SlideShare une entreprise Scribd logo
1  sur  17
Télécharger pour lire hors ligne
End to End Encryption
Why it matters
The example of email communications
Thomas Seropian
How does email work?
• Your inbox is hosted on an email server
• These servers are inter-connected
• Email messages are stored and processed
in clear text (or not?)
• You are connecting to these using Wi-Fi,
your ISP, and network cables
End to End Encryption in 10 minutes -
The internet is not a safe place
• Lots of computers connected together
• Using protocols designed in the 70s, by
scientists and military
• Expected to be used by max 1000 users
• No security implemented by design
• Imagine 100 people gatecrashing a house
party with no locks on the doors!
You are receiving a postcard
• Can your mailman read your postcards?
• Can the van driver read your postcards?
• Can your neighbours access your PO box?
• Can they ask your landlord for a key, forge
one?
• Can they give it to a private detective?
• Is the sender the person they claim to be?
Emails V Postcards
• Email address = Personal Post Box
• Email message = Postcard
• Email servers = Post office
• Wi-Fi / ISP = Mail Van Drivers
Threats Diagram
• Communication security over a network
• Encrypting communications on a network
(previously called SSL)
• The van driver cannot access the content
in the mail bag (but your mailman can)
• Gmail & Facebook provide TLS (HTTPS)
however …
Transport Layer Security
Threats Diagram
End-to-End Encryption
• Put your postcard in a safe and send the safe
via email
• Each safe has a special lock that only you
and your recipient can trigger
• You need to exchange keys in order to send
messages to each other
• Anyone without the key is unable to open it
Each user has a pair of keys.
• Public Key : to be shared with recipients
• Private Key : to be kept in a safe place. No
one else has access to it
Threats Diagram
End to End Encryption in 10 minutes -
Why is this important
• Protecting against cyber threats
• If an attacker gains access to your inbox,
they cannot read your messages
• Protecting personal privacy from
increasing surveillance systems
• Your recipient knows you are the genuine
sender (your key is private)
E2EE in the news
• Whatsapp rolling out E2E encryption for 1
billion users
• Snowden was using PGP to communicate
with Laura Poitras and The Guardian
Thank you for your time
• Questions, comments?
• Contact me
– thomas@seropian.io
– PGP Key : 0xfc944ab6
• Slides
– http://seropian.io/assets/files/e2ee.pdf
Further reading
• Security In A Box
• EFF’s Security Self Defense
• Digital First Aid Kit
• CPJ’s Journalist Security Guide

Contenu connexe

Tendances

MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash functionChirag Patel
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Hardik Manocha
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIMERohit Soni
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash functionomarShiekh1
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 

Tendances (20)

SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
 
5. message authentication and hash function
5. message authentication and hash function5. message authentication and hash function
5. message authentication and hash function
 
Encryption ppt
Encryption pptEncryption ppt
Encryption ppt
 
WhatsApp security
WhatsApp securityWhatsApp security
WhatsApp security
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES)
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
 
Key management
Key managementKey management
Key management
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
cryptography
cryptographycryptography
cryptography
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Cryptography
CryptographyCryptography
Cryptography
 

En vedette

Review on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integrationReview on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integrationGovindarrajan NV
 
End-to-end encryption explained
End-to-end encryption explainedEnd-to-end encryption explained
End-to-end encryption explainedTodd Merrill
 
Encryption: It's For More Than Just Passwords
Encryption: It's For More Than Just PasswordsEncryption: It's For More Than Just Passwords
Encryption: It's For More Than Just PasswordsJohn Congdon
 
Gregor kopf , bernhard brehm. deniability in messaging protocols
Gregor kopf , bernhard brehm. deniability in messaging protocolsGregor kopf , bernhard brehm. deniability in messaging protocols
Gregor kopf , bernhard brehm. deniability in messaging protocolsYury Chemerkin
 
Secure Communication
Secure CommunicationSecure Communication
Secure CommunicationKoen Van Impe
 
Dublin Core Application Profile for Scholarly Works KE
Dublin Core Application Profile for Scholarly Works KEDublin Core Application Profile for Scholarly Works KE
Dublin Core Application Profile for Scholarly Works KEJulie Allinson
 
Social Media on Exchange
Social Media on ExchangeSocial Media on Exchange
Social Media on ExchangeCyprien Lomas
 
Publicidad inteligente
Publicidad inteligentePublicidad inteligente
Publicidad inteligenteshesys
 
