Digital Security and Privacy for Human Rights Defenders

2.4 Cryptology

Abstract
  1. Encryption is the process of making your information inaccessible to all but the intended party. You can encrypt a message, an email or your entire computer
  2. To communicate using encryption, we use the public key system. Our encryption method consists of a public and a private key. We share the public key with those who wish to communicate with us. They then encrypt a message to us using our public key.
  3. The security of this system relies on the validity of the public key you are encrypting to, a virus and spyware free computer, and a good password, protecting your private key.
  4. We can prevent unauthorised tampering with our email en-route to its destination by using digital signatures.
  5. The level of security offered by encryption has led to its practice or theory (teaching) being outlawed in several countries.

History

Cryptology is concerned with linguistic and mathematical techniques for securing information. The messages are coded to become unreadable to everyone but the intended recipient. Its long and colourful history goes back to around 5th century BC when the Spartans created the earliest known method of encryption using two identical wooden staffs and a piece of parchment. The parchment would be wrapped around the stick and the message written lengthwise. Unwrapped, the letters did not appear in any comprehensible order. The parchment was sent to the recipient, who had an identical staff to read the message on. Another early user of cryptology was Julius Caesar, the Roman emperor. His method of securing messages was to put two sets of the alphabet side by side and shift one of them by a specific number of places. He was known to use a 3-place shift when coding messages of military importance. Both of these methods remain in use today, and the latter is called the Caesar cipher. But the use of parchment and letter-shifting became obsolete in the complex world of computational mathematics in which our ever more powerful computers operate. Other methods to secure information from outsiders include linguistic cryptology (e.g. hieroglyphics) and steganography, which is the process of hiding the existence of the message itself.

The message written on the parchment along the length of the stick (scytale). The scytale uses what is now known as a transpositional cipher, whereby you rearrange the order of letters in a message.

ceasar cipher

The Caesar cipher uses a method of substitution – where you are replacing a letter with one of a fixed position further down the alphabet.
The practice of breaking a cryptographic message is called cryptanalysis. It aims to find a weakness or insecurity in the method of cryptography. One famous example from 20th century was the Polish and British cryptanalyst’s’ breaking of the Nazi “Enigma” code. Churchill was of the opinion that it was a turning point in WWII as the Enigma-code-encrypted communications were used by the Germans to navigate and direct their feared U-boats.
The security, provided by cryptography alone, should not be overestimated. Its fallibility is usually a result of human error or a bug in the overall security procedure. The use of cryptography has also been restricted by legislation. Civil society in the US fought for a long time to prevent the outlawing of public access to cryptology. Many countries that wish to access and control the flow of Internet communications have either restricted or banned the civilian use of cryptography altogether.

Encryption

Encryption (and its opposite – decryption) is a popular study in the field of cryptology. Encryption works by applying a large mathematical pattern to a set of data and coding it so that it appears incomprehensible to anyone who does not have the decryption method, otherwise known as the key.

Hard disk encryption

harddisk encryption
You can use encryption to protect your entire hard drive. You will in essence code every bit of information on it, so that only you, having entered a password, can access this data. All the sectors on your hard drive (the area where information is stored) will be encrypted. You still retain the free space on your hard drive to add additional files or programs, but as soon as you copy them to your computer, they are automatically encrypted. Whenever you extract the data from your computer (for example, to send an email attachment) they are automatically decrypted. If your computer is switched off and the attacker wishes to bypass its BIOS security (which you may have set after reading the Windows chapter) by physically removing the hard drive, the information on it will remain inaccessible as it will be encrypted28.

harddisk partition encryption
You can also create an encrypted partition. A partition is the computer’s method to virtually dividing one hard disk into two or more (by “virtually” I mean that your computer will now see your hard disk as two separate ones). Physically there will only be one hard disk, but the computer will function as if there were several. If your computer has one disk (C:) with 5GB of free space, you can create another partition (D:) and allocate 1GB of space to it. This partition will be encrypted, and you can store your documents on it. The main C: partition will remain ‘open’ and will store your software and other files that are not sensitive. This is an excellent option for stable and secure operation of your computer29.

You can set your email program (e.g. Thunderbird) to store all files on the encrypted partition. Only you, or the bearer of your password, will be able to access the email on this partition.

