Upload
kun-genma
View
799
Download
2
Tags:
Embed Size (px)
DESCRIPTION
- Why we do this talk ? - The digital identity - HOW TO : Encryption - WTF is encryption ? - What can I encrypt ? How? - HOW TO : Anonymity - Why does it matter ?
Citation preview
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
How to get back your privacy?
Naam, Genma
EPITA / [email protected]
01/17/14
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Overview
1 IntroWhy we do this talk ?The digital identity
2 HOW TO : EncryptionWTF is encryption ?What can I encrypt ? How ?
3 HOW TO : AnonymityWhy does it matter ?There is always a tool that �ts your need
4 ConclusionWe're not in a XOXO worldCryptoparty
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
Sensitive data
De�nition
a set of values of qualitative or quantitative variables
individual pieces of information
Some of them are (important|critical)s, don't play with Mallory.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
The right to stay anonymous
The Convention for the Protection of Human Rights and Fundamen-tal Freedoms states that :
Article 8 - Right to respect for private and family life
Everyone has the right to respect for his private and family life(...).
There shall be no interference by a public authority with theexercise of this right except such as is in accordance with thelaw and is necessary in a democratic society in the interests of
national security, public safety or the economic well-being of
the country, for the prevention of disorder or crime, for the
protection of health or morals, or for the protection of the
rights and freedoms of others.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
Current situation
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
You will also see
Tons of softwares, distributions, techniques to defeat tooinquisitive people and censorship.
What's a Cryptoparty and what you could learn from it.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
About me
Where can you �nd me onInternet ?
Blog (in French) :http ://genma.free.fr
Twitter :http ://twitter.com/genma
My Hobbies ? Many things
Crypto
Privacy
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
Digital identity, what is it ?
De�nition
Digital identity is all the public data you can �nd about someoneusing Internet research.
It's the famous e-reputation.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
What do you think of me ?
Google you name
The results shown are they exactly what you want ?
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
Saying
Words �y, writings remain
This adage is especially true with the Internet.
It must be assumed that what is said will always be accessible,even years later.
Everything on the Internet is public or will be (even if it is"private", Terms of Use may change).
it is therefore not an abuse of freedom of expression and itremains respectful of laws
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
Pseudonymity
De�ntion
Contraction of anonymity and pseudonym words, the term pseu-donymity re�ects quite well the contradictory of being a public�gure and to remain anonymous ...
Have a pseudonym does not mean to say and do anything.
This is the image that I return, this is my credibility (past,present and future).
A pseudonym is also a public identity, which is associated withdi�erent account : my blog, my Twitter, my Facebook account.
The digital identity are all these public data associated with thisidentity.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
Samples
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
Pseudonymity is disapearing...
Facebook doesn't allow the creation of an account with apseudonym, if you really want there is some easy steps tofollow.
The goal is to force people to express themselves using theirreal names,
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
Pseudonymity is seen as a problem
The problem is that the anonymity is taken as an excuse to condemnthe use of the Internet as a tool for freedom of expression.If people are monitored, they do not say what they think, they donot criticize the politicians.With the Internet, the citizen is gradually taking power on politicians.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
Conclusion
Pseudonymity is a necessity
Manage your digital identity.
Pseudonymity is the �rst step to take back you privacy.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why we do this talk ?The digital identity
Something unclear ?
Feel free to ask for questions now.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
De�nition - cryptage, encrypt, encryption ?
Encryption
Encryption is to encrypt a document / �le using an encryption key.The reverse operation is decryption.
Cryptage
Term � cryptage � is derived from the English encryption and doesnot exist in French. Decryption is the fact of breaking the encryptionwhen the private key is unknown.
Cryptography
Science is called Cryptography.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Encryption, how does it work ?
Symetric Encryption
This involves encrypting a message with the same key that will beused for decryption process.Sample : Caesar code, with an o�set letter. A->C, B->D etc.Nous venons en paix -> Pqwu xgpqpu gp rckzThe reverse process is applied to get the message.