Dcap Ja Progmeet 2007 07 05
Dcap Ja Progmeet 2007 07 05Dcap Ja Progmeet 2007 07 05
Dcap Ja Progmeet 2007 07 05Julie Allinson
 
7 trends to be aware of for learning spaces
7 trends to be aware of for learning spaces7 trends to be aware of for learning spaces
7 trends to be aware of for learning spacesCyprien Lomas
 
fiesta de gala
fiesta de galafiesta de gala
fiesta de galaelcanga
 
Second Life Brown Bag
Second Life Brown BagSecond Life Brown Bag
Second Life Brown BagCyprien Lomas
 
Radically Open Cultural Heritage Data on the Web
Radically Open Cultural Heritage Data on the WebRadically Open Cultural Heritage Data on the Web
Radically Open Cultural Heritage Data on the WebJulie Allinson
 
Dublin Core Application Profile for Scholarly Works Slainte
Dublin Core Application Profile for Scholarly Works SlainteDublin Core Application Profile for Scholarly Works Slainte
Dublin Core Application Profile for Scholarly Works SlainteJulie Allinson
 
SWAP : A Dublin Core Application Profile for desribing scholarly works
SWAP : A Dublin Core Application Profile for desribing scholarly worksSWAP : A Dublin Core Application Profile for desribing scholarly works
SWAP : A Dublin Core Application Profile for desribing scholarly worksJulie Allinson
 
Web CT as a Catalyst
Web CT as a Catalyst Web CT as a Catalyst
Web CT as a Catalyst Cyprien Lomas
 
Sword Or2008 Julieallinson
Sword Or2008 JulieallinsonSword Or2008 Julieallinson
Sword Or2008 JulieallinsonJulie Allinson
 

En vedette (20)

Review on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integrationReview on Whatsapp's End to End encryption and Facebook integration
Review on Whatsapp's End to End encryption and Facebook integration
 
End-to-end encryption explained
End-to-end encryption explainedEnd-to-end encryption explained
End-to-end encryption explained
 
Encryption for Everyone
Encryption for EveryoneEncryption for Everyone
Encryption for Everyone
 
Encryption: It's For More Than Just Passwords
Encryption: It's For More Than Just PasswordsEncryption: It's For More Than Just Passwords
Encryption: It's For More Than Just Passwords
 
Gregor kopf , bernhard brehm. deniability in messaging protocols
Gregor kopf , bernhard brehm. deniability in messaging protocolsGregor kopf , bernhard brehm. deniability in messaging protocols
Gregor kopf , bernhard brehm. deniability in messaging protocols
 
Secure Communication
Secure CommunicationSecure Communication
Secure Communication
 
Dublin Core Application Profile for Scholarly Works KE
Dublin Core Application Profile for Scholarly Works KEDublin Core Application Profile for Scholarly Works KE
Dublin Core Application Profile for Scholarly Works KE
 
Social Media on Exchange
Social Media on ExchangeSocial Media on Exchange
Social Media on Exchange
 
Publicidad inteligente
Publicidad inteligentePublicidad inteligente
Publicidad inteligente
 
Dcap Ja Progmeet 2007 07 05
Dcap Ja Progmeet 2007 07 05Dcap Ja Progmeet 2007 07 05
Dcap Ja Progmeet 2007 07 05
 
7 trends to be aware of for learning spaces
7 trends to be aware of for learning spaces7 trends to be aware of for learning spaces
7 trends to be aware of for learning spaces
 
Sword Bl 0903[1]
Sword Bl 0903[1]Sword Bl 0903[1]
Sword Bl 0903[1]
 
fiesta de gala
fiesta de galafiesta de gala
fiesta de gala
 
Second Life Brown Bag
Second Life Brown BagSecond Life Brown Bag
Second Life Brown Bag
 
Radically Open Cultural Heritage Data on the Web
Radically Open Cultural Heritage Data on the WebRadically Open Cultural Heritage Data on the Web
Radically Open Cultural Heritage Data on the Web
 
Dublin Core Application Profile for Scholarly Works Slainte
Dublin Core Application Profile for Scholarly Works SlainteDublin Core Application Profile for Scholarly Works Slainte
Dublin Core Application Profile for Scholarly Works Slainte
 
SWAP : A Dublin Core Application Profile for desribing scholarly works
SWAP : A Dublin Core Application Profile for desribing scholarly worksSWAP : A Dublin Core Application Profile for desribing scholarly works
SWAP : A Dublin Core Application Profile for desribing scholarly works
 
Web CT as a Catalyst
Web CT as a Catalyst Web CT as a Catalyst
Web CT as a Catalyst
 
