 The magazine of the Melbourne PC User Group Privacy protection for all Major Keary |
 |
André Bacard in The Computer Privacy Handbook quotes William Safire - a New York Times columnist - on the subject:
"We are frisking each other. Picture yourself going to work tomorrow, handing over blood and urine samples, taking a quick turn with the house polygraph, turning out your pockets and walking through some new fluoroscope. You object? Whatsamatter, you got something to hide?"
Bacard asks his reader to imagine making a visit to the police and FBI and demanding to be provided with whatever information they have on their respective databases about you. The chance of success is, of course, pretty slim. You are likely to be treated as a crackpot. So, he suggests, your response should be, "Whatsamatter, you got something to hide?"
The politics of privacy
Governments in many countries are concerned to curb the use by ordinary citizens of newfound cryptographic tools. They argue the need for some state organs to have the ability to intercept and read all communications (excepting, of course, those communications protected by diplomatic treaty and of the state).
Cryptography is an old art. Until recent times codes and ciphers were, with the exception of one method, vulnerable to attack. Computers per se extended the capacity of cryptanalysts, but did not provide any significant improvement to cryptography other than to make existing systems more efficient.
The one system that still defies all attacks is known as a one-time-pad. Why is it so good? Because it uses a key that is unique to a given message, and the key is the same length as the message. The system has been applied to computer-generated cryptosystems, but is still employed using physical pads on which are printed groups of random letters (some systems used numerals, but the alphabetic one is most common). I can assure you the process of encrypting a message is tedious, but a great way of focusing on brevity. The necessary key has to be held by all communicating parties.
The most significant advance in the history of cryptography was the concept of a public key. That will be explained more later on, but public key encryption has empowered ordinary people to use an extremely secure method of keeping their communications private, and similarly protecting their data.
The most well-known of those systems is PGP (Pretty Good Privacy) created by Philip Zimmermann and publicly available in freeware versions. It has, however, attracted official ire in the United States.
The problem is that the American government defines cryptographic material as a munition; the International Traffic in Arms Regulations makes it illegal to export (or even give to someone who is not a US or Canadian citizen) cryptographic software or any other crypto material.
The government there is pursuing introduction and mandatory use (to the exclusion of PGP and similar systems) of Clipper. Those who think Clipper is just the name of a dBASE compiler should enlighten themselves about the other Clipper. It is a chip designed for encryption; in spite of official denials, some suspect it has a back door that enables government to read intercepted messages. The official line is that anyone, other than state organs, wanting to use encrypted communications will use Clipper and lodge their encryption key with some official repository. The idea is that, in the event of official need to read an intercepted communication, the key can be obtained by court order.
There are some who just don't trust government, and argue that it will not stop the bad guys from using sophisticated encryption. Imagine Saddam Hussein instructing his agents in the US, "Now, you chaps, observe the law and use Clipper when sending secret messages."
It is not just the Americans. In France it is illegal for anyone to use PGP or the like. There has been discussion in Australia and the official line seems to be running parallel to that of the Americans.
André Bacard's book - described in more detail later - is an excellent resource for anyone interested in the politics of privacy and the for-and-against arguments. It also describes Clipper.
The PGP export saga
Because of the crypto-is-munitions argument, export of PGP from North America is illegal. It is not, however, illegal to use PGP outside the USA - get a copy from anywhere in the world except North America and use it without fear of legal action.
Authors of books about PGP often seem to engage in an odd semantic ritual that brings to mind Yes Minister. It is all because export of PGP from North America (export to Canada is permitted) is illegal. American officialdom persists with the charade even though PGP is freely available world-wide. Authors and publishers have to be careful not to compromise themselves, hence the strange and evasive manner that sometimes creeps into the writing.
Even though Zimmermann could not legally export PGP, it escaped from the US and has since proliferated on the Internet.
There are all sorts of odd twists and turns to the story of PGP; for example for reasons of copyright there are differently designated versions for distribution in North America and elsewhere. The present situation is that the latest international version is marginally the better one, but both are compatible. The reason is the copyright status of RSA. The copyright is not recognised outside America, but the latest international version of PGP has substituted MITLIB, a work-alike that is faster than RSA. Within America some early versions of PGP infringed RSA copyright, but the current versions do not.
