Dennis Gamayunov discusses the history of undercover communications and encryption techniques. He describes how early systems like BBS, SMTP, and IRC lacked privacy and authentication. PGP introduced public-key cryptography for encrypting and signing messages. The Web of Trust model allows people to verify ownership of keys. However, fake keys and identities can undermine the system. The SILC protocol provides encryption for chat channels. OTR messaging provides forward secrecy, deniability, and no third-party proofs. Future work includes improving usability and expanding these techniques to group messaging.
During our last tool talk at NEOISF, Matt Neely talked about using a Fon (a wireless access point) with Karmetasploit to attack wireless clients for penetration testing. In this talk we will take this concept a step further and show you what the latest techniques are for conducting man-in-the-middle attacks (MITM). First, we will define what man-in-the-middle attacks are and why we should be doing these in our penetration tests. The technical discussion will include talk about our old favorites like Wireshark, Ettercap and Cain. Next, we will show some new techniques introduced with tools like SSLStrip, The Middler, and Network Miner. Finally, we will end with an open discussion on how to defend against man-in-the-middle attacks.
During our last tool talk at NEOISF, Matt Neely talked about using a Fon (a wireless access point) with Karmetasploit to attack wireless clients for penetration testing. In this talk we will take this concept a step further and show you what the latest techniques are for conducting man-in-the-middle attacks (MITM). First, we will define what man-in-the-middle attacks are and why we should be doing these in our penetration tests. The technical discussion will include talk about our old favorites like Wireshark, Ettercap and Cain. Next, we will show some new techniques introduced with tools like SSLStrip, The Middler, and Network Miner. Finally, we will end with an open discussion on how to defend against man-in-the-middle attacks.
o Review of PGP - Authentication and Confidentiality.
o Review of MIME and S/MIME with a short review of SMTP.
o Review of S/MIME in MS-Outlook - worksheet.
o Review of SSL Protocols.
o Review of SSH, its phases and its supported channel types.
o Demonstration SSL through Wireshark
o Demonstration SSH Channel
o Need for IPSec
o Details of ESP and brief idea of AH.
o SAD and SPD with inbound/outbound packet processing.
Encryption protects your privacy and is essential for communication. However encryption is sometimes complicated and hard to use. I want to discuss what encryption is, how it is used, and make it easy for everyone to use. I will show what tools are available under linux for protecting communications, hard drives, and web browsing.
Presented at Seminar at Bahria University June 2007
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, Certification Authority, Secure Socket Layer (SSL), Secure Electronic Transaction (SET)
The research of the digital certified mail up to implementing the base algorithm and then, go through more on pretty good privacy (PGP) applied to the email system.
Build your own network security protocol and get away uncaughtDaniel Podolsky
This speech is about team which invented its own network security protocol for the big Golang project. Yes we were sober and conscious and still did it!
First of all - “why”?!
Everybody knows Go runtime SSL is quite slow. Less common it’s memory footprint could not be considered as optimal.
Yes, we do know we can link OpenSSL to our program and get as performant as NGINX, for example.
But did it cross your mind OpenSSL is also not fast enough for some corner cases? Say, you have to accept 1M new connections in 30 seconds…
The problem is: SSL is slow and CPU intensive on establishing connection phase.
On inCaller project we came across this: to perform the tasks we need 32 CPU cores only. That mean 4 servers cluster. To accept new connections fast enough we need 480 CPU cores, which give us 60 servers cluster.
60 servers cluster is about 15 times worst than 4 servers cluster, obviously.
Looking to this unpleasant math we’ve decided to build our own encryption and security protocol. And we succeeded!
What we did, how we did it and what we’ve got finally - this is what my speech about.
A full review of Cyber security standards from the basics of encryption and hashing, through asymmetric encryption and Private/Public keys and TLS, to today's Authentication and Authorization methods with OAuth2 and OIDC.
Overview of SSL & TLS Client-Server InteractionsKatie Knowles
Overview of SSL & TLS client-sever interactions and perfect forward security with Diffie-Hellman exchange.
Originally created for the dc562 2016 Cryptoparty.
o Review of PGP - Authentication and Confidentiality.
o Review of MIME and S/MIME with a short review of SMTP.
o Review of S/MIME in MS-Outlook - worksheet.
o Review of SSL Protocols.
o Review of SSH, its phases and its supported channel types.
o Demonstration SSL through Wireshark
o Demonstration SSH Channel
o Need for IPSec
o Details of ESP and brief idea of AH.
o SAD and SPD with inbound/outbound packet processing.
Encryption protects your privacy and is essential for communication. However encryption is sometimes complicated and hard to use. I want to discuss what encryption is, how it is used, and make it easy for everyone to use. I will show what tools are available under linux for protecting communications, hard drives, and web browsing.
Presented at Seminar at Bahria University June 2007
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, Certification Authority, Secure Socket Layer (SSL), Secure Electronic Transaction (SET)
The research of the digital certified mail up to implementing the base algorithm and then, go through more on pretty good privacy (PGP) applied to the email system.