Sword Or2008 Julieallinson
Sword Or2008 JulieallinsonSword Or2008 Julieallinson
Sword Or2008 Julieallinson
 
Kurios
KuriosKurios
Kurios
 

Similaire à End to End Encryption in 10 minutes -

E-mail and Encryption
E-mail and EncryptionE-mail and Encryption
E-mail and Encryptionhey4ndr3w
 
20 security
20 security20 security
20 securityabiy2004
 
Email security
Email securityEmail security
Email securitySultanErbo
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking Salman Memon
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Nicholas Davis
 
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...Nicholas Davis
 
Outlook and thunderbird ii
Outlook and thunderbird iiOutlook and thunderbird ii
Outlook and thunderbird iiBanukaVidusanka
 
Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Gabor Szathmari
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, WorteksParis Open Source Summit
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for DummiesWorteks
 
Topsec Service Infographic
Topsec Service InfographicTopsec Service Infographic
Topsec Service InfographicGary Fleming
 
Encrypted email hack2o presentation
Encrypted email   hack2o presentationEncrypted email   hack2o presentation
Encrypted email hack2o presentationAnn Treacy
 

Similaire à End to End Encryption in 10 minutes - (20)

E-mail and Encryption
E-mail and EncryptionE-mail and Encryption
E-mail and Encryption
 
20 security
20 security20 security
20 security
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101
 
PGP.ppt
PGP.pptPGP.ppt
PGP.ppt
 
Pgp
PgpPgp
Pgp
 
Email security
Email securityEmail security
Email security
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking
 
Email
EmailEmail
Email
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...
 
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
 
Outlook and thunderbird ii
Outlook and thunderbird iiOutlook and thunderbird ii
Outlook and thunderbird ii
 
Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
 
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
#OSSPARIS19 - TLS for dummies - MAXIME BESSON, Worteks
 
[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
 
Topsec Service Infographic
Topsec Service InfographicTopsec Service Infographic
Topsec Service Infographic
 
Encrypted email hack2o presentation
Encrypted email   hack2o presentationEncrypted email   hack2o presentation
Encrypted email hack2o presentation
 

Dernier

SQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxSQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxJustineGarcia32
 
Tungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and BeyondTungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and BeyondContinuent
 
Google-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdfGoogle-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdfMaria Adalfio
 
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...hasimatwork
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
Benefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptxBenefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptxlibertyuae uae
 
Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019Eric Johnson
 
overview of Virtualization, concept of Virtualization
overview of Virtualization, concept of Virtualizationoverview of Virtualization, concept of Virtualization
overview of Virtualization, concept of VirtualizationRajan yadav
 
Generalities about NFT , as a new technology
Generalities about NFT , as a new technologyGeneralities about NFT , as a new technology
Generalities about NFT , as a new technologysoufianbouktaib1
 
如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?krc0yvm5
 

Dernier (10)

SQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxSQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptx
 
Tungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and BeyondTungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and Beyond
 
Google-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdfGoogle-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdf
 
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
Benefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptxBenefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptx
 
Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019
 
overview of Virtualization, concept of Virtualization
overview of Virtualization, concept of Virtualizationoverview of Virtualization, concept of Virtualization
overview of Virtualization, concept of Virtualization
 
Generalities about NFT , as a new technology
Generalities about NFT , as a new technologyGeneralities about NFT , as a new technology
Generalities about NFT , as a new technology
 
如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?
 