The fact that the legal action against Phil Zimmermann has been abandoned does not change the legal position in the USA; export of serious crypto is prohibited.
Non-American sources of PGP
PGP is available for Amiga, Atari, Archimedes, Mac, Mac Applescript, DOS, and UNIX. Some BBSs carry PGP, but Internet sites are the most reliable source. Australian ftp sites with versions for Mac, DOS, and UNIX and listed by archie.au are: coombs.anu.edu.au (/pub/pgp) ftp.ocs.mq.edu.au (/PC/Crypt) ftp.dstc.edu.au (/u7/security/Crypto/PGP) and there are many other sites world-wide. The latest version (2.6.2i) can be found at http://rschp2.anu.edu.au:8080/crypt.html - for those who don't use a Windows interface, Lynx can be used to locate and download PGP262I.ZIP. It is also on Melb PC BBS.
Pretty Good Privacy
PGP is a cryptographic (crypto for short) system originally devised by Phil Zimmermann. It uses known algorithms in a particularly efficient way using public key encryption.
An important feature of PGP is that anything encrypted on one platform can be decrypted by a version of the program running on some other platform. PGP can also be used to encrypt a binary file - executable, image, or whatever - which is a convenient way of sending binaries by e-mail, or protecting stored data.
Algorithms used by PGP for its various functions are:
- RSA is a public key cryptosystem that can be used for encryption and digital signatures and is used in the commercial version (ViaCrypt) and a freeware version released by MIT
- MPILIB is an alternative to RSA and used in PGP 2.6.2i; because of the RSA copyright problem within America MPILIB cannot be legally used there
- MD5 generates hash code; when used on plaintext of any length it creates a value that is a virtual fingerprint of the original text - if even a single letter is changed in the plaintext it will not return the same hash code
- IDEA (International Data Encryption Algorithm), which is similar to DES (Data Encryption Standard), is used to encrypt the main text of a message; IDEA uses a much longer key than DES and is, therefore, much more secure
- ASCII armor is not a reference to armour against attack, but to arming a file for its passage through e-mail systems, which sometimes change things when 8-bit ASCII is used; ASCII armor converts everything to 7-bit printable ASCII characters
- ZIP (also known as LZ 77), a popular compression algorithm, is used as one of PGP's functions
PGP takes a plaintext file and, according to user preferences, may first append a header containing an enciphered digital signature. The file (encrypted header and plaintext) can be compressed and the resulting file encrypted and converted to ASCII armor for transmission. Users can put PGP to work as-is without too much worry about switches and the configuration file. Once some familiar with its default operation the user can turn to fine tuning. It is a marvellous example of programming when one considers the complexity of the various algorithms used.
Why compression?
Apart from reducing the size of a file for encryption, compression performs another important function. It provides an added defence against cryptanalysis. Powerful computers can be used in successful brute force attacks (one simply tries every possible combination to find the key), but success is not apparent until some plaintext is revealed. Compressed plaintext is no longer readable and the cryptanalyst has a difficult task in deciding when to test for compression.
Public and private keys
The most significant advance in cryptography has been public key encryption. Conventional encryption requires that both sender and receiver have an identical key; the problem is how to communicate the key and protect it. There are situations in which the problem of key security can be overcome, but what about the Herbert in Hobart who wants to send a message to Helga in Helsinki; they have never met and there is no way in which a conventional key can be exchanged securely.
Public and private keys are generated using the RSA algorithm. There are public registers for public keys, and it is quite secure to send one in plaintext to an intended recipient of an encrypted message.
Suppose Herbert of Hobart informs Helga of Helsinki that he wants to exchange e-mail using PGP. They can exchange public keys in plaintext by e-mail, or inform each other of their respective public key servers. Herbert then uses Helga's public key to encrypt a message that can be decrypted by only Helga's private key. Cunning, isn't it? The key used to encrypt cannot be used to decrypt. When Helga replies, the message is encrypted using Herbert's public key and his private key is the only way in which the message can be converted back to plaintext.