What is an encryption key ?
A key is called so because it opens / closes the padlock that is theused encryption algorithm.
Here, the algorithm is the o�set.
The key is the number of o�set of letter (here two letters).
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Asymetric Encryption 1/2
Public key - Private key
Asymetric Encryption is based on the pair public key - private key.⇒ What you need to know :
My private key is... private and my own.
My public key is shared with everyone.
The encryption algorithm
The encryption algorithm is more complexe than the fact of shiftingletters ; it is based on mathematical concepts (�rst number ...)
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Asymetric Encryption 2/2
Encryption
With the public key of my correspondent, I encrypt a �le.⇒ The �le can only be decrypted by the person who possesses theprivate key corresponding to the public key that I used (and thereforemy correspondent).
Decryption
With its private key, my correspondent decrypts the �le.⇒ He can then read the message.
Concret case
Mail Encryption with PGP.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Bob send a message to Alice
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Why encryption ?
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Encrypt - The arguments against
Nobody does...
FALSE. Without knowing it, you do it every day.Sample 1 : "padlock" when connecting (https)Sample 2 : Wi� key.
Nothing to hide...
FALSE. Who would accept the postman reading his medical post ?
Encryption, it's for the pedo-nazi...
FALSE. For journalists / bloggers dissidents who are denouncing dic-tatorships...
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Encrypt - The arguments for
Encryption, it's not so complicated
It is not more complicated than using a "software". You just haveto understand the principle.
Protection and security
My personnal data are safe Cf. PRISM, NSA...
Privacy
Only the person for who the "message" is, is able to read it.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Edward Snowden
Encryption works. Properly implemented strong crypto systems areone of the few things that you can rely on.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Encryption limit
Which is encrypted can be decrypted today tomorrow
Tomorrow's computers will allow to decrypt the encrypted data to-day.
It the private key is lost
We no longer have access to data.
Metadata, social graph
PGP does not protect against the analysis of metadata (ser-vers transit, addresses, headers, subject). Do not forget to cleanthe meta-data �les (EXIF tag photos, o�ce documents with trackedchanges). DNS... Case of tracking Internet ...
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Law and encryption
In France, the law therefore considers that the use of cryptology isfree (LCEN Article 30-1) and there is therefore now no limit to thesize of the encryption key that can be used .
In case of search, the refusal of submission of the encryption key mayresult in 3 years imprisonment and 45000e.
This penalty is increased if Encryption was used to commit a crime.
It is therefore recommended to give the decryption key, except in thecase where the decrypted data would result in a judicial proceedingin which the �nal sentence would be greater than the interferencewith the judicial investigation.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Encryption
Locally - your data
Hard disk
USB Key
Smartphone
Network - Communications
Https : HTTPSEveryWhere for Firefox
E-mails : GPG with Enigmail for Thunderbird
Connexion : VPN, SSH, TOR...
⇒ Each "use", there is an encryption solution.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Emails - PGP, GPG ?
PGP
Pretty Good Privacy - PGP is an encryption software created by theAmerican Phil Zimmermann in 1991.
OpenPGP
This standard describes the format of messages, signatures or cer-ti�cates that can send software such as GNU Privacy Guard. It istherefore not a software but a format for the secure exchange ofdata, which owes its name to the historic program Pretty Good Pri-vacy (PGP).
GnuPG
GnuPG (GNU Privacy Guard) is the free software.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Harddisk encryption
Software integrated in operating systems
Windows 7/8 : Bitlocker (Backdoor)
MacOS : FileVault
GNU/Linux : Encfs...
Can you trust closed source software ?
Independently of the operating system
⇒ TrueCrypt. For a USB key/an external hard drive.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
TrueCrypt audit
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Encryption and privacy
Encryption meets the need for privacy
and allows data protection.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Encryption for connexions : SSL/TLS
Session layer based, a�ect application layer (TFP, HTTP,SMTP, IMAP, POP , DNS, RTMP ...)
