## Encrypt Your Email and Hard Drive: A Practical and Mathematical Introduction to Protecting Your Data from Criminals and Surveillance

When: 2 December 2015, 2:30-3:30pm
Where: GCB 110
Who:
[is presenting:]
Jonathan Poritz [a CSU-P math faculty who also has a sordid past career doing crypto and IT security]
Who:
[should come:]
Students, faculty, staff, and community members interested in protecting their digital lives
What: The Math and Physics Club of CSU-Pueblo brings you this very practical (and, ok, somewhat mathematical, because that's who we are) introduction to using encryption to protect your data both when it is standing still on your computer and when it is in flight over the Internet, such as in an email.
BONUS: First seventeen attendees get a free DVD of security software!
Video: Part 1 and Part 2 [apologies for the poor production values -- I advise moving through this web page while listening to the audio track of these videos]

 ATTENTION: If you are one of the ones who took an installation DVD from the end of this presentation when it happened at CSU-P, here is a word of advice: Please contact me before trying to install the software on that DVD! The software is great, powerful, and fun, and you can easily try it out without installing it. But before you install, if you think you will want to, there are couple of things I should tell you so that you don't loose any data you already have on whatever machine you are using.

### Purpose

1. This is an event of the Math and Physics Club. Please join! Contact club president Chris San Miguel, Cl.sanmiguel@pack.csupueblo.edu for information. Future M&P Club events may include:
• A session at the CSU-P campus climbing wall — as mathematical physicists, we try to balance all the force vectors on the climbers [this may be a joint event with the Pre-Med Society in case we fail to balance the vectors].
• Some demonstrations of fun laboratory physics — not as many explosions as the Chemistry Club's demonstrations, but our explosions have fallout!
• A key-signing party [explanation in a few minutes], should participants in today's meeting want one.
2. My Math 207 students asked for this.
3. Dialogue overheard at the beginning of my Math 307 class a few weeks ago:
Student A [a math major with secondary ed emphasis]:
What's your major? I don't see you at any meetings....
Student B [a plain math major]:
Math.
Student A:
Just "math", not "math ed"?
Student B:
Yup.
Student A:
What are you going to do with that?
One response would be that many of the top jobs (by desirability, salary, low stress, etc.,) involve math — see this list at the Wall Street Journal (from 2014, the last year for which we have complete data).
Another response would be my whole life, some examples of the activities of which I will talk about today: I've worked as a cryptologist on and off for many years. And there are many future jobs in this area for those with a solid mathematical background.

### Starting Crypto: Some Terminology, and Symmetric Cryptosystems

Many works of cryptology speak of two star-crossed lovers, Alice and Bob, who attempt to keep the guttering candle of their love alight, though distance separates them and their communications are being monitored by the evil Eve.

 Alice Bob Eve

[Extra credit if you can name the two famous mathematicians who acted as models for these pictures of Alice and Bob.] [If you give up, hover your mouse over the image.]

It's important to realize that in many — maybe most — situations, it is entirely appropriate to assume that Eve can see all the communication between Alice and Bob while it is in transit. All of the channels you are used to suffer from this:

• A cell phone is basically a walkie-talkie with infrastructure [the infrastructure being all those cell towers all over the place]. Anyone with a radio receiver of the right type who is within the footprint of the same tower can hear the entire exchange.
• Satellite phones are much worse: the footprint is the size of a continent, often.
• Anything you do on the Internet is essentially public. Quick quiz, particularly for the millennials in the room: how does the basic Internet Protocol work?
Answer: Digression on the history of the Internet, coming out of the Cold War, as a non-hierarchical [in contrast to the telephone system] method of command and control. Note, in particular, that it was never foreseen that there would be adversaries on the Internet, so no privacy and security were built into the fundamental IP protocol.