If Herbert was proposing marriage and later reneged, Helga would have no difficulty in establishing that the proposal had come from Herbert and not from some prankster.
A particular strength of PGP is the way in which it solves the problem of tampering with public keys.
Digital signatures
It is often not necessary to encrypt the body of a message, but it may be important to provide sender authentication. PGP's digital signature function serves that purpose.
There are many reasons for having a reliable method of verifying the identity of someone who has sent a message or other communication. For example, a stock broker receives an order by e-mail; the order is executed, but the client later denies having sent it. If a digital signature is appended it is a simple - and very reliable - matter to authenticate the sender's identity.
Financial transactions, access to restricted areas of a network, and even proposals of marriage are just some of the ways in which digital signatures can be used to overcome forged messages, passwords, and the like. Digital signatures are usually an element in providing a guarantee that the message has not been altered.
It works like this. Herbert in Hobart wants to send e-mail to Helga in Helsinki and to provide Helga with the means of satisfying herself that the message is in fact from Herbert and has not been changed. Herb runs his message through PGP which uses MD5 with his private key to generate a hash code of his plaintext; the hash code is then encrypted with RSA, also using Herb's private key. His key ID (usually an e-mail address and necessary to get his public key) is also attached to the message.
At the other end Helga uses Herb's key ID to obtain his public key which is used by PGP to decrypt the hash code; PGP then does a hash of the message and compares the results. If they are identical the message is authentic.
Electronic fingerprints
In publications, e-mail, newsgroup postings, and other places one may see something like:
|
PGP Fingerprint: 9E 94 45 13 39 83 5F 70 7B E7 D8 ED C4 BE 5A A6 |
which is Phil Zimmermann's and is a hash code of his PGP public key. If someone creates a key pair and tried to pass the public one off as that of Phil Zimmermann it will fail the hash test.
PGP and character sets
What happens when plaintext is created using differently mapped character sets? The English version of Windows uses an extended version of ISO 8859/1 (also known as Latin 1, but not to be confused with IBM's Code Page 850 which is also called Latin 1). Most English language DOS applications use either CP850 or CP437 (both IBM creations) that map characters between 127 and 255 quite differently from what Microsoft loosely calls ANSI. In fact ANSI X3.134.1, which is identical with ISO 8859/1, does not use the code positions 1 - 31 and 127 - 159, whereas Windows applications use most of those positions for extra characters. CP437 and CP850 use all but position 255, but vary considerably between each other; CP437 has all the fancy box drawing characters and some Greek characters, whereas CP850 provides a range of accented and other special characters.
Windows also has several language versions, each with its own mappings of the positions above 127.
Whatever character set or keyboard configuration is used, the extended ASCII codes generated are encrypted and decrypted as-is. If you create a file using Windows software and the recipient reads it in DOS, then some characters will be garbled. Accented characters are the main problem; for example, the character,
é, is mapped at 130 in CP437 and CP850, but appears as a comma in most Windows applications; in ISO 8859/1 and Windows ANSI,
é is mapped at 233, which is the code position for [unreproducible] in CP437 and
Ú in CP850.
PGP's configuration file does provide for some character conversion, but if one wants to use characters mapped above 127 be aware that they may be garbled at the receiving end. There is nothing new about that. ISO 646 defines 7-bit ASCII with no less than thirty-seven national variants in respect of twelve positions: # $ @ [ \ ] ^ ' { | } ~. ASCII was originally devised for teletype and cable traffic; even for that purpose one had to be careful when sending anything to Canada where ten of those character positions are used for accented vowels in a Canadian standard, CSA Z243.4, for 7-bit ASCII. IBM's 8-bit French Canadian set, CP863, manages to consign the accented characters to positions above 127, thus retaining compatibility with ANSI X3.4 (American 7-bit ASCII).
If Herbert of Hobart uses DOS with CP437 and Helga of Helsinki is using MS-Windows ANSI, then Helga may unwittingly be saying
no when she means yes. Helga might even be using the East European version of Windows, in which case the default will be another character set (based on ISO 8859/4).
