The document proposes a solution called Crypto-Book that aims to make encrypting Facebook messages easy through asymmetric public-key encryption. Crypto-Book allows users to generate keys with one click, publish their public key on their profile, and look up others' keys to encrypt messages before sending them on Facebook. It includes a desktop app to decrypt encrypted messages received on Facebook without requiring decryption directly on the platform. The goal is to provide privacy and security for Facebook messages while maintaining usability through an integrated, cross-platform system.
The document proposes a system called Crypto-Book that adds a privacy-preserving cryptographic layer to existing social network identities. It uses a network of key servers to assign private/public key pairs to each social network user, in a way that no single server knows a user's full private key. The system allows for anonymous yet accountable interactions by using linkable ring signatures that preserve privacy while linking a user's actions over time. Crypto-Book aims to balance privacy and accountability for users interacting across different websites using social media logins.
Crypto-Book aims to allow anonymous document leaking while still verifying the credibility of sources. It works by having the whistleblower select a group of potential leakers on Facebook to form an "anonymity set". The identities of the true leaker remains hidden while the document's authenticity as coming from one of the anonymity set can be verified. SeeMail also aims to track document leaking, but through embedding unique images ("email beacons") in documents to log when and where they are accessed, raising privacy concerns Crypto-Book hopes to address.
The document proposes a solution called Crypto-Book that uses a privacy-preserving crypto layer to allow for anonymized IDs on social networking sites so that a user's personally identifiable ID on one site like Facebook cannot be linked to their anonymized IDs on other sites, protecting their online privacy and ability to use multiple sites without profiles being linked. The proposed architecture assigns keypairs to Facebook accounts through a split trust server cloud and allows users to generate anonymous ring signatures to authenticate with third party sites anonymously while still being accountable.
The document describes Crypto-Book, a proposed architecture that aims to allow users to privately log into third-party websites using their social media identities. It does this by assigning public/private keypairs to users and using techniques like linkable ring signatures to provide anonymity while still allowing accountability. The system would integrate with OAuth to isolate the social network and third parties. This would allow anonymous yet linked identities across sites to balance privacy and prevent abuse. The authors propose deploying a network of key servers and integrating the system with more third party sites and anonymity networks in future work.
The document outlines a daily routine that includes prayer, greeting the class, checking assignments, a review, an inspirational story, self-checking, a lesson, a video presentation, evaluation, and assigning homework. It also discusses reviewing topics like the internet, web, protocols, and discussion groups.
This document provides an introduction to hackers and hacking. It discusses the history and definitions of key terms like "hacker" and "cracking". It also outlines different types of hackers like grey hat, black hat, and white hat hackers. The document discusses famous hacker groups like Anonymous and provides overviews of computer crimes, hacking tools, and the free software movement. It aims to serve as a general reference on the topic of hackers, hacking, and computer security.
CBSE class X Computer Applications ch 1 INTERNETArchana Dwivedi
The document discusses the history and basics of the internet. It describes how the ARPANET was developed in 1960 and how the World Wide Web was created in 1989, allowing documents and resources to be identified by URLs and linked through hyperlinks. It then defines common internet terms like websites, webpages, web browsers, web servers, URLs, blogs, and more. It discusses how clients and servers communicate over the internet and the functions of web browsers and search bots.
Maltego is a data mining and information gathering tool that helps determine real world links between people, social networks, companies, websites, internet infrastructure, phrases, and documents. It works using "transforms" to identify key relationships and unknown relationships between information. Maltego logs limited usage data while respecting user privacy, and can be used for security assessments, investigations, and learning more about companies and individuals by accessing public information from beyond just Google in an easier manner than traditional search methods.
The document proposes a system called Crypto-Book that adds a privacy-preserving cryptographic layer to existing social network identities. It uses a network of key servers to assign private/public key pairs to each social network user, in a way that no single server knows a user's full private key. The system allows for anonymous yet accountable interactions by using linkable ring signatures that preserve privacy while linking a user's actions over time. Crypto-Book aims to balance privacy and accountability for users interacting across different websites using social media logins.
Crypto-Book aims to allow anonymous document leaking while still verifying the credibility of sources. It works by having the whistleblower select a group of potential leakers on Facebook to form an "anonymity set". The identities of the true leaker remains hidden while the document's authenticity as coming from one of the anonymity set can be verified. SeeMail also aims to track document leaking, but through embedding unique images ("email beacons") in documents to log when and where they are accessed, raising privacy concerns Crypto-Book hopes to address.