Therefore, when I am on a web page at my bank, Wells Fargo (headquarters in San Francisco, CA), every time I click , the information going to Wells Fargo is sent to their servers by a process analogous to:
1. I chop up the information into chunks (called packets -- the Internet is a "packet-switched network") and write each chunk on a postcard, with Wells Fargo's address
2. I go to a the bus station downtown and put my postcards on the seat in bus headed towards Denver.
3. In Denver, I trust someone to pick up the cards and to put them on a bus headed to San Francisco.
4. If the bus to San Francisco is delayed, I trust someone in Denver will move (some of) my postcards to a seat in a bus to LA, some in a bus to Las Vegas, etc. In each of those respective cities, I trust someone to move the postcards to buses headed closer to San Francisco.
5. In San Francisco, I trust the postcards to be moved to a city bus which goes pas the Wells Fargo offices.
Along the way, I am simply trusting that the various people in the various bus stations will act honestly, will know how to get my postcards (packets) closer to their destination, and will not choose to read them.

Somewhat more mathematically, this diagram (from my free textbook Yet Another Introductory Number Theory Textbook, as are several similarly formatted diagrams in this presentation) gives some basic terminology:

In the design of the encryption and decryption algorithms, we follow something cryptologists call Kerckhoffs's Principle [named after Auguste Kerckhoffs a professor of languages at the École des Hautes Études Commerciales in Paris in the late 19th century who wrote influential papers on cryptology]. According to this Principle, one always publishes the details of one's cryptographic algorithms.

It may seem ridiculous to publish the algorithm used to protect your data, but we do this because humans have a nearly infinite capacity for self-deception. As a consequence, we are always thinking we have invented the best cryptographic algorithm, a perpetual motion machine, the way to square the circle and trisect the angle ... when another set of eyes, looking over our work independently, would immediately see flaws. This is nothing other than the famous idea of peer review the scientific method, which is the foundation of the modern world.

[The alternative to putting your proposed cryptographic algorithms out in the world for peer review is called by cryptologists — with enormous disdain — security by obscurity. Experience has shown that it is no security at all.]

If we are to publish our encryption and decryption algorithms, the security must lie in some other secret. This is an additional piece of information called the key, which is input into those algorithms, as follows:

The above is called symmetric (or private- or secret-key) cryptography. We shall see an alternative in a few minutes.

#### Notes:

• Both the encryption $e_k$ and decryption $d_k$ use the same key $k$, which must be shared in some private, pre-lapsarian moment. The keyspace $\Kk$ must be large, otherwise Eve can just try all keys and see which works.
• Symmetric cryptosystems are fast — you can run a video stream through one without noticing it.
• The design of symmetric cryptosystems is something of a black art. There is little general theory on the attack or defense side, and the algorithms tend just to be along the lines of "scramble the bits a lot."
• Some examples:
1. The Syctale — ancient Greece
2. The Caesar cipher — actually used by Julius Caesar. [addition mod 26...]
3. The Vigenère Cipher — thought to be unbreakable for centuries. Easy to break today.
4. The one-time pad — completely unbreakable; hard to use in practice (but see Leo Marks's Between Silk and Cyanide: A Code Maker's War 1941-45)
5. The Enigma machine — a German military coding device from WWII.
6. Modern block ciphers like DES, triple-DES, AES, etc.

### Symmetric Encryption of Data Standing Still

Actually, the communication channel could be from past you to future you; i.e., we're just encrypting stored data. This is a good idea. Claude Shannon had this idea, and many other important ones.

Demonstration of using GnuPG, for encryption

gpg --output <file.gpg> --cipher-algo AES256 [--armour] --symmetric <file>
and decryption
gpg <file.gpg>
Look at the file with
hexdump -C <file.gpg>

### Very Practical Interlude

You may have noticed that in that demonstration I didn't do a lot of pointing and clicking. Instead, I typed commands, using what is called the command-line interface [CLI]. This is the major way that everyone I have ever met who does serious things with a computer interacts with the computer. If you want to use a computer to play games, by all means use a mouse or game controller. If you want to type a paper in an English class, you wouldn't point and click at an alphabet on the screen. If you wanted to process data for a chemistry lab report, you would enter the numbers into a spreadsheet (by typing them), create clever macros (by typing them), etc.