The moral is, stick to real ASCII (7-bit) for encrypted messages unless there is an understanding between communicating parties as to which character set will be used.
Documentation
Phil Zimmermann's manual, The Official PGP User's Guide, should be part of the PGP archive file found at Internet sites. It is also published as a book by MIT Press.
There are publications that describe PGP amongst other systems and in the general context of netware security. Two particular books deal with PGP exclusively:
The Computer Privacy Handbook and Protect Your Privacy.
The Computer Privacy Handbook
André Bacard is quite passionate about privacy and how ordinary people can reassert it. His book reads like a well prepared text for a presentation, which makes for easy and pleasant reading. That's not surprising, as he is a highly regarded public speaker in America.
A third of the book is about the issue of privacy per se and is the most articulate argument I have seen for resisting official assertions of necessity for the interception and collection of private information.
Having spent many years working in and with organisations that invade privacy - in the public interest, of course - I can claim a more than ordinary acquaintance with the issues and find the author is not over-sensitive to the threat of personal information being misused. That is not to deny the official camp does has some strong arguments, but I find those of
André Bacard quite compelling.
Anyone involved in civil liberties will find the first part of the book a useful resource, even if they have no desire to comprehend cryptographic systems in general or PGP in particular.
Having argued why we should not be complacent about privacy protection, the book goes on to describe cryptology in general and deals in some detail with Clipper.
There is a short, but informative overview of cryptology that includes the Data Encryption Standard (DES), RSA (the letters stand for the names of its three inventors: Rivest, Shamir, and Adelman), and digital signatures.
The rest of the book is about PGP and using it on a PC. Even though it talks about ViaCrypt 2.7 (a commercial implementation) the operations are identical to that of the international versions (identified by the letters ui or i in the file name). The author does a good job of explaining how to install and run PGP.
The book is of special importance to those who have an interest in the privacy issue and if only for that is recommended as a library acquisition. It is also a good introduction for those who have no background knowledge of cryptology and would like a starting point for further reading.
|
André‚ Bacard:
The Computer Privacy Handbook ISBN 1 56609 171 3 Published by Peachpit Press 274 pages RRP $46.95 |
Protect Your Privacy - A Guide for PGP Users
Dr William Stallings is a well known author of books on communications. In particular he has written on network security and the implementation of encryption systems.
Even though most of his publications are intended for a professional audience, a degree in computer science is not required to comprehend them. Bill Stallings is articulate and, without talking down to non-professional readers, is very good at explaining concepts that don't lend themselves easily to the written word.
Protect Your Privacy - A Guide for PGP Users is an excellent user manual. Eschewing the politics of privacy, the author deals with the fundamentals of one particular system, Zimmermann's PGP. His overview of conventional encryption, public key encryption, secure hash functions, and digital signatures is a good introduction. He discusses in some depth - but is never incomprehensible - the way in which they work and are brought together in PGP.
The reader will find a lucid account, supported by useful diagrams, of how public and private key systems function and how the keys are generated.
The book covers Windows, DOS, and Mac implementations of PGP. There is no Windows version per se, but at least two
front ends are available.
This is the best available account of PGP. Phil Zimmermann, in a foreword, refers to his own publication -
Official PGP User's Guide - and then says, "But Bill Stallings' book is more comprehensive than mine, more thorough, covering more detail, with a lot more diagrams.... In fact I'll probably use his book myself as my preferred reference to PGP". Every detail is covered, particularly configuration options and how to make your own implementation more secure.
Passwords can be troublesome. On the one hand is remembering them, and on the other hand is the need to make them safe against attack. A chapter is devoted to strategies and other helpful advice.
There is a useful section on resources, such as where to find PGP, current versions, export controls, and public key servers.
Given that PGP is available free, the price of the book is a small investment for a really good and thorough manual.
|
William Stallings: Protect Your Privacy, A guide for PGP Users ISBN 0 13 185596 4 Published by Prentice Hall 302 pages RRP $34.95 |
Reprinted from the April 1996 issue of PC Update, the magazine of Melbourne PC User Group, Australia
