encrypt it
Transcription
encrypt it
National Security Agency (NSA) defending our nation – securing the future employees: 30,000 – 40,000 (includes 1000 “system administrators”) budget: $11,000 million (estimate) director: general Keith B. Alexander, U.S. Army also known as: No Such Agency, Never Say Anything NSA Utah data centre cost: $2,000 M power cost: $40M per yer area: 100,000m3 100 petaflops 1 yottabyte (estimate) 1 YB = 1000000000000000000000000 bytes = 10008 bytes = 1024 bytes = 1000 zettabytes = 1 trillion terabytes. wer nichts zu verbergen hat, hat nichts zu befürchten "the damage, on a scale of 1 to 10, is a 12," a former NSA official, quoted on nbc news, 3rd sept 2013 boundless Informant: the NSA's secret tool to track global surveillance data at a hearing of the senate intelligence committee in march this year, democratic senator Ron Wyden asked James Clapper, the director of national intelligence: "does the NSA collect any type of data at all on millions or hundreds of millions of americans?" "no sir" replied Clapper. "Der Hauptpunkt, den ich unterstreichen möchte, ist, dass weder ich noch die Mitarbeiter der NSA ein Interesse daran haben, irgendetwas anderes zu tun als sicherzustellen, dass wir Terroranschläge verhindern", sagte Obama bei einer kurzfristig einberufenen Pressekonferenz im Weißen Haus am 9. August. … Die geheimen Papiere, die der SPIEGEL einsehen konnte, belegen, wie systematisch die Amerikaner andere Staaten und Institutionen wie die EU, die internationale Atomenergiebehörde (IAEA) in Wien und die Vereinten Nationen attackieren. Sie zeigen, wie die NSA das interne Computernetzwerk der Europäer zwischen New York und Washington infiltrierte, von den eigenen Botschaften im Ausland aus abhört und in die Videokonferenzschaltungen der Uno-Diplomaten eindringt. Die Überwachung ist intensiv und gut organisiert - und sie hat mit Terrorabwehr wenig bis nichts zu tun. White House press secretary Jay Carney issued a statement that said the US "is not monitoring and will not monitor" the German chancellor's communications. The Guardian, 10th October as one slide indicates, the ability to search HTTP activity by keyword permits the analyst access to what the NSA calls "nearly everything a typical user does on the internet". why does it matter? auch Unschuldige werden Opfer von Hexenjagden dass Hexenjagden auf Andersdenkende auch in (vermeintlich) freiheitlich demokratisch ausgelegten Systemen stattfinden, hat die McCarthy-Ära in den USA hinlänglich gezeigt. Bekanntlich wurden auch "Unschuldige" zu Opfern des Anti-Kommunismus-Terrors. Jede Information über mich kann in die Hände von Verrückten gelangen und für eine Hexenjagd verwendet werden. Würdest du dein Verhalten ändern, wenn dir jemand immer, an jeden Tag 24 Stunden lang, 7 Tage in der Woche, über die Schulter schaut? ●Würdest du deinem Nachbarn sagen was du verdienst? - oder einfacher: Was verdienst du? ●Warum schließt du deine Haustür ab? - oder genauer: Warum machst du deine Haustür hinter dir zu? ●Würdest du jedem sagen wann du das letzte Mal Sex hattest? - oder einfacher: Hattest du heute schon Sex? ... dann lächle ... ●Hast du schon mal gelogen um etwas zu verbergen? ●Würdest du im Urlaub einen FKK-Strand benutzen oder nackt baden? Wenn "Nein" Warum nicht? ●Warum willst auf ein verbrieftes Menschenrecht verzichten? (Info: Alle diese Schnüffelstaaten haben die Menschenrechsdeklaration unterschrieben.) ●Hattest du heute schon Stuhlgang? ●Würdest du auf einer Raststätte eine Toilette ohne Tür benutzen? ●Hast du einen Vibrator? ●Wie hoch ist dein Sparguthaben? ●Wieviel hattest du in diesem Monat in der Lohntüte? - oder heute: Was Stand auf deiner Gehaltsabrechnung als Auszahlungsbetrag? ●Hast du schon mal ....? ●bitte ergänzen ... ● what can you do? encrypt it "encryption works properly implemented strong crypto systems are one of the few things that you can rely on." Edward Snowden trust the math encryption is your friend use it well, and do your best to ensure that nothing can compromise it. that's how you can remain secure even in the face of the NSA. Bruce Schneier encryption and key exchange ● ● ● Alice wants to send Bob a secret message they need to exchange a “key” in order to encode/decode the message there are different ways of doing this symmetric encryption Alice Bob Secret message Dear Bob, I hope... Secret message Dear Bob, I hope... 564AC768D 83A6570D5 4FFE5648D 65DB2AA90 ….. 