Pointing and clicking rather than typing commands is a lot like trying to communicate specific information and instructions to someone else by playing charades rather than simply speaking. Charades is a fun game, but I wouldn't act out a non-verbal version of the Fundamental Theorem of Calculus in a class of mine, I would say the words, and write them on the board. ...So why are we doing so much charades to communicate with our computers?

OK, there was one other thing that must have been obvious in my GnuPG demonstration: I wasn't using Windoze. A bit like the CLI, I don't know any serious computer scientist who uses Windoze. Trying to do security with Windoze would be like having a meeting of Alcoholic's Anonymous in a bar: the game is already over simply because of the environment.

Also, because the programs which constitute Windoze are Microsoft's greatest asset, its great crown jewels of intellectual property. That may be a good business move for them [although that is much less clear than it seems], but it means that they have never done science: their programs have never been put up for peer review, so as a scientist it would be absurd for me to have blind trust in them.

So my secret plot in this talk is now revealed: even more than telling you about some nice techniques and tools to protect your data — a valuable goal which I am also pursuing — I want you to ask the following very good question:

Why are you using Windoze?

You've probably never thought about it, but there are alternatives. Some people are using those alternatives: see Usage share of operating systems. And some of these alternatives fit within the scientific method, as we've been discussing, while others do not. Which do you think it makes sense to use? [Hint: if you like computers, antibiotics, the polio vaccine, cell phones, etc., you like science.]

Some more reasons to think hard about the above question:

• A good argument could be made that the whole point of Windoze is to take control of your computer away from you. This is based on the CFAA, DMCA, and the business models of middlemen in music and video industries, and the simple fact that there is no such thing as streaming which is not copying/downloading. Therefore, the only way your computer can "stream" some video or music but not allow you to save and share it is by not following your commands — otherwise someone would simply program a into these supposed "streaming" services.
• You may say that it is worth giving up some control of your computer to get the great music and video produced by the US entertainment industry (really?), which would otherwise die a quick death without the ability to block technically someone from making the dreaded save-as button. But think about books: you have the whole data file of a book sitting on the page in front of you there, and it is only copyright law which prevents you from making a thousand copies and putting the publisher out of business. This is a complex story, of course, but it is simply not the case that without technical blocks to owners' control of their machines that all entertainment would cease.
• The big problem with security-by-obscurity being an illusion and the obscurity of the Windoze operating system means that it has huge security problems. Just think of all the "virus signatures" your virus scanner has to download every day to stay current — there are millions of signatures in the complete virus database of a good scanner, and at least tens of thousands of viruses in circulation at any moment.
• If you control the operating system, you can customize it to your needs. When you don't like something in the way it is set up, you don't have to get together at the water cooler and complain with your co-workers, you can just change it.
• This goes on and on, I'm happy to talk about it ... but probably better in another context. Let me just finish with some terminology:
• The kind of software I'm talking about, which I think of as software which simply follows the scientific method, is often called open source.
• But, actually, the user's access to the source code is not really the issue, it is an issue of freedom: with or without the source code, there can be licenses and other legal barriers to you, the owner, really using the software in the way you want to and not in the way some big corporation wants you to do. Therefore, it would be better to call this free software.
• English, unfortunately, does not distinguish between "free" as in "unencumbered with restrictions" and "free" as in "doesn't cost anything" — other languages do make this distinction: frei/kostenlos in German, libre/gratuit in French, libero/gratis in Italian, etc.. Therefore another term we can use which has all of the other wrapped up in one is free/libre, open source software, which at least has a cool acronym: FLOSS. Note that Richard Stallman, one of the first people to think about all of these issues clearly in the context of software, coined the phrase "Free as in speech, not as in beer" to describe free software in a way that emphasizes the right aspects of that single English word.
• If you do go with a FLOSS alternative as you operating system — and I have 34 installation disks which I will give away at the end of this session to anyone who wants one — what would that be called? The most common name for the best free OS is "Linux," but the OS itself in fact has a small (but important) piece which was written by a Finnish computer science grad student named Linux Torvalds, while the rest is a suite of software from the GNU people (organization founded by the Richard Stallman we just mentioned; we saw GnuPG above, also). Therefore the best name for this wonderful free OS is GNU/Linux.