Prefer using TLS over SSL when you have choice.
Asymetrical encryption, forward secrecy (Di�e-Hellman).
Only use up to date browser in order to have the correct �ngerprintcaught on your computer and avoid MITM attack. If your browserdoes not have a certi�cate pinning system install certi�cate patrol(assuming your �rst connection is safe) or HTTPS everywhere withthe SSL observatory ON.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Di�e-Hellman key exchange
With color
two people that never met agreeson the same keys
heavy use of one-way function
Select a public color, then eachpart select a private secret one.
each part mix private/public keyand send it to the other.
Each part mix the mixture of theother with their own private colorand arrive to the same �nal privatecolor.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Di�e-Hellman key exchange
With maths : (modular|clock) arithmetic
work on prime modulus andgenerator of that modulus.
3nmod17 = X with0 <= X <= 17 hard to reversewhen len(prime modulus) increase.
so each part agrees on a primemodulus (p) and a generator (g).Then calculateg secretmod(p) = Mix and send itpublicly.
each part compute nowMix secretmod(p) = Key
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Encryption for chat sessions : OTR
OTR : O�-the-Record Messaging
Di�e-Hellman key exchange
o�-the-record conversation
repudiable authentication by using message authenticationcodes.(authentication ON | digital signature OFF)
Bob cannot prove that Alice generated the MAC. Install Pidgin(cross-plateform) with plugin (available from the OTR homepage)and start playing.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Encryption for disk
Many possibilities, but full disk encryption is advised in case youreally care about privacy. For this purpose you have a plethora ofchoice.
Stacked �lesystem encryption (eCryptfs, EncFs, disk utility ...)
Disk encryption (dm-crypt, GELI, FileVault, DiskCryptor,trueCrypt ...)
Case study : Plain dm-crypt
full disk encryption
bootloader and key on external device
(can also be done with Diskcryptor)
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Encryption for smartphone
Android
Chatsecure (Facebook chat, GTalk, Jabber) [OTR Messaging]
Textsecure (SMS)
LUKS Manager (ROOT requiered)
iOS
Chatsecure (Facebook chat, GTalk, Jabber) [OTR Messaging]
FDE available by default, bypass techniques available,proprietary built system...(More details : iPhone Forensic, O'Reilly)
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Example : chatsecure with facebook
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Example : chatsecure with facebook
Win.
Facebook cannot read yourmessages.
But you can't read itanymore after your currentsession.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Encryption for �les
Mails : Use GPG
create your keys
share your public key
enter the matrix Web Of Trust (WOT)
encrypt/sign your message and send it.
receive mails too.
Files
Basically you can do the same with 'regular �le'... Make sure not tostore keys near encrypted �les, prefer symetrical encryption if �leswill not be shared.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Choosing a password : Diceware method
The diceware method allow you to construct very strong passwordwith the following advantages :
Very easy to remember
strong passphrase with high entropy ( 20char +)
truly random ; password is totally detached from userhabits/knowledge etc.
Test your password strength in bits
Entropy calculated by : Htn =∑n
k=1 L ∗LogNLog2
Do NOT test your password strength online. Take a calculator andcalcul the entropy yourself.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Diceware, overall strength
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Diceware, how does it work
You only need a true random source and an o�cial mapped dictio-nary.
Draw 1 : 5 1 5 5 5
Draw 2 : 5 4 5 6 6
Draw 3 : 6 5 6 4 6
Draw 4 : 5 4 3 1 2
Draw 5 : 2 2 3 5 4
...
14245 bit
14246 bitch
14247 bite
...
Results
in French : phase ribose vv rebut clebs
in English : rest sober 80 skye data
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
WTF is encryption ?What can I encrypt ? How ?
Something unclear ?
Feel free to ask for questions now.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Anonymity
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Anonymity, why does it matter ?