You can also encrypt your entire USB memory card or other removable devices. This is very useful if you are constantly travelling and have all your documents on the memory card. Some software (True Crypt, CompuSec) can encrypt your USB card, so that you will not need the program to be installed on every computer you wish to use with the memory card.

Public Key Encryption

Traditional methods of encrypting the information you wanted to share with another person required you to give them the password to decrypt it. This was not a very secure method, as it was possible to compromise your password in the process. To get around this problem, mathematicians developed public key encryption (PKE). It is the most common method of encrypting communications (e.g. Email) today.

When using PKE, your key will be made up of two parts: a public and a private key. Together they will make up your key pair. The keys are intertwined and what you encrypt with one, you can decrypt with the other. This is an integral part of PKE and a basis for its security and fallibility.

You share your public key with anyone you want to communicate with. You can also upload your public key to a key server on the Internet. The private key is kept secret on your computer or floppy disk and additionally protected with a password that only you should know. Do not share your private key with anyone. If you think that your password has become compromised (stolen) then you will need to revoke your key pair and recreate them from scratch.

Encrypting and decrypting a message30

In the PKE system, messages are encrypted for sending to us using our public key, and we decrypt them using our private key. People obtain your public key when they wish to send you an encrypted message by asking you for it or finding one you left previously on an Internet key server.

Example: You have a message that you wish to send to me encrypted. First, I must give you a copy of my public key. You use this public key to encrypt the message and send it back by email or other means. Only I will be able to decrypt this message since only I have the missing link – my private key.

public key encryption
Note: by “plaintext” we refer to the original message and “cipher text” refers to the message once it has been encrypted. This facilitates communication of encrypted messages without having to share a password and dramatically increases the security and practicality of your communications. PKE has been applied to email, Internet chat, web browsing and many other Internet services. Its security has caused controversy with many governments. The level of privacy offered by the successful application of this system has made many surveillance and intelligence agencies very worried.

Key Security

The reliability of the encryption depends on :
  • the size of your key pair (usually 2048 bits long)
  • the ability to validate the recipient’s public key
  • protecting your password that unlocks the private key

The PKE infrastructure relies on the valid identity of the public and private key. When you are encrypting a message to me using my public key, you want to be sure that this key belongs to me. Let’s have a look at the properties of a key pair.

A key pair is identified by 5 distinct features:
  • User ID: usually the email address of the key holder. Make sure it is spelt correctly.
  • Key ID: a unique ID automatically generated by the encryption program.
  • Fingerprint: (sometimes called MD5 and SHA1. See ‘Encryption on the Internet’ chapter for more detail) this is a unique identifier that is generated from the public key.
  • Date Created: the day on which the keypair was created.
  • Date Expired: the day on which the keypair expires.
GPGshell program

Fingerprint as seen in the GPGshell program

Try and verify the above details before using someone’s public key to communicate with them. Since public key encryption does not require you to share a password with the message recipient, it is important that you can validate the true identity of the public key. Public keys are easy to create but the identifying features can also be falsified. That is why you should authenticate the person’s public key before you use it (see ‘Digital signatures’ below). Once you have established that the public key belongs to them, you can ‘sign’ it. This will tell the program that you trust the key’s validity and wish to use it.31

The key size is usually 2048 bits. This level of encryption is assumed to be far more complex than modern computers can break32.

Digital Signatures

We need the ability to verify the authenticity of our messages. This can be done by a digital signature, which also uses PKE to function. When you digitally sign a message, you include in it a unique mathematical calculation derived from its size, date and specific content. This digest is then encrypted with your private key so that the recipient can verify its validity. Once decrypted, the original digest in the signature is checked against the file received and confirms whether the file has been modified or not since it was signed. It is virtually impossible to change the content of your message without invalidating the signature.

digital signatures
Some programs (e.g. GnuPG) that perform PKE can be integrated with an email program (e.g. GnuPG with Thunderbird using the Enigmail plug-in33 or with MS Outlook using the G Data GnuPG plug-in34) making the whole operation simpler and faster to perform.
It is advisable to encrypt all your communications once you and your contacts have set up and began using PKI. This counteracts the possibility of arousing suspicion of a lone encrypted email, containing sensitive information.
To sum it all up, using encryption is really not so difficult with modern software at hand. The main points to remember:
  • You need to create a keypair and keep your private key safe
  • You encrypt your messages to the recipient’s public key
  • You should always verify the recipient’s key by checking the fingerprint