The document proposes a solution called Crypto-Book that uses a privacy-preserving crypto layer to allow for anonymized IDs on social networking sites so that a user's personally identifiable ID on one site like Facebook cannot be linked to their anonymized IDs on other sites, protecting their online privacy and ability to use multiple sites without profiles being linked. The proposed architecture assigns keypairs to Facebook accounts through a split trust server cloud and allows users to generate anonymous ring signatures to authenticate with third party sites anonymously while still being accountable.
The document describes Crypto-Book, a proposed architecture that aims to allow users to privately log into third-party websites using their social media identities. It does this by assigning public/private keypairs to users and using techniques like linkable ring signatures to provide anonymity while still allowing accountability. The system would integrate with OAuth to isolate the social network and third parties. This would allow anonymous yet linked identities across sites to balance privacy and prevent abuse. The authors propose deploying a network of key servers and integrating the system with more third party sites and anonymity networks in future work.
The document outlines a daily routine that includes prayer, greeting the class, checking assignments, a review, an inspirational story, self-checking, a lesson, a video presentation, evaluation, and assigning homework. It also discusses reviewing topics like the internet, web, protocols, and discussion groups.
This document provides an introduction to hackers and hacking. It discusses the history and definitions of key terms like "hacker" and "cracking". It also outlines different types of hackers like grey hat, black hat, and white hat hackers. The document discusses famous hacker groups like Anonymous and provides overviews of computer crimes, hacking tools, and the free software movement. It aims to serve as a general reference on the topic of hackers, hacking, and computer security.
CBSE class X Computer Applications ch 1 INTERNETArchana Dwivedi
The document discusses the history and basics of the internet. It describes how the ARPANET was developed in 1960 and how the World Wide Web was created in 1989, allowing documents and resources to be identified by URLs and linked through hyperlinks. It then defines common internet terms like websites, webpages, web browsers, web servers, URLs, blogs, and more. It discusses how clients and servers communicate over the internet and the functions of web browsers and search bots.
Maltego is a data mining and information gathering tool that helps determine real world links between people, social networks, companies, websites, internet infrastructure, phrases, and documents. It works using "transforms" to identify key relationships and unknown relationships between information. Maltego logs limited usage data while respecting user privacy, and can be used for security assessments, investigations, and learning more about companies and individuals by accessing public information from beyond just Google in an easier manner than traditional search methods.
DEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mineFelipe Prado
This document summarizes research into vulnerabilities in nearby file sharing apps on Android devices. It identifies attack surfaces like lack of authentication for WiFi connections, unencrypted data transfers, and ability to spoof identities. The researchers analyzed popular pre-installed and third-party apps, finding most were vulnerable to sniffing attacks, man-in-the-middle attacks, or device spoofing. They provide demonstrations of exploiting these issues and recommendations for more secure connection establishment, encryption, and identity validation to prevent attacks.
This slideshow highlights the Tweet Analyzer machine, a tool created by Paterva and enabled through Maltego Carbon 3.5.3 and Maltego Chlorine 3.6.0. The Tweet Analyzer enables real-time captures of Tweets (from Twitter's streaming API) along with real-time sentiment analysis (based on polarities: positive, negative, and neutral), based on the Alchemy API.
in this presentation we have discussed about different methodology in password cracking. Password bruteforce, social engineering attack , phishing attack, windows login cracking, web login cracking, application password cracking, Gmail password and facebook password extracting
Get familier with basic Maltego features. It is great tool for information gathering. Learn about the reconnaissance using Maltego and visualize the result. You can integrate tools like nmap with it.
Jeselle Cecilia L. Navarrete received a Bachelor of Elementary Education degree with a major in Preschool Education from the University of Sto. Tomas in the Philippines. The document then provides definitions and descriptions of various digital technology terms such as email, wikis, HTML, podcasts, VoIP, chatting, the World Wide Web, streaming, blogs, URLs, social networking, and web feeds. Information on each term is 1-2 sentences and sources are cited at the end.
Password Cracking is a technique to gain the access to an organisation.
In this slide, I will tell you the possible ways of cracking and do a live example for Gmail Password Cracking.
Another Hacker Tool Talk from the Fujitsu Edmonton Security Lab. This presentation looks at how to install and use Maltego CE v 3.0 for open source intelligence (OSINT) gathering.