In real life, anonymity is necessary for democraty (voting paper).On line, anonymity is necessary for freedom of expression.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
TOR the Onion router
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Onion routing principles
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
TOR : The Onion Router
It's an open-source implementation of the principles we just sawsupported by The Tor Project.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
TOR : The Onion Router
Pros
Hiding you identity and location, prevents from eyesdropping.
Hiding you browsing habits and act like a debrider on theinformations that you're authorized to see.
encrypting your (incom|outgo)ing tra�c between nodes.
Cons
Slower connexion, forget about downloading big �les, torrents(deanonymize e�ect) etc...
Still vulnerable to some kind of analysis(timing deduction or infection between applications).
entry/exit nodes are vulnerables, no magic here.(Partial solution if you setup an exit enclaving node)
TOR is an anonymity tool, not a security one.Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
If you use it, do it smartly
Don't use standalone TORor Vidalia bundlle
Prefer the use of the TBB(Tor Browser Bundle)
or even better : tails (liveDebian), in hostileenvironment (public placesetc)
Try Tor browser launcher for your distribution, that keep TBB upda-ted. Grab-it from here :https ://github.com/micah�ee/torbrowser-launcher
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
If it's free,
then you're the product
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
What is the tracking ?
Tracking over the Internet
websites, announcers use it to learn your browsing habits.
they save what websites are you're visiting, what do you like ordislike and what you buy.
Data are processed in order to display the best ads that �t yourpreferences.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
What's the magic ?
Ads and widget are spying you
The Like button : Allows FaceBook to know what you visit, evenif you don't click on it, even if you are properly disconnectedfrom Facebook.
Same for the +1 by Google, and Google Analytics script.
In fact every ad and many widget do it.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Want to test ? Try LightBeam (ex Collusion) with Firefox
That add-on allow you to see in real time which websites are trackingyou and the inter-connexion between the actual website and others.Kind of weird sometime.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Firefox
Firefox addons
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Firefox scripts : Ghostery
Block all trackers.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Firefox scripts : Self destructing cookie
Automatic cookie deletion tech-niques. Prevent tracking andspying. Possibility to setup a whi-telist if you really want to keepsome cookies for some domainseven if you're not currently usingit.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Firefox scripts : HTTPSEverywhere
Made by the electronic fron-tier fondation (EFF), it forces theHTTPS when available on thewebsite. If you have one, consi-der registering it for your visitors(see https ://www.e�.org/https-everywhere/rulesets).Also, activate the SSL Observa-tory : it prevents from MITM at-tacks and more generally againstcorrupted certi�cates.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Firefox scripts : Certi�cate Patrol
Does approximately the same thing than the SSLObservatory. Lesstransparent in everyday use.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Search engines
Problems with search engines
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Search engines
Duckduckgo (ddg.gg) personalizable interface for your needs.
Ixquick/startpage (ixquick.com/startpage.com) more than onesearch engine begind, automatic proxy if you want to.
binsearch (binsearch.info) search for binaries (newsgroups etc)that google is hiding from you.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Metadatas are evil
Metadatas are evil
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Metadatas are evil
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Metadatas are evil
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Metadatas are evil
De�nition (http ://dictionary.reference.com/browse/meta-data)
Data about data.
information that is held as a description of stored data.
Examples
EXIF tags on photography (Date, cameras info, GPScoordinates...)
data stored on documents like .doc(x)
...
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Metadatas are evil
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Solution ? YES, partialy
There is a good tool to erase metadatas from a large spectrum of�letypes. It's called MAT (mat.boum.org).
Reside in Tails, standalone package (Debian), Git repos.
it has a GUI, no worry (can also be used in command line,don't worry too).
Files support :
Images : .png, JPEG (.jpg, .jpeg, . . . )
Documents : .odt, .odx, .ods, . . . , .docx, .pptx, .xlsx, . . . , .pdf
Tape ARchives (.tar, .tar.bz2, . . . )
Media : .mp3, .mp2, .mp1, . . . , .ogg, . . . , .�ac
Torrent (.torrent)
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
Why does it matter ?There is always a tool that �ts your need
Something unclear ?