Encryption Insecurity

The biggest problem with using encryption is that it sometimes gives the user a false sense of security. Just because you are using encryption does not mean that your messages will remain 100% secure. It is, of course, an excellent method of raising your level of security, but it is not foolproof. The main problem with PKE security is the human factor: mistakes that we make by carelessness or ignorance. I will discuss three methods of breaking your encryption privacy.
  • Compromising your private key. If the attacker manages to receive a copy of your private key by gaining access to your computer or otherwise, all they have to do is break the password protecting it. This can be done by brute force (using a password-cracking program that tries all common and random combinations) or by simply observing you type your password on the keyboard. Another method of stealing your password would be to install a keylogger program by gaining access to your computer with the help of an email attachment. A keylogger will record all the keys that you press on the keyboard and send this information to a designated Internet or email address. This way the attacker can receive the password you use to access your private key without requiring physical access to you or your computer.35
    The solution here is to use updated anti-virus, and anti-spyware programs and a firewall. This will, hopefully, either detect the presence of the keylogger or prevent it from sending this information outside. Take care when typing the password and make sure that no one can see your keyboard or the computer screen. Most good encryption programs do not display the password on the screen. You have to write it ‘blind’.
  • Key Recovery Systems. Since encryption is now integrated into more devices and uses with every passing day, its highly secure framework has become a problem for many government and law enforcement agencies. For many years they have been trying to implement key recovery systems (key escrow) which would give the authorities access to your private key. Alternatively, governments have began passing laws stating that you must surrender a copy of your private key to them for storage. Some closed encryption programs, where the encryption method has not been publicly tested, actually provide a backdoor for security agencies. Although this practice has been made illegal in many countries, it can still be found in different versions of software and hardware. The solution here is to use open source products (like GnuPG), thoroughly analysed and tested by the Internet community.
  • Public key validity and deception. As already mentioned in this chapter, the validity of the public key you are encrypting to is central to the all-round security of public key cryptography. The problem is that keys can be easily falsified. Carelessness on the user’s part may lead to using an adversary’s key under the assumption that it actually belongs to someone else. Pay close attention when receiving and importing public keys. The steps to verifying public key validity are explained above. Even though this may slow down the process of communication slightly, these steps should not be ignored.
There are also, of course, traditional methods of physical intimidation and force that could be used to make you reveal your password.

Choose encryption programs that have been publicly verified to have no back doors (such as PGP, GnuPG, TrueCrypt). Be aware of your local legislation and whether it allows you to use encryption and if yes, at what level of complexity (key size). You should also understand that the current legislation in your country may oblige you to reveal your password to the authorities. Try to find out if there are any legislative privacy safeguards which you can use to prevent this from happening.

There exist several other methods of breaking public key security. Your computer could have a compromised hardware that will leak your passwords and the content they protect to the intruder. There is nothing that can be done about this. The conclusion is not to rely fully on encryption. Use it to increase your security but do not operate under the impression that PKE is unbreakable. No one in the physical world is 100% secure and this is also true in the digital domain.

28
An example of software that could encrypt your entire hard drive is CompuSec (http://www.ce-infosys.com) also available on the NGO in a Box Security Edition CD

29
An example of software that could create and encrypt a partition on your hard drive is TrueCrypt (http://www.trucerypt.org) also available on the NGO in a Box Security Edition CD

30
Suggested software with which you could perform PKE is GPG4Win (http://www.gpg4win.org) or by installing the GnuPG and GPGshell software from the Digital Security Toolkit CD.
It may help you replicate some of the examples in this chapter.

31
It will also add your signature to this key; should you send it to someone else, they will see your signature and know that you trust the validity of this key.

32 See this article http://www.keylength.com/en/3/ for a description of current and future key length necessities

33
Please refer to the Digital Security Toolkit

34
http://www3.gdata.de/gpg/download.html

35
In 1991, the FBI launched a technique named ‘Magic Lantern’. Reportedly, it would attempt to install a Trojan Horse, attached to an email, on your computer. When activated, it would record all the keys a user typed and would send this information back to the headquarters. One justification for these actions was a response to the increased use of PKE. Since the FBI could not read an encrypted message, they tried to steal the user’s private key password. This initiative was reportedly dropped after courts questioned its legality but we cannot be sure a variation has not been developed in the meantime.