OpenWest 2015/End-to-end Encrypted Solutions

End-to-end Encrypted Solutions

by Aaron Toponce (@AaronToponce)

"In the light of the Edward Snowden revelations, I will explain the current landscape of end-to-end encrypted solutions to protect your data from the NSA. I'll explain what the current threats are by the NSA and other well-funded organizations, what they likely can and cannot do, and how to mitigate them by using end-to-end encrypted software tools.

Some of the tools covered will be OpenPGP, OTR, Bitmessage, d-note, and Tox. I'll also talk about the NSA back doored Dual_EC_DRBG algorithm standardized by NIST, and the RDRAND controversy with Intel and Linux kernel developers. I'll call into question some conspiracy theories about the NSA, which will involve Lavabit."

---

CIA Triad
 * Confidentiality
 * Integrity
 * Availability

Information Security:
 * Products (Physical Security)
 * Procedures (Organizational Security)
 * People (Personal Security)

Resources:
 * Communication
 * Hardware
 * Software

Encryption - encoding information such that only authorized parties can read it. Provides only confidentiality.

Authentication - keeping information tamper-resistant while also proving it originated from the sender. Provides only integrity.

Matasano Challenges http://cryptopals.com

Encrypt-then-MAC is the one true way

MAC-then-Encrypt * no ciphertext integrity
 * plaintext hashed
 * mac appended to plaintext
 * plaintext and mac encrypted
 * plaintext integrity
 * used in OpenSSL

Cryptographic Doom Principle:
 * Doom! when verifying the message is not the first execution
 * MAC-then-Encrypt vulnerable to the padding oracle attack
 * lucky thirteen and POODLE in OpenSSL
 * mac-and-encrypt plaintext recovery attack in openssh up to 5.1
 * mac-and-encrypt can reveal when messages repeat, if the mac doesn't include a sequence number

Suggestion:
 * encrypt-then-mac
 * use aes-gcm
 * or chacha20-poly1305
 * or aes-hmac-sha-256/512
 * or aes-sha3 (not finalized by nist, yet)

Off-the-Record Messaging (OTR)
 * end to end encryption
 * non-repudiation, off the record conversation, that is confidential
 * good for journalists or whistleblowers
 * Socialist Millionaire Protocol - a way to tell if the other person is who they are without actually identifying the other person
 * ask a quesiton that only the other person knows

OTR - Cryptocat

OepnPGP - protocol / RFC (not an implementation)
 * Unencumbered PGP
 * PGP compatible without patents
 * GNU Privacy Guard (GPG) - implementation