This document discusses email security and the Pretty Good Privacy (PGP) encryption software. It provides an overview of why email security is important given common threats like loss of confidentiality and integrity. It then describes how PGP works to encrypt emails using symmetric and asymmetric encryption. PGP uses a "web of trust" model where users can sign each other's public keys to establish trusted relationships. Key challenges to PGP adoption are also summarized, such as usability issues and the difficulty of properly managing encryption keys.
The document discusses different types of encryption methods, including link encryption which establishes a direct connection between sender and receiver, common key cryptosystems which use the same key for encryption and decryption but have issues with key distribution, and public key cryptosystems which use a public and private key pair to encrypt and decrypt messages securely without requiring key exchange. It also mentions SSH and how public key certificates can be used to verify a user's identity.
The Secure Inter-branch Payment Transactions case study describes the current electronic payment system used by General Bank of India to transfer funds between branches, which utilizes a central server but lacks strong security. Improvements are needed to add encryption, digital signatures for non-repudiation, and a public key infrastructure to securely distribute keys. Cryptographic toolkits and smart cards could also be incorporated into the system to enhance security of financial transactions transmitted over the private network.
PGP (Pretty Good Privacy) is an encryption standard that aims to provide confidentiality and authentication for communications over unsecure channels. It uses public/private key pairs to encrypt messages and digitally sign them. Users manage their public and private keys in keyrings and can look up other users' public keys to encrypt messages for them or verify their signatures. While not designed for mailing lists originally, PGP can provide security for mailing list communications through solutions like having each message encrypted for all members or using a shared group key pair.
In this project is to communicate with people with a secure End-to-End Encryption and secure way to communicate.
We have discover to how to implement miniproject into ppt documentation.
PGP and S/MIME are two common methods for securing email. PGP uses public/private key encryption and digital signatures to provide confidentiality, authentication, integrity and non-repudiation. It operates by encrypting messages with a randomly generated session key, signing with the sender's private key, and distributing the session key via the recipient's public key. S/MIME also uses public/private key encryption and digital signatures as defined in its X.509 certificate standard to secure email in a similar manner to PGP. Both protocols aim to protect email contents and verify sender identity.
PGP and S/MIME are protocols that provide security enhancements for email such as confidentiality, authentication, integrity, and non-repudiation. PGP uses public/private key encryption and a "web of trust" model where users can sign each other's keys, while S/MIME uses X.509 certificates and a hybrid PKI/web of trust approach. Both protocols generate session keys to encrypt email contents and attach digital signatures to authenticate senders and detect modifications. PGP and S/MIME transform encrypted data into ASCII format for transmission over standard email protocols.
This document provides guidance on securing passwords and protecting against password risks. It discusses best practices for creating strong passwords, using passwords safely, changing passwords regularly, and recovering passwords. It also covers risks of password exposure like phishing and malware, and precautions to take like keeping devices and shared computers secure. The overall message is the importance of password security to protect online accounts and information.
The document discusses digital literacy and how to safely read and comprehend hypertexts. It covers two objectives: identifying the characteristics of security alerts and tips found online, and practicing reading strategies to safely use computers and the internet. The class activity involves pre-reading exercises to understand two text genres - security alerts and tips. Students learn to identify subjects, publishers, and intended audiences. They also discuss vocabulary and when to use "should" for advice. The goal is to help each other safely use technology through sharing security information online.
This document provides an overview of DNS security (DNSSec). It discusses some past attacks on the root DNS servers and issues of trust with top-level domain operators. DNSSec aims to address these security issues by digitally signing DNS records to authenticate the origin and integrity of DNS data.
This document discusses various topics related to computer security and hacker attacks. It covers types of attacks like denial of service attacks, password attacks, spoofing, and buffer overflow attacks. It also explains security concepts like password security, network security, and different modes of hacker attacks over the internet, LAN, locally, and offline. The document emphasizes that as computer security improves, hackers are finding newer ways to compromise systems, so security is an ongoing challenge.
This document discusses email security and the Pretty Good Privacy (PGP) encryption software. It describes why email security is important given threats like loss of confidentiality and integrity. It then provides details on PGP, including how it uses public/private key encryption and digital signatures to encrypt messages and authenticate senders. PGP uses symmetric encryption of messages and asymmetric encryption of session keys, storing keys in a local ring. The document discusses PGP key management and its use of a web of trust model without a central authority.
DEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mineFelipe Prado
This document summarizes research into vulnerabilities in nearby file sharing apps on Android devices. It identifies attack surfaces like lack of authentication for WiFi connections, unencrypted data transfers, and ability to spoof identities. The researchers analyzed popular pre-installed and third-party apps, finding most were vulnerable to sniffing attacks, man-in-the-middle attacks, or device spoofing. They provide demonstrations of exploiting these issues and recommendations for more secure connection establishment, encryption, and identity validation to prevent attacks.
This slideshow highlights the Tweet Analyzer machine, a tool created by Paterva and enabled through Maltego Carbon 3.5.3 and Maltego Chlorine 3.6.0. The Tweet Analyzer enables real-time captures of Tweets (from Twitter's streaming API) along with real-time sentiment analysis (based on polarities: positive, negative, and neutral), based on the Alchemy API.
in this presentation we have discussed about different methodology in password cracking. Password bruteforce, social engineering attack , phishing attack, windows login cracking, web login cracking, application password cracking, Gmail password and facebook password extracting
Get familier with basic Maltego features. It is great tool for information gathering. Learn about the reconnaissance using Maltego and visualize the result. You can integrate tools like nmap with it.
Jeselle Cecilia L. Navarrete received a Bachelor of Elementary Education degree with a major in Preschool Education from the University of Sto. Tomas in the Philippines. The document then provides definitions and descriptions of various digital technology terms such as email, wikis, HTML, podcasts, VoIP, chatting, the World Wide Web, streaming, blogs, URLs, social networking, and web feeds. Information on each term is 1-2 sentences and sources are cited at the end.
Password Cracking is a technique to gain the access to an organisation.
In this slide, I will tell you the possible ways of cracking and do a live example for Gmail Password Cracking.
Another Hacker Tool Talk from the Fujitsu Edmonton Security Lab. This presentation looks at how to install and use Maltego CE v 3.0 for open source intelligence (OSINT) gathering.
This document discusses email security and the Pretty Good Privacy (PGP) encryption software. It provides an overview of why email security is important given common threats like loss of confidentiality and integrity. It then describes how PGP works to encrypt emails using symmetric and asymmetric encryption. PGP uses a "web of trust" model where users can sign each other's public keys to establish trusted relationships. Key challenges to PGP adoption are also summarized, such as usability issues and the difficulty of properly managing encryption keys.
The document discusses different types of encryption methods, including link encryption which establishes a direct connection between sender and receiver, common key cryptosystems which use the same key for encryption and decryption but have issues with key distribution, and public key cryptosystems which use a public and private key pair to encrypt and decrypt messages securely without requiring key exchange. It also mentions SSH and how public key certificates can be used to verify a user's identity.
The Secure Inter-branch Payment Transactions case study describes the current electronic payment system used by General Bank of India to transfer funds between branches, which utilizes a central server but lacks strong security. Improvements are needed to add encryption, digital signatures for non-repudiation, and a public key infrastructure to securely distribute keys. Cryptographic toolkits and smart cards could also be incorporated into the system to enhance security of financial transactions transmitted over the private network.
PGP (Pretty Good Privacy) is an encryption standard that aims to provide confidentiality and authentication for communications over unsecure channels. It uses public/private key pairs to encrypt messages and digitally sign them. Users manage their public and private keys in keyrings and can look up other users' public keys to encrypt messages for them or verify their signatures. While not designed for mailing lists originally, PGP can provide security for mailing list communications through solutions like having each message encrypted for all members or using a shared group key pair.
In this project is to communicate with people with a secure End-to-End Encryption and secure way to communicate.
We have discover to how to implement miniproject into ppt documentation.
PGP and S/MIME are two common methods for securing email. PGP uses public/private key encryption and digital signatures to provide confidentiality, authentication, integrity and non-repudiation. It operates by encrypting messages with a randomly generated session key, signing with the sender's private key, and distributing the session key via the recipient's public key. S/MIME also uses public/private key encryption and digital signatures as defined in its X.509 certificate standard to secure email in a similar manner to PGP. Both protocols aim to protect email contents and verify sender identity.
PGP and S/MIME are protocols that provide security enhancements for email such as confidentiality, authentication, integrity, and non-repudiation. PGP uses public/private key encryption and a "web of trust" model where users can sign each other's keys, while S/MIME uses X.509 certificates and a hybrid PKI/web of trust approach. Both protocols generate session keys to encrypt email contents and attach digital signatures to authenticate senders and detect modifications. PGP and S/MIME transform encrypted data into ASCII format for transmission over standard email protocols.
