Advertisement

Challenging the Trustworthiness of PGP: Is the Web-of-Trust Tear-Proof?

  • Alessandro Barenghi
  • Alessandro Di Federico
  • Gerardo Pelosi
  • Stefano Sanfilippo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9326)

Abstract

The OpenPGP protocol provides a long time adopted and widespread tool for secure and authenticated asynchronous communications, as well as supplies data integrity and authenticity validation for software distribution. In this work, we analyze the Web-of-Trust on which the OpenPGP public key authentication mechanism is based, and evaluate a threat model where its functionality can be jeopardized. Since the threat model is based on the viability of compromising an OpenPGP keypair, we performed an analysis of the state of health of the global OpenPGP key repository. Despite the detected amount of weak keypairs is rather low, our results show how, under reasonable assumptions, approximately 70 % of the Web-of-Trust strong set is potentially affected by the described threat. Finally, we propose viable mitigation strategies to cope with the highlighted threat.

Keywords

Web-of-Trust WoT OpenPGP GPG PGP 

References

  1. 1.
    Barenghi, A., Beretta, M., Di Federico, A., Pelosi, G.: Snake: an end-to-end encrypted online social network. In: Bourgeois, J., Magoulès, F. (eds.) 2014 IEEE International Conference on High Performance Computing and Communications, 6th IEEE International Symposium on Cyberspace Safety and Security, 11th IEEE International Conference on Embedded Software and Systems, HPCC/CSS/ICESS 2014, Paris, France, 20–22 August 2014. IEEE (2014)Google Scholar
  2. 2.
    Bernstein, D.J., Lange, T.: Batch NFS. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 38–58. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  3. 3.
    Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP Message Format. RFC 4880, updated by RFC 5581 (2007)Google Scholar
  4. 4.
    Callas, J., Donnerhacke, L., Finney, H., Thayer, R.: OpenPGP Message Format. Internet RFC 2440 (1998)Google Scholar
  5. 5.
    Chokhani, S., Ford, W.: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. RFC 2527, obsoleted by RFC 3647 (1999)Google Scholar
  6. 6.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, updated by RFCs 5746, 5878, 6176 (2008)Google Scholar
  7. 7.
    Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Crypt. 2(2), 107–125 (1992)MathSciNetCrossRefGoogle Scholar
  8. 8.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Hall, T.A., Keller, S.S.: The FIPS 186–4 Elliptic Curve Digital Signature Algorithm Validation System. NIST (2014). http://csrc.nist.gov/groups/STM/cavp/documents/dss2/ecdsa2vs.pdf
  10. 10.
    Heininger, N.: Factoring as a Service. CRYPTO 2013 Rump session (2013). https://www.cis.upenn.edu/nadiah/projects/faas/
  11. 11.
    Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your Ps and Qs: detection of widespread weak keys in network devices. In: Kohno, T. (ed.) Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, 8–10 August 2012, pp. 205–220. USENIX Association (2012)Google Scholar
  12. 12.
    Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thomé, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A., te Riele, H., Timofeev, A., Zimmermann, P.: Factorization of a 768-bit RSA modulus. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  13. 13.
    Koch, W.: The GNU Privacy Guard (2015). https://www.gnupg.org
  14. 14.
    Lenstra, A.K.: Integer factoring. Des. Codes Crypt. 19(2/3), 101–128 (2000)MathSciNetCrossRefGoogle Scholar
  15. 15.
    McGee, D.: PGP Packet Parser Library (2015). https://github.com/toofishes/python-pgpdump
  16. 16.
    Minsky, Y., Clizbe, J., Fiskerstrand, K.: Synchronizing Key Server (SKS) Software Package (2015). https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Home
  17. 17.
    Minsky, Y., Trachtenberg, A., Zippel, R.: Set reconciliation with nearly optimal communication complexity. IEEE Trans. Inf. Theory 49(9), 2213–2218 (2003)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Mozilla Security Engineering Team: Phasing Out Certificates with SHA-1 based Signature Algorithms (2014). https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/
  19. 19.
    National Institute of Standards and Technology: Digital Signature Standard (DSS). Federal Information Processing Standards Publication (FIPS) 186-4. U.S. Department of Commerce (2013). http://dx.doi.org/10.6028/NIST.FIPS.186-4
  20. 20.
    Nguyên, P.Q.: Can we trust cryptographic software? Cryptographic flaws in GNU privacy guard v1.2.3. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 555–570. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  21. 21.
    Palmer, C., Sleevi, R.: Gradually Sunsetting SHA-1 (2014). http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
  22. 22.
    Peixoto, T.P.: The Graph-tool Python Library (2014). http://figshare.com/articles/graph_tool/1164194
  23. 23.
    Penning, H.P.: PGP Pathfinder and Key Statistics (2015). http://pgp.cs.uu.nl/
  24. 24.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Shaw, D.: OpenPGP HTTP Keyserver Protocol (HKP). Expired Internet-Draft (2013). http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
  26. 26.
    Somogyi, S.: End-to-End Chrome Browser Extension (2015). https://github.com/google/end-to-end/wiki
  27. 27.
    Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 55–69. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  28. 28.
    Symantec Corp.: Symantec Encryption (PGP) Docs. Article Tech202483 (2015)Google Scholar
  29. 29.
    The Free Software Foundation: Email Self-Defense Campaign (2015). https://emailselfdefense.fsf.org/
  30. 30.
    Ulrich, A., Holz, R., