ensures confidentiality of messages even across insecure networks or email clients • Can be used as a “digital signature” to validate message authenticity • Most common implementation is PGP
OpenPGP • PGP = “Pretty Good Privacy” • Proprietary and Open Source software providers exist • Symantec Encryption • Paid, Proprietary • GNU Privacy Guard • Free, Open Source • http://www.gnupg.org/
GnuPG + Thunderbird • GnuPG • Free OpenPGP standard implementation • Available on Linux/Windows/Mac OS X • Thunderbird • Free E-Mail client by Mozilla • Uses Enigmail extension to allow for handling OpenPGP standard signed/encrypted mail
Steps to Setup Secure Mail • Download & install Mozilla Thunderbird • Download & install Enigmail extension • Download & install GnuPG • Setup Private/Public Key Pair • Share Public Key • Direct Sharing • Key Server (e.g. http://pgp.mit.edu/) • Assign encryption rules
Deployment Considerations • Security is only as good as the protection given to one’s private key • If lost or compromised, the old key pair must be invalidated and a new one generated • Per-User rules should be carefully applied
Hard Disk Encryption • Prevents unauthorized access to hard drives • Even if stolen, encrypted disks are useless to clone • Hardware or Software Implementations • Self-encrypting hard disks are available • Software implementations are much more typical • Open Source and Proprietary providers exist • Symantec Encryption • TrueCrypt
TrueCrypt • On-the-fly encryption provider suite • Good performance due to pipelining/parallelization • Variety of Encryption Options • Encrypted Folder • Encrypted Partition • Full Disk Encryption • Open Source and available for Linux/Windows/MAC OS X
Supported Encryption • Encryption • AES • Serpent • Twofish • Cascades • Application of two or more of the above encryption methods
Supported Hashes • TrueCrypt utilizes hashes to provide a pseudorandom random number generator for key and salt creation. • Hashes • RIPEMD-160 • SHA-512 • Whirlpool
Advanced Features • Hidden Volume Creation • Hides a TrueCrypt volume within an outer TrueCrypt volume • Outer can be revealed (decrypted) without revealing the existence of the hidden drive • Hidden Operating System • Even if pre-boot authentication password is forced to be revealed, only a “decoy” operating system will be accessed
Deployment Considerations • Data Leaks • System memory is NOT encrypted • Dependent on password strength/secrecy • Malware, keyloggers, etc. can compromise even a strong password • Wear-Leveling • Flash Memory
Conclusion Putting it all together
Closing Thoughts • Encryption provides one of the foundational layers of digital security • Utilize the appropriate level of security to meet your needs • Don’t fall into “false sense of security” traps • Free, open source encryption methods are readily available -- use them!
References • http://www.openpgp.org/ • http://en.wikipedia.org/wiki/Pretty_Good_Privacy • http://www.gnupg.org/ • https://www.enigmail.net/home/index.php • http://www.truecrypt.org/