Build your own network security protocol and get away uncaughtDaniel Podolsky
This speech is about team which invented its own network security protocol for the big Golang project. Yes we were sober and conscious and still did it!
First of all - “why”?!
Everybody knows Go runtime SSL is quite slow. Less common it’s memory footprint could not be considered as optimal.
Yes, we do know we can link OpenSSL to our program and get as performant as NGINX, for example.
But did it cross your mind OpenSSL is also not fast enough for some corner cases? Say, you have to accept 1M new connections in 30 seconds…
The problem is: SSL is slow and CPU intensive on establishing connection phase.
On inCaller project we came across this: to perform the tasks we need 32 CPU cores only. That mean 4 servers cluster. To accept new connections fast enough we need 480 CPU cores, which give us 60 servers cluster.
60 servers cluster is about 15 times worst than 4 servers cluster, obviously.
Looking to this unpleasant math we’ve decided to build our own encryption and security protocol. And we succeeded!
What we did, how we did it and what we’ve got finally - this is what my speech about.
A full review of Cyber security standards from the basics of encryption and hashing, through asymmetric encryption and Private/Public keys and TLS, to today's Authentication and Authorization methods with OAuth2 and OIDC.
Overview of SSL & TLS Client-Server InteractionsKatie Knowles
Overview of SSL & TLS client-sever interactions and perfect forward security with Diffie-Hellman exchange.
Originally created for the dc562 2016 Cryptoparty.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
3. A bit of history
• User communications:
– BBS – late 1970s
– SMTP – 1982
– IRC – 1988
– ICQ – 1996
• Crypto:
– PGP - 1991
4. Privacy issues
• Unencrypted – anyone accessing the network
may read the messages
• Unauthenticated – anyone may pretend to be
anyone else
• But… deniable
5. PGP
Install GnuPG, generate a pair of keys for yourself; a
"public key" and a "private key".
The private key is like a regular key. You will use it to
sign and decrypt your messages
You publish your public key by sending it to a PGP key
server on the Internet.
People who wish to send you private email use a copy
of your key to encrypt the message.
You keep the (private) key to yourself, so that only you
can open and read (and sign) the messages.
6. PGP WoT
• Anyone can upload keys to “Key Servers”- even fake keys
• Authenticity of this public key can be checked as
• If you can verify that a key belongs to its owner, you can
sign that key, indicating that you have verified ownership
• Identify voice
• If not known, any
one else could say he
is owner of key
Make a call
• Check key
properties
Visit him • Search for another
person who verify his
identity
WOT
8. Trolling WoT
would you sign this key?
pub 1024D/1B629B3D 2005-12-27
Key fingerprint = 965E F829 EA6C
9174 4B46 43E1 4513 9A86 1B62 9B3D
uid u1tr4 l4s3r
<seekrit@hax0r.com>
sub 2048g/1F8E2EEA 2005-12-27
what would you need to know before you did?
9. Trolling WoT
• OHM2013 talk on fake PGP identities
– https://www.eff.org/event/ohm2013-trolling-
web-trust
• Sample tool available:
https://github.com/micahflee/trollwot
– Add fake signatures to keys
– Brute force PGP key id (and fingerprint)
– Create fake identities for given names and e-mails
and build WoT for them
10. PGP issues
• Usability of public-key fingerprints
– Hard to remember and pronounce
• Pseudo-word fingerprints
https://github.com/trevp/keyname
• Fake WoTs
• Lack of forward secrecy
– Stolen keys break all security properties of past
messages
11. Target scenario
• Assumptions
– Alice and Bob both know how to use PGP
– They both know each other’s public keys
– They don’t want to hide the fact that they talked, just what they talked
about
The Internet
Alice
Bob
Bad Guys
12. Now bad guys act
• Bob’s computer is stolen by “bad guys”
– Criminals, competitors
– Subpoenaed by the FBI
• Or just broken into
– Virus, trojan, spyware, black bag job
• All his key material is recovered
– Oh no!
• Bad guys now can:
– Decrypt past messages
– Learn their content
– Learn that Alice sent them
• And have a mathematical proof they can show to anyone else
• How private is that?
13. Lots of PGP-based projects available
• PGP-powered e-mail
• IM clients:
– Jabber (Pidgin et al)
– ICQ/AIM
– Basically any IM may be a transport for PGP-MIME
• Even WoT implementations for the Web and
OpenSSH
– http://web.monkeysphere.info/
14. SILC
• Stands for Secure Internet Live
Conferencing.
• Designed as a secure
replacement for IRC (Internet
Relay Chat), released in 2000.
• Also has some features of
instant messaging.
• Stable implementations for
clients and servers are available.
(http://www.silcnet.org)
15. SILC protocol
• A server handles channel maintenance and
accepts connections from clients.
• A client connects to a server to join and part
channels.
• A channel is a group of clients that are in the
same conversation.
• No one outside a channel is supposed to be able
to listen in on the conversation.
• It is assumed that each client has already
established a session key with each server to
which it talks
16. Protocol description (Client)
• If entity A sends something to entity B in SILC, it is always encrypted with
the session key between A and B.
