SLIDE 1
Secure Communication
Hacking/Hustling Workshop @ Eyebeam
About me
Liz! She/Her Electrical Engineer/Embedded developer Teaching for a while
Secure Communication Hacking/Hustling Workshop @ Eyebeam About me - - PowerPoint PPT Presentation
Secure Communication Hacking/Hustling Workshop @ Eyebeam About me - - PowerPoint PPT Presentation
Secure Communication Hacking/Hustling Workshop @ Eyebeam About me Liz! She/Her Electrical Engineer/Embedded developer Teaching for a while Overview Signal is one example of a third-party app for secure texting. Well go over what it does
SLIDE 2
SLIDE 3
Overview
Signal is one example of a third-party app for secure texting. We’ll go over what it does and why it’s important. We’ll install it. We might get to protonmail. We might get to PGP.
SLIDE 4
Insecure Texting
SMS/MMS Short Message Service and Multimedia Message Service
SLIDE 5
Insecure Texting
Texts are relayed through “Short Message Service Centers” which store and attempt to forward message to recipient.
SLIDE 6
Insecure Texting
SMS/MMS is unencrypted. You do not have control over which Short Message Service Center your text goes through. You do not have control over what that center does with your text.
SLIDE 7
What to do
There are several insecurities in standard texting. I will break it down into types of general attacks, and show how Signal addresses these attacks. Refer to your threat models.
SLIDE 8
Listening Attack
An attacker on an untrusted network listens in on your conversation.
SLIDE 9
Listening Attack: Defense
A: Don’t use untrusted networks
SLIDE 10
Listening Attack: Defense
B: Use encryption - Signal
SLIDE 11
Physical Attack
An attacker has physical access to your device.
SLIDE 12
Physical Attack: Defense
A: Use a password
SLIDE 13
Physical Attack: Defense
B: Use Disappearing messages
SLIDE 14
Person in the Middle Attack
An attacker impersonates the person you are trying to talk to. Or An attacker impersonates you.
SLIDE 15
Person in the Middle Attack: Defense
A: Encryption keys
SLIDE 16
Person in the Middle Attack: Defense
B: Registration PIN
SLIDE 17
Install Signal
SLIDE 18
Third Party Apps
Open Source vs Proprietary
SLIDE 19
Third Party Apps
Server location
SLIDE 20
Third Party Apps
Trusted Provider
SLIDE 21
Third Party Apps
Common usage and your threat model
SLIDE 22
Trusted provider and OS Person in the Middle Attack: Defense
SLIDE 23 Email
Similar to SMS, however goes across Internet Service Providers
SLIDE 24
Insecure Email
Email is generally unencrypted, and is vulnerable to person in the middle attacks.
SLIDE 25
Protonmail
protonmail.com Encrypts communication between protonmail emails.
SLIDE 26
Protonmail
Servers hosted in Switzerland
SLIDE 27
Install Protonmail
SLIDE 28
Some Language
End-to-End Encryption Zero Access Encryption
SLIDE 29
Some Language
TLS - Transport Layer Security
SLIDE 30
PGP
“Pretty Good Privacy”
SLIDE 31
- penpgp.org
Requires both parties to use PGP
SLIDE 32