• No results found

Introduction to Encryption What it s all about

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Introduction to Encryption What it s all about"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)
(2)

What it’s all about

Introduction to Encryption

How it works

Digital Communication

Digital communication (ie. e-mail, text messaging) are sent through a computer network, usually the internet, and can be intercepted in two locations. First, during transmission and second, when being stored on the company servers. At MOA Project, we believe privacy and the ability to communicate without government or corporate eavesdropping is a basic right of all people.

Some groups, like activists, are active targets of surveillance and government spying in New Zealand and around the world. This is an unjust; abuse of power and we encourage all people to protect themselves from it. This is a basic guide to teach activists how to protect themselves and their communities.

We hope you find it helpful

- The MOA Project

Encryption - Allows a message to be sent through a digital network in a

way that its content cannot be read or understood by third parties or unauthorized people.

To achieve this, a message must be encrypted by your computer. Then, travel through the internet encrypted. Until, it is recieved by your friend. Only then, should it be decrypted.

E-mail Provider’s Server

Unsecure on Server

The Internet

The Internet

(3)

Encryption by Device

How Security Breaches Happen

A Secure Laptop

Smart Phone

USB/Hard Drive

Storage

Communication

Anonymous Internet Use

SMS (text message)

Encrypted with Truecrypt Voice Call

Telegram Messenger

(Secret Chat Only)

Encrypted Drive with Truecrypt

Encrypted Email and Trusted Networks On TOR Browser

Not Secure, Stored on Unencrypted Server Not Secure, phones can be tapped

End-to-End Encryption + Auto Delete

Secure Storage of File or Entire Disk

1)

2)

3)

4)

5)

When stored on servers : Unencrypted data can be viewed/shared by the company under court order & accessed by the government. In some cases data can be stolen by hackers.

Weak passwords : Can be easily opened with a “Brute Force Attack” and bypass encryption.

Device if not protected : Gaining physical access to your computer.

IE, Theft, lost device, seized by police during arrest, search or border crossing

Hackers access computer : Through software with known vulnerabilities.

Keep software up to date

Intercepted on Wi-Fi : Unencrypted data sent on public Wi Fi, or data sent over non password protected Wi-Fi, can be taken.

(4)

What it’s all about

Secure Communication

Secure communication - occurs when a message is sent through a digital network in a way that its content cannot be read or understood.

To achieve this, a message must be encrypted by your computer,

travel through the internet encrypted, until it is recieved by your friend. Only then, should it be decrypted.

Any information that travels through the internet can be intercepted during tras-mission. Since all digital communication also passes through and is stored on a server, anyone who can gain access to this server can get your information.

Telegram is a free and open source messenger app that allows you to

communicate securely using its “Secret Chat”. Users can send/receive encrypted and self-destrucing messages, photo, video, documents and voice messages.

This means your telephone company cannot read your messages, governments will have difficulty accessing and because Telegram servers are located internationally. Check out : https//telegram.org

Encrypted on Server

The

Internet InternetThe

A. Message is Encrypted B. Message is Decrypted

Secure on your smart phone

Telegram Messenger

(5)

Truecrypt

Protecting Data Storage

3)

2)

1)

What are the primary uses of TrueCrypt?

How can you encrypt your storage using TrueCrypt:

TrueCrypt is a free software used to encyrpt data storage devices (hard drive/ USB sticks) to protect your data. Encryption works by automatically mixing up the data into a form that cannot be understood by anyone who doesn’t have the key to “undo” the mix up. Without the proper authentication key, even if the hard drive is removed and placed in another machine, the data remains inaccessible. TrueCrypt can encrypt the entire hard drive. Or, it can be used to create an encrypted folder on your computer.

Create an encrypted file container: (Basic)

Encrypt a non-system drive or partition (Advanced)

Your non-system drive does not contain your computers operating system. IE. external hard drive, USB stick, computers with multiple hard drives or systems with a partitioned hard drive

Encrypt the system hard drive, or entire system partition (Advanced) System means this is the primary memory drive for your computer. Most computers only have one drive, the system drive. Using this option, you will need to enter the encryption password when you first start the computer up. Without the password the computer will not function at all. If removed, the hard-drive will be completely encrypted.

TrueCrypt has recently stopped being supported. Although TrueCrypt is secure now, as new versions of computer software are released it will become compromised.

We are currently researching a replacement for TrueCrypt

Creates an encrypted folder on your computer. After created, you can drag and drop files into this folder. When the folder is closed they will be encrypted. You will need the encryption password to open the folder.