564AC768D 83A6570D5 4FFE5648D 65DB2AA90 ….. asymmetric encryption public-key Bob large random number key generation prgramme private key public key Alice asymmetric encryption Alice Bob Secret message Dear Bob, I hope... Secret message Dear Bob, I hope... 564AC768D 83A6570D5 4FFE5648D 65DB2AA90 ….. 564AC768D 83A6570D5 4FFE5648D 65DB2AA90 ….. practical examples ● websites – https ● sending documents – PGP mail ● document storage – Truecrypt ● safe web surfing – TOR ● the best solution.... https encrypts web pages there are different ways of exhanging keys, some better than others RSA is public/private key model but private key is stored on the server and can be discovered perfect forward secrecy exchanges a random key so that it cannot be discovered Staying at the forefront of email security and reliability: HTTPS-only and 99.978% availability Posted: Thursday, March 20, 2014 Posted by Nicolas Lidzborski, Gmail Security Engineering Lead Your email is important to you, and making sure it stays safe and always available is important to us. As you go about your day reading, writing, and checking messages, there are tons of security measures running behind the scenes to keep your email safe, secure, and there whenever you need it. Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you're using public WiFi or logging in from your computer, phone or tablet. In addition, every single email message you send or receive—100% of them—is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers—something we made a top priority after last summer’s revelations. email encryption gmail where is the encryption? usually Alice to gmail and gmail to Bob better is Alice to Bob end to end Alice Bob pretty good privacy (pgp) developed by Phil Zimmerman in 1991 and spread freely across the “Internet” in feb 1993 he was investigated for “munitions export without a licence” he founded pgp inc, bought by nai and then by symantec commercial solution also open pgp or gnu privacy guard gpg open source solution truecrypt ● ● ● ● ● creates a virtual encrypted disk within a file and mounts it as a real disk encrypts an entire partition or storage device such as USB flash drive or hard drive encrypts a partition or drive where windows is installed (pre-boot authentication) encryption is automatic, real-time (on-the-fly) and transparent provides plausible deniability, in case an adversary forces you to reveal the password ● hidden volume ● hidden operating system Tor Project Tor was started as the Onion Routing Project of the US Navy. The object was to protect government communications The NSA does not like it now..... Bruce Schneier solution air gap • • • • • • • • • after you install it, don't connect your computer to the internet (even with wireless!) don't trust encryption software from big vendors (bitlocker) minimum software: open office, pdf reader, text editor, truecrypt bleachbit turn off all autorun don't transfer executables if you can avoid it use trusted media (that you have bought yourself) write once media (cd) better than writeable media like usb stick use the smallest devices you can encrypt everything contact [email protected] links showden timeline http://www.heise.de/extras/timeline/ first article in the guardian: http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data tor stinks presentation http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsapresentation-document NSA against smartphones http://www.spiegel.de/spiegel/print/d-111320266.html EFF surveillance self-defence https://ssd.eff.org/ truecrypt http://truecrypt.org tor project http://torproject.org gnupg http://gnupg.org gpgmail https://gpgtools.org/ piratenpartei https://wiki.piratenpartei.de/HowTo_Emails_verschlüsseln_mit_PGP_mit_Thunderbird c't briefgeheimnis http://www.heise.de/artikel-archiv/ct/2014/04/086_Briefgeheimnis Bruce Schneier – a guide to staying secure, air gaps https://www.schneier.com/essay-450.html https://www.schneier.com/blog/archives/2013/10/air_gaps.html