This document provides guidance on securing passwords and protecting against password risks. It discusses best practices for creating strong passwords, using passwords safely, changing passwords regularly, and recovering passwords. It also covers risks of password exposure like phishing and malware, and precautions to take like keeping devices and shared computers secure. The overall message is the importance of password security to protect online accounts and information.
The document discusses digital literacy and how to safely read and comprehend hypertexts. It covers two objectives: identifying the characteristics of security alerts and tips found online, and practicing reading strategies to safely use computers and the internet. The class activity involves pre-reading exercises to understand two text genres - security alerts and tips. Students learn to identify subjects, publishers, and intended audiences. They also discuss vocabulary and when to use "should" for advice. The goal is to help each other safely use technology through sharing security information online.
This document provides an overview of DNS security (DNSSec). It discusses some past attacks on the root DNS servers and issues of trust with top-level domain operators. DNSSec aims to address these security issues by digitally signing DNS records to authenticate the origin and integrity of DNS data.
This document discusses various topics related to computer security and hacker attacks. It covers types of attacks like denial of service attacks, password attacks, spoofing, and buffer overflow attacks. It also explains security concepts like password security, network security, and different modes of hacker attacks over the internet, LAN, locally, and offline. The document emphasizes that as computer security improves, hackers are finding newer ways to compromise systems, so security is an ongoing challenge.
This document discusses email security and the Pretty Good Privacy (PGP) encryption software. It describes why email security is important given threats like loss of confidentiality and integrity. It then provides details on PGP, including how it uses public/private key encryption and digital signatures to encrypt messages and authenticate senders. PGP uses symmetric encryption of messages and asymmetric encryption of session keys, storing keys in a local ring. The document discusses PGP key management and its use of a web of trust model without a central authority.
PGP and S/MIME are protocols for securing email communications. PGP uses public/private key encryption and digital signatures to provide confidentiality, authentication, and integrity. It operates using a "web of trust" model where users can sign each other's keys. S/MIME uses X.509 certificates and relies on certificate authorities similarly to PGP to secure email. IPsec provides authentication and encryption of IP packets through protocols like AH and ESP to secure network traffic at the IP layer.
PGP and S/MIME are two methods for securing electronic mail. PGP uses public/private key encryption and digital signatures to provide confidentiality, authentication, integrity and non-repudiation of messages. It operates by encrypting messages and attachments with session keys, then encrypting the session keys with the recipient's public key. S/MIME uses X.509 certificates managed by a hybrid of certificate authorities and a web of trust to encrypt, sign and authenticate email messages using algorithms like DES, RSA and SHA-1. Both aim to protect the confidentiality of email contents and verify the identity of senders.
PGP and S/MIME are two methods for securing electronic mail. PGP uses public/private key encryption and digital signatures to provide confidentiality, authentication, integrity and non-repudiation of messages. It operates by encrypting messages and attachments with session keys, then encrypting the session keys with the recipient's public key. S/MIME uses X.509 certificates managed by a hybrid of certificate authorities and a web of trust to encrypt, sign and authenticate email messages using algorithms like DES, RSA and SHA-1. Both aim to securely transmit email in a way that addresses the vulnerabilities of standard email protocols.
PGP and S/MIME are two methods for securing electronic mail. PGP uses public/private key encryption and digital signatures to provide confidentiality, authentication, integrity and non-repudiation of messages. It operates by encrypting messages and attachments with session keys, then encrypting the session keys with the recipient's public key. S/MIME uses X.509 certificates managed by a hybrid of certificate authorities and a web of trust to encrypt, sign and authenticate email messages using algorithms like DES, RSA and SHA-1. Both aim to protect the confidentiality of email contents and verify the identity of senders.
PGP and S/MIME are two methods for securing electronic mail. PGP uses public/private key encryption and digital signatures to provide confidentiality, authentication, integrity and non-repudiation of messages. It operates by encrypting messages and attachments with session keys, then encrypting the session keys with the recipient's public key. S/MIME uses X.509 certificates managed by a hybrid of certificate authorities and a web of trust to encrypt, sign and authenticate email messages using algorithms like DES, RSA and SHA-1. Both aim to protect the confidentiality of email contents and verify the identity of senders.