(6)

Anonymity on the network

Secure Research

TOR (The Onion Router)

provides anonymous and untraceable commu-nication between you and the websites you visit.

Websites cannot tell who you are, where you are, and your internet provi-dor cannot see what you are viewing.

You can anonymously research and view the internet, therefore this soft-ware will protect your privacy and defend yourself against network surveil-lance and website tracking.

Download TOR here : www.torproject.org

This part is encrypted

This part is NOT encrypted

How TOR works:

TOR directs Internet traffic through a free, worldwide, vol-unteer network consisting of more than five thousand relays and then en-crypts the connection between each computer.

Making it more difficult to trace Internet activity back to you. Including "visits to websites, online posts, instant messages, and other communication forms".

TIP : Websites cannot see who you are or where you are but they can see what you send. If you send personal information over TOR you can be iden-tified.

Website’s Server

(7)

Best Practices for Encryption

Passwords

f

Passwords are used to protect most types of encryption. Weak passwords can be broken and are often the weakest link in an encrypted system.

Advanced computers can conduct “Brute Force Attacks” on passwords and bypass encryption by cracking the password

Messaging using e-mail providers is not secure as the data could be accessed on the server of the company that you use. The company can view or share your information, be forced to supply it to a government under court order or it can be stolen by hackers.

By encrypting your emails before they are sent, you add an extra layer of security to protect your conversation.

This means that your emails will be encrypted when stored on company servers, using a secure password the company does not have.

Please see “Advanced Encrypition” on page 7 for more info

Tips for Passwords :

Do not share or reveal passwords

Password length is more important than complexity

Ideally, passwords should be 20+ characters long. Try using a sentance ie. “thisisaVerySecurePassword4589”

Use different passwords for accounts that access restricted data, than for your less-sensitive accounts

Change initial and temporary passwords as soon as possible. These tend to be less secure

(8)

We are a group of activists from a variety of backgrounds who are working to build an organized and skilled activist network across Aotearoa/ New Zealand. We believe activism and protest is an integral part of any function-ing democracy.

The MOA Project works to assist activists and grassroots groups to become more effective and create real change. We support grassroots activists and groups through resource sharing, skill sharing and up skilling.

More information available on www.MOAproject.org

Fancy options

Advanced Options

Encrypted E-Mail : Email encryption is based in a Public-Private keypair. You send your “Public Key” to your friends, they use this Public Key to encrypt email sent to you. You must have their Public Key to send encrypted email to them.

What you need to encrypt your e-mail conversations

ThunderBird : E-mail application that supports Public-Private key encryption GnuPG : Application to generate your public and private keypair.

Enigmail : Extension for Thunderbird used to encrypt your email More information on advanced encryption here:

www.moaproject.org/resources/moa-project-guides/email-encryption/ We will endeavor to make information on more advanced encryption available on our website. Unfortunately it is outside the scope of this short guide.

References

Download now ( PDF - 8 Page - 765.56 KB )

Related documents

Pembuatan Prototype Presensi Kelas Menggunakan Teknologi Near Field Communication (Nfc) Pada Android

Dosen harus melakukan login untuk dapat menerima presensi dari mahasiswa, melihat mata kuliah yang diajar, dan melihat peserta kuliah. Pengujian prototype pada halaman

The maternal hyperlactation syndrome

If breastfeeding by itself doesn’t effectively remove the thickened inspissated milk, then manual expression of the milk, or the use of an efficient breast pump after feeds will

Life span studies of ADHD - conceptual challenges and predictors of persistence and outcome

suggest that the 15% persistence rate is a clear underestimation due to change of informants between adult and child assessments and inadequacy of the ADHD diagnostic criteria

Integrating Clinical Research in Europe

Support to investigation Investigator-driven clinical research Industry-sponsored clinical research Industry sponsors. Industry study management

An audience focused approach to framing climate-change communication in agriculture

Specific research objectives to guide the study were RO1: describe the level of issue salience agricultural producers have related to climate change; RO2: investigate frames

STATE OF CONNECTICUT

The Fence Installers (as defined in the attached Decision) used by The Fence Company, appellee, are independent contractors for workers' compensation insurance

Customer Experience - what s it all about?

This guide explains what customer experience is, why it is critical to your business (particularly in the current economic climate) and what can be done to improve it – a

ID THEFT: What It s All About

To place an alert on your credit report, or to have it removed, you will have to provide appropriate proof of your identity, including your SSN, name, address, and other