Encryption and Interception of Communications Presented by: Emmanuel Sotelo Sassja Ceballos Chapter 3.

Encryption and Interception of Communications

Presented by:

Emmanuel Sotelo

Sassja Ceballos

Chapter 3

Cryptography

• Cryptography is the making and breaking of secret codes. Or, “the art and science of hiding data in plain sight.”

• The purpose of cryptography is to ensure that only the intended entity is able to make use of the given data or message.

• When you ‘Encrypt’ data , you render it useless to anyone who is not in possession of the key and the method used to encrypt it.

Non-Encrypted VS Encrypted

• Non-Encrypted (Plain text)– Can be intercepted and read.– Can be altered.– Unsafe!

• Encrypted (Cipher text)– Although it can be intercepted. It cannot always be read.– Cannot be altered.– Mostly safe.

Traditional Encryption

• Relies on a single key to encrypt AND decrypt the data.

• Good for communications among a small group of people over a short distance.

• Very inconvenient and unsafe when used to communicate with many people over large distances.

• If the key is compromised, then you are no longer secure.

Public Key Encryption• A user (Alice) has a set of two keys.

– A Public Key– A Private Key

• The Public key is given out to someone (Bob) who wants to securely communicate with the user.

• The Private Key is to remain only with its owner.

• To communicate with Alice, Bob uses Alice’s public key to encrypt the message.

• The message can only be decrypted with Alice’s private key.

Steganography

• Hiding a message (or data) so that its existence is not known.

• Hiding a message (or data) inside another message (or data) that is not likely to arouse suspicion.

• Safe if only the recipient knows where to look.

• Hidden message can be encrypted for added security.

Why Encrypt Data?

• To protect you personal data.

• To protect your business data.

• To protect the other party.

• To ensure that the message is not altered.

• Because you have a right to do so.– Use it or loose it.

Is your Data Secure?

Encryption Tools

• Pretty Good Privacy (PGP) : Public Key Encryption system– www.pgp.com– www.gnupg.org

– FireGPG – Firefox plug-in that allows one to encrypt/decrypt Gmail messages using PGP

• http://firegpg.tuxfamily.org

– Enigmail – Mozilla Thunderbird plug-in that allows you encrypt/decrypt messages using PGP

• http://enigmail.mozdev.org/

• TrueCrypt – Encrypt data stored on your hard drive.– www.truecrypt.org

Before 1934

• The Telephone– Intercepting calls was not illegal

– Neighborhoods would often share lines.• Only one home could call at a time.

• Anyone in the neighborhood could intercept simply by picking up their phone.

– In order to call someone, you had to go through an operator.• The operator connected you to the person you were trying to call.

• Since operators were the “Gatekeepers” they had the ability to intercept any call.

The Law and Communications

• 1934 : Congress passes the Federal Communications Act

This outlaws wiretapping, provides no exception for law enforcement. However, many enforcement entities ignore this.

Although it was known that law enforcement engaged in wiretapping, nothing was done about it.

Evidence obtained though illegal wiretapping could not be used in court.

The Law and Communications

• 1968 : Congress passes the Omnibus Crime Control and Safe Streets Act

It permitted law enforcement agencies to intercept telephone conversations when authorized by a court order.

Its proponents argued it as necessary tool to combat organized crime.

The Law and Communications

• 1986 : Congress passes the Electronic Communications Privacy Act (ECPA)

The ECPA and its 1994 amendments, required law enforcement agencies to obtain a court order in order to legally intercept e-mail, wireless phones (cordless and cellular), and pagers.

The restrictions placed by this law were designed to protect the privacy of individuals and businesses.

Prior to this act, eavesdropping was a popular form of industrial espionage.

The Law and Communications

• 1994 : Congress passed the Communications Assistance for Law Enforcement Act (CALEA)

This law required that communications equipment be designed (existing equipment had to be modified) in a way which would allow law enforcement agencies to easily intercept communications.

Since CALEA required that existing equipment be replaced or modified, it authorized $500,000,000 in subsidies for service providers so that they would modify or replace existing equipment.

The Law and Communications

• 2001 : Congress passes the The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT Act)

The Patriot Act loosened the wiretapping restrictions set by the ECPA of 1986.

It also allowed law enforcement agents to gain “Pen-Register/Trap-Trace” information of internet communications without a court order. (e-mail headers, usage logs, credit card numbers)

Carnivore

• Carnivore is the FBI’s system for intercepting e-mail.

• Although the FBI originally named it Carnivore, it is now formally known as DCS1000

• Carnivore required ISPs to install hardware and software that would sift through users e-mails.

• The FBI’s argument in favor of Carnivore was that they needed an equivalent system of intercepting e-mail for what they already had with telephone calls.

Echelon

• Echelon is an NSA project in which they cooperate with other nations to intercept foreign communications.

• The NSA cooperates with intelligence agencies from Britain, Canada, Australia, and New Zealand.

• Originally designed to spy on the Soviet Union and its allies.

• Echelon gathers information by picking off satellite and radio signals. Undersea fiber optic cables are also tapped.

Secrecy and Export Controls• In an attempt to prevent criminals and unfriendly regimes

from obtaining strong encryption algorithms, the NSA discouraged independent researches from working on cryptography.

• Prior to the year 2000, it was considered illegal to export ‘strong’ encryption algorithms.– Legal to export in ‘paper format’, but not electronically.

• These restrictions made US encryption and security products inferior to those developed oversees.

• Prior to 2000, many browsers only included 40-bit SSL keys because of these export restrictions.

The Clipper Chip

• In 1992 AT&T wanted to sell telephones that would allow individuals to encrypt their conversations.

• The NSA did not like this and prevented it from happening. Instead they suggested an alternative.

• The NSA’s alternative was an encryption chip they had developed for use on phones.

• Copies of keys for the Clipper Chip, would be kept by a third party (an escrow agent). The escrow agent, would then reveal the key to a law enforcement agency if provided with a court order.

Issues of Debate

• How much can we trust the government not to abuse its power?

• How much privacy should we be expected to give up in exchange for protection from the “bad guys”?

• By sifting through through all e-mails that pass through its severs, does Carnivore violate the 4th amendment?

The 4th Amendment

• The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.