### Back to Encrypting Stationary Data

Use full-disk encryption.

In GNU/Linux, this is an installation option. Under the hood, it uses AES with a key built out of the user's passphrase.

For Windoze, there used to be a tool called TrueCrypt, but it took itself out of the business in 2014 (in a very suspicious way). Alternatives exist, such as VeraCrypt and CipherShed.

### More Crypto: Asymmetric Cryptosystems

If Alice and Bob want to be able to communicate securely without ever having met to exchange the symmetric key, they can instead use asymmetric (or public-key) cryptography:

Here's a particular [very mathy!] way to do this, called the RSA cryptosystem (named after Ron Rivest, Adi Shamir, and Leonard Adelman, who published this idea in 1977):

RSA is often not the best (most efficient or most secure for a given key size) asymmetric cryptosystem, but it is definitely the most widely-used. This is probably due to the fact that it was the first one discovered, and also to the (comparative) ease of understanding the math. Other systems involve arithmetic on elliptic curves, which is a fairly chewy area of mathematics.

All asymmetric crypto relies upon a mathematical function which is easy to compute in one direction but difficult to invert. For RSA, this is essentially multiplication forward [easy], but factoring backwards [hard]. For other asymmetric algorithms, there are other of these one-way functions.

### Practical Issues with Asymmetric Cryptosystems: PKI

The main issue is Public-Key Infrastructure, PKI, because of the following

which is called a man-in-the-middle attack.

Therefore, we need to be sure that the public keys we use really do belong to the people who we think they do. We do this either by getting the key from someone in person — but that kind of ruins the whole idea of asymmetric crypto! — or we get a key in some way that we are sure of its provenance.

One kind of proof of ownership would be a digital signature on a public key, signed by someone whom we trust. Digital signatures work like this:

Signatures on public keys are called certificates, and you have to trust their public key to use them ... or else go on recursively. In the end, there are certain Certificate Authorities whose keys are baked into many common devices, so that establishes a root of trust. This can be very good, in building reliable trust in software, or bad if it bakes into a particular OS or service a requirement to participate in some close software ecosystem. [This is Apple's business model with the iPhone, for example.]

Another, less formal, approach is for individuals to sign each other's keys, when they know each other personally, until gradually there is a large web of trust. The fun way to do this is to throw a key-signing party where people who know each other bring laptops and sign each other's keys. We could have one here, on campus, and then we would all start to be able to use asymmetric crypto with each other....

### Practical Successes with Asymmetric Cryptosystems: Mailvelope

Let's install and use a FLOSS Firefox and Chrome extension which does public-key crypto for common webmail clients: Mailvelope.

The third-party doctrine suggests we should keep only the encrypted versions on the webmail provider's servers. Mailvelope does this. It also keeps track of your keys ... protected by a password and the security of your machine. [So there is not much point in using this under Windoze, because its security is so spectacularly weak. But you are all going to run a FLOSS OS in the future, aren't you?]