User authentication is the process of verifying an identity claimed by a system entity. There are four main means of authenticating a user's identity: something the user knows (e.g. password), something the user possesses (e.g. smart card), something the user is (e.g. fingerprint), and something the user does (e.g. typing rhythm). Password authentication is widely used but vulnerable to dictionary attacks, password guessing, workstation hijacking, and exploiting multiple password use or user mistakes. Techniques like password hashing with salts and account lockouts help strengthen password authentication against cracking attempts.
2. The Problem
• Facebook store everything indefinitely
– Messages, photos, wall posts etc.
– Facebook software reads messages to display ads
• If someone hacks your account, they can
access all your private chats
• Facebook may hand over message transcripts
to the government
• If you forget to log out of Facebook on public
or shared computer, other people can read
everything
3. Existing solutions
• Symmetrically encrypt using another tool eg
encipher.it then send encrypted message over
Facebook
– Requires user to decide on a different password
for every friend in advance
• Encrypt-Facebook Chrome plugin
– Allows you to encrypt messages before you post
them to a group
– Symmetric key for encryption/decryption must be
shared in advance
– Only for Chrome – no other browser support
4. Existing solutions
• Abine Encrypt
– Allows you to encrypt messages using transient
keypair
– Messages are lost when you close the browser
– Other user has to be online at the same time to
send them encrypted messages
5. Public/private key encryption
• Asymmetric encryption
• I can send you an encrypted message even if I
haven’t set up my own keypair yet
• Secure
• But used be few users due to complexities
6. Public/private key encryption
• Difficult to use
• Not easy to generate key
– Have to use command line tools
– No easy way to generate on Windows
• Difficult to distribute
– Have to submit to keyserver
• Difficult to look up others’ public keys
• Difficult to use keys to do encryption and
decryption
10. To make encryption easy
• Easy way to generate key
• Easy way to publish key
• Easy way to find friends’ keys
• Easy way to use friends’ keys to send them
encrypted messages
11. My solution: Crypto-Book
• Allows you to easily create and share your
public key
– One click key generation
• Simple interface to send friends encrypted
messages through Facebook
• Fully integrated decrypter app allows you to
read encrypted messages
– Cross platform: Windows, Mac/Linux
– One click install on Windows
12. System overview
Generates keypair and
sends to user
User Crypto-Book
Give me a keypair
List of friends
Facebook login
User Crypto-Book Facebook
Logs user into Facebook
Recipient’s public key
Recipient
User Crypto-Book Facebook
Message
Look up recipient’s profile
13. System overview
Message Encrypted message
User Crypto-Book Facebook
Encrypted message
sent as Facebook
message to recipient
Encrypted message Decrypted message
Facebook Desktop Recipient
decrypter
app
14. Design choices
• Key generation
– Chose to generate server side to improve usability
– Cannot read messages unless have access to your
Facebook
– Also have a desktop key generator
• Key publication uses URL shortener
– Improves usability
– Could use full form URL but more confusing
15. Design choices
• Sending messages
– Trust Crypto-book as has access to plaintext
– Nothing is stored
– Chose this option as makes system more usable
– Goals are:
• avoid Facebook’s indefinite logging,
• hide message histories from hackers and Facebook software,
• don’t let government get access to message histories,
• if you forget to log out of public machine others don’t have
access
– Focus on top notch usability with best effort security
• Top notch security with best effort usability with has failed
to be taken up by users
16. Design choices
• Sending messages
– Originally encrypted messages offline however
requires another app
– Cannot directly message Facebook friend from
desktop app, cannot post to their wall, have to post to
own wall and cannot tag people, cannot log into
Facebook without web browser access
• Decryption
– Desktop app – prevents Facebook getting access to
your private key
– Decrypt on Facebook would compromise security by
giving Facebook access to your encrypted messages
20. Using a key
• Fully integrated with Facebook
• Send a message through crypto-book.com
• Log in with Facebook
• Choose friend to send to
– Automatically looks up key
• Enter message
– Encrypt with friend’s public key and sent through
Facebook
23. Easy decryption
Message displayed to user
Click to view message
24. Areas for future work
• Make it easier to deploy on Mac/Linux
• Further testing on different environments
• Signing as well as encryption
• Use identity based encryption
– Have to trust IBE servers, anytrust model
– Facebook have access to your private key
• Anonymity through linkable ring signatures