Feel free to ask for questions now.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
Conclusion
Conclusion
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
Crypto-anarchy
Everyone does encryption and what is really important is encryptedand embedded in it.
It creates noise which prevents mass surveillance (PRISM ...)
Careful ! At the current time, encryption is not widespread, anyonewho encrypts their e-mails can be considered as suspicious.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
Relativity of anonymity today
Analysis on language elements
We can identify someone by studying the typography, style,vocabulary, culture, ideas ..
the frequency of words used, the turn of phrase, the kind ...
Theses techniques are used to determine who hides behind...Anonymous
Care of Logs
Schedules connections times and estimated time zone alsoprovide information ...
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
Relativity theory
Snowden's leak are recent, documents leaked are pretty old.
We have very strong tool but we do not know what they have.
State of the art techniques to defeat those technologies(processor noise etc...).
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
Want to help ?
With money : You can make donation to those open-sourceprojects.
With action : Use their services, give feedback, there is alwayssomething to do.
By spreading words, teach others how to use it.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
Cryptoparty
Interested parties with computers, devices, and the desire to learnto use the most basic crypto programs and privacy tools and thefundamental concepts of their operation ! CryptoParties are free toattend, public, and are commercially and politically non-aligned.
What you'll do
Use crypto-tool, ask for questions, teach to others want you alreadyknow.
What you'll not do
Maths, learn deep crypto-concepts, ... Unless you want it.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
Something unclear ?
Feel free to ask for questions now.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
Rendez vous at the Cryptoparty
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
Annexes
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
An Exchange of mails really secure
The problem with encrypted email ? We still know who talks towhom.
Solution
Exchange mail between two known / trusted servers who aredialoguing in https SSL / TLS between them.
Encrypt messages via PGP
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
Steganography - Steghide
Can you see a di�erence between these two pictures ?
vs
The second image contains the text "This is my hidden text." Thisis what is called steganography. Software : steghide
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
Bitmessage
Bitmessage , a protocol for sending / receiving messages and acentricfully encrypted, based on a mechanism simillaire bitcoin .
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
Bitmessage
Characteristics and comparison with an email solution + PGP
Send a pair hand , no need to create a server, register adomain name, or enroll in a service. You can create as manyaddresses as you want.
No need to trust a tier ( CA for example).
Censorship-resistant . Person , including a government can notdelete your address or messages.
It is not possible to impersonate a sender (spoo�ng).
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
Bitmessage
Bitmessage has a feature broadcast .
The identity of the sender and receiver of messages is easier tohide an email with PGP + solution .
Unlike PGP , the subject is encrypted by default .
Should be easier to use, no need to keep the public keys ofyour correspondents .
Opportunity to develop additional functionality based on theprotocol.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
ZeroBin
ZeroBin is a minimalist, opensource online pastebin/discussion boardwhere the server has zero knowledge of hosted data. Data is encryp-ted/decrypted in the browser using 256 bits AES. You can test itonline or install on your own server.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
ZeroBin
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
ZeroBin
When pasting a text into ZeroBin :
You paste your text in the browser and click the Send button.
A random 256 bits key is generated in the browser.
Data is compressed and encrypted with AES using specializedjavascript libraries.
Encrypted data is sent to server and stored.
The browser displays the �nal URL with the key.
The key is never transmitted to the server, which thereforecannot decrypt data.
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
ZeroBin
Naam, Genma Anonymity and encryption
IntroHOW TO : EncryptionHOW TO : Anonymity
Conclusion
We're not in a XOXO worldCryptoparty
ZeroBin
When opening a ZeroBin URL :
The browser requests encrypted data from the server
The decryption key is in the anchor part of the URL which isnever sent to server.
Data is decrypted in the browser using the key and displayed.
Naam, Genma Anonymity and encryption