Here is a public key for a key I set up for this demonstration [and only for this demonstration — please do not use it for real, secure communication with me, I have not followed good security practices in creating or storing this key!]. It's contents are:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Mailvelope v1.2.3
Comment: https://www.mailvelope.com

xsFNBFZfUWoBEAC2pTwqgrKhWs3lzfXCYf0IvmW6lW90FigNwsY28iPR0/Sd
Zhe163aEwqORbPlEOfYDEln1B5gAIJGzoHJyD8jLc0fPynXDiqrN+pZ6N24I
D+yix0t5dir/HY0sABOTsYa78RI+1ijBpSISLATCIVm464TQJJo9+Njmu3VW
gJ/HJ7KxC9WAyTVh6iVFp7OBBPh6RAv/yKphhUwqNR8J+gFfcsa2Sk1oU0Es
7ktx1704OH4Ynd3vA11nlV7LaaTjr7PJc0003qqojRrS5dVFVx3Xjlr9ALWn
UAsI6lRxfr+r4DWItCxj2fMVmM5NElKqhIc7w47M38xbX3jiIyC4GNkzMESj
lnYKVcvKZ5mWEZlj6+o+XkynkvLl+Yr2AsFAZ9lT1GwiRuIh/Xovcu8NQXW5
T5Y+DmUsoUnKwULL1ET3rmy5DYxrwyEo1m444xEtBLpH+EUdF+p9YdWLWUVd
SRt0dn+RW3OvipgQb4QKfnfXkzW96ujpe8UvAN5tbS+Nw6379nkC8eqQ7tw1
cojJifNI43wv5cy+nYkNpP3fkrAv7aQfz8O3ZNJkF6nEFSejJc6Z4aurbg66
CZA6aN3aCA4kGp5HgVb1o0bkmP8ANEqczu2OHwARAQABzSdKb25hdGhhbiBC
IFBvcml0eiA8am9uYXRoYW5AcG9yaXR6Lm5ldD7CwXUEEAEIACkFAlZfUXMG
CwkIBwMCCRDhvhzrqap5tgQVCAIKAxYCAQIZAQIbAwIeAQAAAakP/jMn3ZyK
ONkQIV8iErQ9evBNliA8Drg+b4lye0+fj5VmGekeZE1W61qkuuuoqLXuUWtH
XD2yd//5CnU07eYbI8MSTsj1B3LneDUrmzNuZzzHYNE5s4aYkECeW+qI2jjc
qjc5M5PSk/D0hMXKRWFivaAR+9fggTwMN2a0QCL1pHpBP1lsfH31WE7XJnr/
ZplUc7y88Gsh3yF6zr/aK54PlVSlTv1JcZV4XYlAh0F1i8DauV63PUBHTQf1
iB1DlqUoSaWp7GSmU8f/VO99e2WQFtYK5lxb5BluUZCaoxPzHAe9Y1REpq/c
9dhNZUBs8GCFphf93UFz59kB+8F6bd1HHkU3q7EMfZ4z+Wzpnyh0UqFPvfNi
wWmxOchhoVY9JYhJVOpXghkqQEm7jTX+XUD6nx9GkK67TFEcS5C1TViBzmPW
aiebRc7JJOGiXFdHE4hxGpCXhXTWi7Dlm3cz8mGDIewYzExvN/KUdX+V52te
ZGY/hnkDIJDAu0ghEs0Eq0juTgw3M9aKhFBygeFKFYpBEoqVNTZg7My8GUJX
5R8A0rfrtlnu/hTT8szrFDR1ApDd5YOpwic0znSxF+AQquP1mC9ljq9FHMax
ay3eTLBtCFJbJY10OcNatX+pKzv+KVFwhNqXjkk955EXGOroBhYt1NqHTSFH
rfa8XrjC22zyqLI6zsFNBFZfUWoBEACkPiecJP1BrxSp2by1WiQUGqRrhDnt
P+L+aCCA556kmwHGbIazDW4KqtfBho3J6kIL//qQGo6SMuhE2iKKiRWtq+NE
2yVg2Nvx90M4vLQmI2WmOjVKaTUqyXqaeDKWGaNs5cXnKMdLCmCj+r6nm7AM
OoqjIBEyukByzsYESscRdDTMi7dBnXP/6Mrpkt0+DH3zABpl119L+VS2Cp/K
8oRAXZJbnRrngfnV+Rot3dCf6RU62wtB1gVshj01Sij+GRxbIW7tB9/XrdCB
N/ZasdBsN3CffImfxhuODbMkSkdZ0qK4468We2J1+A6wYFB9R2d5ERF8cTBb
boevXexeeQpDRqF1JX9L+gxDNKheyyX08vWkLol57PyZIJYnXQGxWunj39gZ
HTluZTmRutqPU1UBQb8tz2cePwG2k2DYOh5SUhITU9ztdS6fo2fT8yAtWPBk
AqR7OgOK8hL1rwQTdtqHH2s15z+DW9oucr2Wt3RaBP7gpzTKpLOFTE+SjUgZ
x1gZ5jCkwCIUFshIhbGhqYicVCN7QMtZ2i7kwCsQv1YancXOG+Qd7LvogObh
cRw9SouSRtB8GKiZE+7G+Bb9RFU7jEJbBT1qZsa6bosbGyL2qBVbKQARAQAB
wsFfBBgBCAATBQJWX1F0CRDhvhzrqap5tgIbDAAAYhYQAKz7f01YeXFLue4Y
7sEe145ILlcWOk/RD9pXCkPEG6jCC0kHFR0suQQl3N2LrnLotbKZCDYT8wML
Grl6sx/LXnFrKp49Yq31JYDmiP9ek40o17buJnd85MVQ5OCG+6ujT9rOyO2p
QzEa2zXrNPbQ8Ol1juioS7zDyDzxomapTsJEPkNJSkgKBYhUK3uH+a0R4im5
BqbMHwOyKedodx+nAlFHmQFC4zlYvrNUTgudZpv7+MKK960KzQlUCvaTBpZN
my4yhc+olUMENfU0RnenzNOTuuNZ0IiwD1vla2PY6dOYsOMQFezukQZxPYaa
7iF11rwtnd/d7hFOgHZBLcXYFPREExmSS2B6QevSrCn12XJt/s+Z3HymmXta
OKyh9qBOJsYwC8d5lyy4E1J6qa8vWiHRNQjurklV/RwidecyHeqcWu2DWywb
b12iuDQC+5HZrIjME2r9I1/hpxxd8y5z2CnNzQT1eSLrnBmBdlcnQwBKmiDb
R4I899vyxMXis24a6b9xTHk3JLEwOIynpB3AOfXhqRL4d/7ACcnxrP3PfzwT
BmVZuzQeXjYfHdWP0IrRG6yBIu68GF13TiH57sxURVRiV1iLYUZm8Rm12H4G
Oq3aHLKC
=1JXn
-----END PGP PUBLIC KEY BLOCK-----

