10/16/2013. Don t Get Left Out of the Encryption Crowd. October 25, 2013 at 9:45 AM. Don t Get Left Out of the Encryption Crowd

(1)

Don’t Get Left Out of the Encryption Crowd

October 25, 2013 at 9:45 AM

(2)

36 Centuries BCE

Cuneiform by Ancient Sumerians Hieroglyphics by Egyptians

American Revolution

World II

HIPAA

Laundry

Anna Strong, signaled the message's location with a code involving laundry hung out to dry. A black petticoat indicated that a message was ready to be picked up, and the number of handkerchiefs identified the cove on Long Island Sound where the agents would meet.

(3)

Stain

Silas Deane is known to have used a heat-developing invisible ink—a compound of cobalt chloride, glycerin and water—for some of his intelligence reports back to America.

The stain required one chemical for writing the message and a second to develop it, affording greater security than the ink used by Deane earlier.

Number Substitution

In 1775, Charles Dumas designed the first diplomatic cipher that the Continental Congress and Benjamin Franklin used to communicate with agents and ministers in Europe. Dumas's system substituted numbers for letters in the order in which they appeared in a preselected paragraph of French prose containing 682 symbols.

Machine Encryption

By World War II, mechanical and electromechanical cipher machines were in wide use, although—where such machines were impractical—manual systems continued in use.

The Germans made heavy use, in several variants, of an electromechanical rotor machine known as “Enigma”. The code would change daily.

(4)

Battle in the Pacific

US Navy cryptographers (with cooperation from British and Dutch cryptographers after 1940) broke into several Japanese Navy crypto systems.

The break into one of them, JN-25, famously led to the US victory in the Battle of Midway; and to the publication of that fact in the Chicago Tribune shortly after the battle, though the Japanese seem not to have noticed for they kept using the JN-25 system.

Navaho Code Talkers

Guadalcanal, Tarawa, Peleliu, Iwo Jima: the Navajo code talkers took part in every assault the U.S. Marines conducted in the Pacific from 1942 to 1945. They served in all six Marine divisions, Marine Raider battalions and Marine parachute units, transmitting messages by telephone and radio in their native language a code that the Japanese never broke.

Its syntax and tonal qualities, not to mention dialects, make it unintelligible to anyone without extensive exposure and training. It has no alphabet or symbols, and is spoken only on the Navajo lands of the American Southwest.

Open PGP developed in 1991 HIPAA enacted in 1996 Expanded to cover more entities

Symantec purchases OpenPGP in 2010 for $300M

Symantec purchases VeriSign and begin charging for digital IDS

(5)

Where Does Encryption Exist Between Computer & Email Server

Encryption ONLY exists between you and server Email server decrypts and passes message as plain text to recipient.

Cost: Usually FREE End-To-End Encryption

Encryption remains in place all the way to recipient. Cost: Varies from a few dollars to several thousand.

It Takes 2 to Tango What You Need:

 Digital Certificate  Private Key (decrypt)  Public Key (encrypt)

Vwill be an outside vendor needing encrypted

emails

Owill be office requiring communication with V

Setup for Encrypted Email Communication Oacquires Digital ID or Certificate

Purchased from Symantec, Comodo, etc.

Must be acquired on the system you will use for correspondence.

Osends a digitally signed email to V

Send to all correspondents who will be sending O encrypted emails.

(6)

 Vand recipients must save certificate information to their contact list

 This will register the sender's (O) "Public Key" on V's system

Setup for Encrypted Email Communication

 Enables Oto receive encrypted emails from V

 Ocannot send encrypted emails to V

V

O

Vacquires Digital ID or Certificate

Purchased from Symantec, Comodo, etc.

Must be acquired on the system you will use for correspondence.

Vsends a digitally signed email to O

Send to all correspondents who will be sending V encrypted emails.

(7)

 Oand recipients must save certificate information to their contact list

 This will register the sender's (V) "Public Key" on O's system

 Enables Vto receive encrypted emails from O

 Ocan send and receive encrypted emails with V

V

O

Implementation

1. Ocreates an email to send to V

and marks it for encryption

2. Email program encrypts the message and any attachments using the V's "Public Key"

3. Email passes through several

routers until it arrives on V's system

4. Email program decrypts message

(8)

1. Vreplies to O's email and marks the reply as encrypted.

2. Email program encrypts message and attachments using O's "Public Key"

3. O's system decrypts email using

O's "Private Key"

 Standards and cryptographic software and hardware to perform encryption are widely available, but successfully using encryption to ensure security may be a challenging problem.

 A single slip-up in system design or execution can allow successful attacks.

Email Alternatives

 Snail Mail  FAX

Cell Phone Alternatives

(9)