bitmask bitmask encryption for encryption for mere
play

BitmasK: BitmasK: encryption for encryption for mere mortals - PowerPoint PPT Presentation

Mar 27, 2024 •158 likes •686 views

# # BitmasK: BitmasK: encryption for encryption for mere mortals mere mortals FOSDEM 2018 FOSDEM 2018 kali - meskio - kwadronaut kali - meskio - kwadronaut https://leap.se Problem: encrypted email is Problem: encrypted email is

  1. # # BitmasK: BitmasK: encryption for encryption for mere mortals mere mortals FOSDEM 2018 FOSDEM 2018 kali - meskio - kwadronaut kali - meskio - kwadronaut https://leap.se

  2. Problem: encrypted email is Problem: encrypted email is ...complicated ...complicated

  6. Problem: Problem: providers providers

  8. Peer to peer? Peer to peer?

  9. Better Better federation! federation! Protect providers from their users Protect providers from their users Protect users from the provider Protect users from the provider

  10. What does What does LEAP do? LEAP do? LEAP Platform: toolkit to make it easier to run a service provider New protocols: so no need to trust your connection provider Bitmask client: smooth working client with compatible providers

  11. leap mail service leap mail service End-to-end encryption Backwards compatible with email and current OpenPGP usage Service provider has no access to user data Automatic key discovery and validation Cloud synchronized for high availability on multiple devices

  13. email service email service

  14. soledad soledad

  15. mx mx

  17. transitional key validation transitional key validation generic rules for automatic key management, transition from TOFU to more advanced ruleset. bind key <-> email address key directory endorser (provider) binding info: evidence for "educated guess" veri�ed key transition (automatic) [leap.se/en/docs/design/transitional-key-validation]

  18. TOFU TOFU With a bunch of exceptions

  19. 1. First Contact 1. First Contact When one or more keys are �rst discovered for a particular email address, the key with the highest validation level is registered.

  20. 2. Regular Refresh 2. Regular Refresh All keys are regularly refreshed to check for modi�ed expirations, or new subkeys, or new keys signed by old keys. This refresh SHOULD happen via some anonymizing mechanism.

  21. 3. Key Replacement 3. Key Replacement A registered key MUST be replaced by a new key in one of the following situations, and ONLY these situations: Veri�ed key transitions. If the user manually veri�es the �ngerprint of the new key. If the registered key is expired or revoked and the new key is of equal or higher validation level. If the registered key has never been successfully used and the new key has a higher validation level. If the registered key has no expiration date.

  22. VPN VPN Prevent eavesdropping. Circunvent internet censorship. Prevent leaks (DNS, IPv6, ...).

  23. LEAP platform LEAP platform sudo gem install leap_cli leap new example --domain example.org cd example leap add-user --self leap cert ca leap cert dh leap cert csr leap node add blueberry services:openvpn \ ip_address:1.1.1.1 openvpn.gateway_address:1.1.1.2 leap node add raspberry services:couchdb,webapp \ ip_address:1.1.1.3 leap init node leap deploy

  24. sysadmins are human sysadmins are human and deserve usability too and deserve usability too

  25. "leap deploy" "leap deploy"

  28. show me the code! show me the code! https://0xacab.org/leap/ ~10 important repos GPL code

  29. current state current state

  30. Email Beta (0.10…) Email Beta (0.10…) works on Linux works on Linux Bitmask VPN Bitmask VPN works on Linux && Android works on Linux && Android

  31. next steps next steps OSX and windows

  32. let a thousand providers let a thousand providers bloom bloom

  33. 🐨 thanks! questions? 🐨 thanks! questions? https://bitmask.net https://bitmask.net https://leap.se https://leap.se katzenpost.mixnetworks.org katzenpost.mixnetworks.org 😽

  39. 2. ability to use multiple 2. ability to use multiple devices devices

  40. 🔒 🔒 🔅 Synchronization Of Synchronization Of Locally Encrypted Data Among Devices Locally Encrypted Data Among Devices