....Extended Mailvelope demo.

By the way, if you do not use one of the webmail clients that Mailvelope supports, there are other things you can do. One would be to use GnuPG on the command line and then send your messages always as attachments. Another thing to try would be if you use the FLOSS mail program Thunderbird (which is produced by Mozilla, the same people who make the Firefox browser), and the Enigmail Thunderbird extension.

### Supplementary Topic: DHKE, or, What's that Little Lock in my Browser Bar?

Just the year before RSA was published, Whitfield Diffie and Martin Hellman started the whole idea of public-key crypto with their algorithm, now known as Diffie-Hellman Key Exchange

1. There is a chapter on crypto in my [free] [as in beer and as in speech] number theory textbook, which can be found here.
2. In the Beginning was the Command Line by Neal Stephenson, is a fun read.
3. Applied Cryptography: Protocols, Algorithms and Source Code in C by Bruce Schneier [or any of Schneier's policy books]
4. The GNU Manifesto by Richard Stallman, and all of the essays in his collection Free Software, Free Society: Selected Essays of Richard M. Stallman
5. Any of the essays and [non-fiction] [although his fiction is fun, too] books by Cory Doctorow, most of which are available on his website craphound.com/.
6. Here is an article from The Washington Post which has a very high-level introduction of some issues, such as recent political discussions about requiring "back doors" in commercial encryption systems.