End to End Encryption in 10 minutes -

  • 1. End to End Encryption Why it matters The example of email communications Thomas Seropian
  • 2. How does email work? • Your inbox is hosted on an email server • These servers are inter-connected • Email messages are stored and processed in clear text (or not?) • You are connecting to these using Wi-Fi, your ISP, and network cables
  • 4. The internet is not a safe place • Lots of computers connected together • Using protocols designed in the 70s, by scientists and military • Expected to be used by max 1000 users • No security implemented by design • Imagine 100 people gatecrashing a house party with no locks on the doors!
  • 5. You are receiving a postcard • Can your mailman read your postcards? • Can the van driver read your postcards? • Can your neighbours access your PO box? • Can they ask your landlord for a key, forge one? • Can they give it to a private detective? • Is the sender the person they claim to be?
  • 6. Emails V Postcards • Email address = Personal Post Box • Email message = Postcard • Email servers = Post office • Wi-Fi / ISP = Mail Van Drivers
  • 8. • Communication security over a network • Encrypting communications on a network (previously called SSL) • The van driver cannot access the content in the mail bag (but your mailman can) • Gmail & Facebook provide TLS (HTTPS) however … Transport Layer Security
  • 10. End-to-End Encryption • Put your postcard in a safe and send the safe via email • Each safe has a special lock that only you and your recipient can trigger • You need to exchange keys in order to send messages to each other • Anyone without the key is unable to open it
  • 11. Each user has a pair of keys. • Public Key : to be shared with recipients • Private Key : to be kept in a safe place. No one else has access to it
  • 14. Why is this important • Protecting against cyber threats • If an attacker gains access to your inbox, they cannot read your messages • Protecting personal privacy from increasing surveillance systems • Your recipient knows you are the genuine sender (your key is private)
  • 15. E2EE in the news • Whatsapp rolling out E2E encryption for 1 billion users • Snowden was using PGP to communicate with Laura Poitras and The Guardian
  • 16. Thank you for your time • Questions, comments? • Contact me – thomas@seropian.io – PGP Key : 0xfc944ab6 • Slides – http://seropian.io/assets/files/e2ee.pdf
  • 17. Further reading • Security In A Box • EFF’s Security Self Defense • Digital First Aid Kit • CPJ’s Journalist Security Guide

Notes de l'éditeur

  1. Let me explain to you how E2EE is working, and why it does matter. I will take email communications as example but the concept is the same wether we talk about encryption on mobile phone apps (such as Whatsapp) and servers communications.
  2. First a reminder on how emails are working. Your inbox is hosted on a server (could be Gmail, you corporate infrastructure of your own server) These servers are communicating with each other (using standards protocols – you might have heard of SMTP). Your emails are processed by all sort of algorithms and you are connecting to them using your local ISP, your corporate network or the local coffee shop.
  3. Here is a visual illustration. You are sending a message to your receipient, connecting to Gmail using your wifi and local ISP. Your recipient connects to his mailbox from his end using the same way.
  4. At this stage, it is also important to remind you that Internet is not a safe place. Internet as we know it relies on protocols which were designed in the 70s by a bunch of scientists and military who were expected maximum 1000 people to use it. They had no idea about adding security by default. 40 years later, 3 billions people are using the same protocols. Imagine a hundred people crashing a house party with no locks on the door. You may want to be careful  Let’s have a look more specifically at emails communications
  5. Imagine you are receiving a postcard from a friend. What security threats can we think of? How can you make sure your mailman does not read your postcard? How can you make sure the truck driver does not open the mailbag? How can your make sure your neighbours/someone else, don’t pick the lock to get access to your private post box? How can you guarantee the sender is who they claim to be? These real life situation can be found very similar equivalent online.
  6. Sending emails is like sending postcards.
  7. Let’s go back to our illustration As you can see threats can come at any point of the email chain. A the server level and any node of the transport chain. Using no protection, anyone snooping on your Wi-Fi or at your ISP level can read your emails at anytime. Who can see it??? Network administrator on the local Wi-Fi System administrator / Government at ISP level System administrator / Hacker at the Email server level
  8. Since the late 90s, additional protocols have been put in place to help safe guard the Internet. TLS for transport layer security (formerly known as SSL) ensure encryption between 2 points of the network, in our case the user and their email inbox. Basically truck drivers are not able to open mails while transporting big bags but your providers still can. For example Gmail and Facebook provide full HTTPS but can still read your messages. Here is another illustration, green arrows are popping out.
  9. So here is another illustration. With TLS all the communications betweem user and email servers are secure. However anyone who gains access to the sender or the recipient inbox can read their emails.
  10. E2EE brings an additional layer of encryption. E2EE is equivalent of putting your message in a locked safe and sending the safe by email. This safe can olny be open by keys that only you and your recipient own. Anyone else won’t be able to open it. For example only you and your recipient can read encrypted emails, Gmail cannot..
  11. Any user who want to send encrypted messages has 2 keys. A public one and a private one. Alice wants to send an encrypted message to Bob. Alice asks Bob’s public key. Alice uses her private key and Bob’s public key to close the lock. Bob uses his private key to open it. Anyone else without Bob’s private key cannot read it.
  12. Now it is all green everywhere.
  13. And here is an example of an encrypted email.
  14. If you are using whatsapp you may have noticed that they deployed E2EE for their application. Also, if you followed NSA snowden leaks news a couple of years ago, you may have heard that he was using the exact same type of encryption.
  15. Thank you for your time. My practical exercise will consist of creating each of us a pair of key and send encrypted messages. Let me know if you have any question. B