  41. data = 🖃 data = 🖃 + 🔒 + 🔒

  42. bitmask keymanager bitmask keymanager requires no user interaction requires no user interaction

  43. interoperability is a must interoperability is a must many projects converging many projects converging (Watch AUTOCRYPT: Enigmail, K9, Mailpile, Bitmask) (Watch AUTOCRYPT: Enigmail, K9, Mailpile, Bitmask)

  44. SOLEDAD SOLEDAD Synchronization of Locally Encrypted Data Among Devices auth: srp kdf: scrypt AES-256-GCM built on top of canonical's u1db vector clocks clientside: sqlcipher backend serverside: couchdb cluster

  45. Problem: Attachments Problem: Attachments Syncing blobs in a convoluted store Pluggable BlobsIO backend for server (in dev) FS as MVP, others welcome!

  46. Validation levels Validation levels low == less trust on the source

  47. 1. Weak Chain 1. Weak Chain sks key servers, email attached key, OpenPGP header, ...

  48. 2. Provider Trust 2. Provider Trust web�nger, provider mailvelope

  49. 3. Provider Endorsement 3. Provider Endorsement NickNym

  50. 4. Historical Auditing 4. Historical Auditing CONIKS, google's transparent keyserver

  51. 5. Known Key 5. Known Key client pinned keys

  52. 6. Fingerprint 6. Fingerprint manual veri�cation

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Intractable Problems and DP with Bitmask Problem Solving Club March 1, 2017 Agenda

Intractable Problems and DP with Bitmask Problem Solving Club March 1, 2017 Agenda

Intractable Problems and DP with Bitmask Problem Solving Club March 1, 2017 Agenda Intractable problems Complexity classes P, NP, co-NP, #P, completeness How to identify common intractable problems Dynamic programming

795 views • 21 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson (recommended) 1 Encryption Principles A cryptosystem has (at least) five ingredients: 1. Plaintext 2. Secret Key 3. Ciphertext 4. Encryption algorithm 5.

657 views • 12 slides
Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption Standardization Consortium HomomorphicEncryption.org 0.1 Presenters Roger A. Hallman (SPAWAR Systems Center Pacific; Thayer School of

1.36k views • 91 slides
Goals of Encryption authenticated encryption sender Daniel J. Bernstein

Goals of Encryption authenticated encryption sender Daniel J. Bernstein

Goals of Encryption authenticated encryption sender Daniel J. Bernstein University of Illinois at Chicago &amp; m Technische Universiteit Eindhoven c k More details, credits: competitions.cr.yp.to network

1.33k views • 118 slides
Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption

Advanced Encryption Standard Lars R. Knudsen June 2014 L.R. Knudsen Advanced Encryption Standard AES - Advanced Encryption Standard US governmental encryption standard Open (world) competition announced January 97 Blocks: 128 bits Keys:

403 views • 39 slides
Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
Encryption at Scale on AWS Matt Campagna campagna@amazon.com Agenda Describe the AWS Key

Encryption at Scale on AWS Matt Campagna campagna@amazon.com Agenda Describe the AWS Key

Encryption at Scale on AWS Matt Campagna campagna@amazon.com Agenda Describe the AWS Key Management Service Client Side Encryption AWS Encryption SDK Server Side Encryption S3 Object Encryption Amazon Simple Storage Service

387 views • 22 slides
Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption

Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption

Novel Encryption Method of GPS Information in Image File Using Format-preserving Encryption Changhyun Lee, Yeonju Choi, Hyeongmin Park, Kangbin Yim, and Sun-Young Lee Soonchunhyang University IMIS 2019 Presenter: Brandon Falk (

645 views • 21 slides
A Selection Of Indie Games Minecraft http://www.minecraft.net/ In beta Under

A Selection Of Indie Games Minecraft http://www.minecraft.net/ In beta Under

A Selection Of Indie Games Minecraft http://www.minecraft.net/ In beta Under development since May 10, 2009 Four team members: Lead programmer and designer, composer, artist, additional programmer Strong iterative design