• A client initially connects to a server.
• A connected client can request to join a channel on a server.
• The client knows that it has joined the channel when it receives a channel
key from the server.
• Every time a client joins or parts a channel, a new channel key is
generated and distributed among the remaining channel members.
• Each channel message, instead of being with the session key, is encrypted
with the channel key. However, the packet header (which stores the
source and destination) is still encrypted with the session key.
• A client, when it parts a channel, notifies the server so that it may update
the channel roster and regenerate the channel key.
17. Protocol description (Server)
• A server, when it receives a join request for a channel from a
client, adds that client to the channel roster if it is not already
there.
• A server, when it receives a part request for a channel from a
client, removes that client from the channel roster if it is there.
• If the channel roster changes, a new session key is created
and distributed to all remaining clients in the channel roster.
• Whenever a message for a channel is received from a client of
which it is a member, it is broadcast to all clients in the
channel roster. (Only the header is reencrypted.)
18. Protocol example
C1 C2S
Connect
Connect
Join #silctalk
generated-silctalk-key(1)
{Message: “I’m all alone.”}(1)
{C1 message: “I’m all alone.”}(1)
Join #silctalk
generated-silctalk-key(2)
generated-silctalk-key(2)
{Message: “Sup C1.”}(2)
{C2 Message: “Sup C1.”}(2)
{C2 Message: “Sup C1.”}(2)
Part #silctalk
generated-silctalk-key(3)
Part #silctalk
You have joined channel #silctalk
C1: I’m all alone.
C2 has joined channel #silctalk
C2: Sup C1.
You have parted channel #silctalk
You have channel #silctalk
C2: Sup C1.
C1 has parted channel #silctalk
You have channel #silctalk
19. Forward secrecy
• SILC regenerates the channel key on each
part/leave
• Users may additionally negotiate static
permanent channel encryption key
– Channel messages not visible to the server
– Key management is hard
20. OTR
• Designed by cryptographers Ian Goldberg and
Nikita Borisov in 2004
• Key features in addition for common
encryption:
– Perfect forward secrecy
– Deniability
21. Real-life model for OTR: casual
conversations
• Alice and Bob talk in a room
• No one else can hear
– Unless being recorded
• No one else knows what they say
– Unless Alice or Bob tell them
• No one can prove what was said
– Not even Alice or Bob
22. Perfect Forward Secrecy
• Use a short-lived encryption key
• Encrypt your data with it
• Discard it after use
– Securely erase from memory
• Use long-term keys to help distribute &
authenticate the short-lived key
23. Repudiable Authentication
• Do not want digital signatures
– Leave non-repudiation for contracts, not
conversations
• Do want authentication
– Can’t maintain privacy if attackers can
impersonate friends
• Use Message Authentication Codes (MACs)
25. No Third-Party Proofs
• Shared key authentication
– Alice and Bob have same MK
– MK required to compute MAC
• Bob cannot prove that Alice generated the
MAC
– He could have done it, too
– Anyone who can verify can also forge
26. OTR Protocol phase 1: AKE
• Alice and Bob pick random x, y resp.
• A->B: gx, SignAlice(gx)
• B->A: gy, SignBob(gy)
• SS=gxy a shared secret
• Signatures authenticate the shared secret,
not content
27. OTR phase 2: Message Transmission
• Compute EK=Hash(SS), MK=Hash(EK)
• A->B: EncEK(M), MAC(EncEK(M),MK)
• Enc is symmetric encryption (AES)
• Bob verifies MAC using MK, decrypts M
using EK
• Confidentiality and authenticity is assured
28. OTR: re-keying
• Alice and Bob pick x’,y’
• A->B: gx’, MAC(gx’, MK)
• B->A: gy’, MAC(gy’, MK)
• SS’ = H(gx’y’)
• EK’ = H(SS’), MK’=H(EK’)
• Alice and Bob securely erase SS, x, y, and EK
– Perfect forward secrecy
29. OTR limitations
• Basically online
– Short re-key interval
– Designed for IM
• Basically one-to-one
– Deniable multy-party OTR is a challenge
30. mpOTR
• Multy-party Off-the-record
communications
• Protocol draft proposed by
Ian Goldberg et al in 2009
• Current development:
– https://moderncrypto.org/
mailman/listinfo/messaging
– http://lists.cypherpunks.ca/
mailman/listinfo/otr-dev
– http://mpotr.secsem.ru/
• Initial implementation
expected in 2014
• Channel establishment
– IRC, XMPP MUC
• Authentication and key
establishment
– Group DH
• Communication
– Preserving message
ordering and causation
• Shutdown
– Publishing ephemeral
keys
31. Other undercover options available
• TorChat
– Relies on TOR hidden services feature
• CryptoCat
– https://blog.crypto.cat/wp-
content/uploads/2012/11/Cryptocat-2-Pentest-
Report.pdf
– Now implements OTR, bundled as browser plugin
– Aims at mpOTR roadmap
• Gibberbot, TextSecure, Xabber – Android
• ChatSecure - iOS