264 views • 4 slides
Cr Creating a g and M Managi ging a g an E Effective F Farm Team Te AGRICULTURAL SCIENCES

Cr Creating a g and M Managi ging a g an E Effective F Farm Team Te AGRICULTURAL SCIENCES

Cr Creating a g and M Managi ging a g an E Effective F Farm Team Te AGRICULTURAL SCIENCES THE COLLEGE of Alexandra Hill Assistant Professor, Colorado State University 2020 Colorado Fruit and Vegetable Growers Association Annual Meeting

358 views • 18 slides
Blueberry galaxies: local analogs of the faint-end LAEs Huan Yang ( ) Las Campanas

Blueberry galaxies: local analogs of the faint-end LAEs Huan Yang ( ) Las Campanas

Blueberry galaxies: local analogs of the faint-end LAEs Huan Yang ( ) Las Campanas Observatory, Carnegie Institution for Science Collaborators: Sangeeta Malhotra (NASA), James E. Rhoads (NASA), TianXing Jiang (ASU), JunXian Wang (USTC),

742 views • 15 slides
Winter Storm Briefing Eric Ahasic Monday, November 25, 2019 1:00 PM Current Headlines (Updated

Winter Storm Briefing Eric Ahasic Monday, November 25, 2019 1:00 PM Current Headlines (Updated

November 26-27 Winter Storm Briefing Eric Ahasic Monday, November 25, 2019 1:00 PM Current Headlines (Updated 2 PM Monday) Winter Storm Warning now in effect for much of central and southern Minnesota, and all of west-central Wisconsin.

388 views • 10 slides
Coloured galaxies A.M. Hidalgo-Gmez, B. Miranda-Prez &amp; V. Hernndez-Rosas (ESFM-IPN,

Coloured galaxies A.M. Hidalgo-Gmez, B. Miranda-Prez &amp; V. Hernndez-Rosas (ESFM-IPN,

Coloured galaxies A.M. Hidalgo-Gmez, B. Miranda-Prez &amp; V. Hernndez-Rosas (ESFM-IPN, Mexico) Small galaxies, cosmic questions Durham, 2019 There are only 7 SHARDS galaxies with EW([OIII]) between 200 and 280

336 views • 17 slides
MA111: Contemporary mathematics . Jack Schmidt University of Kentucky September 5, 2012

MA111: Contemporary mathematics . Jack Schmidt University of Kentucky September 5, 2012

. MA111: Contemporary mathematics . Jack Schmidt University of Kentucky September 5, 2012 Entrance Slip (due 5 min past the hour): Can a Condorcet winner get no first place votes? (Give an example to show it can, or explain why it cannot.)

261 views • 13 slides
Math 20, Fall 2017 Edgar Costa Week 3 Dartmouth College Edgar Costa Math 20, Fall 2017 Week 3

Math 20, Fall 2017 Edgar Costa Week 3 Dartmouth College Edgar Costa Math 20, Fall 2017 Week 3

Math 20, Fall 2017 Edgar Costa Week 3 Dartmouth College Edgar Costa Math 20, Fall 2017 Week 3 1 / 13 Random Stuff Tutorial: Thursdays 7-8:30 pm Office hours: M: 5:30 - 7+ pm, Th: 8 - 9 am, and by appointment Study groups:

277 views • 13 slides
PHOEBE HEARST ELEMENTARY SCHOOL MODERNIZATION PROJECT UPDATES June 1, 2015 Elevating the Quality

PHOEBE HEARST ELEMENTARY SCHOOL MODERNIZATION PROJECT UPDATES June 1, 2015 Elevating the Quality

Elevating the Quality of Life in the District PHOEBE HEARST ELEMENTARY SCHOOL MODERNIZATION PROJECT UPDATES June 1, 2015 Elevating the Quality of Life in the District Elevating the Quality of Life in the District MEETING AGENDA

360 views • 22 slides

More recommend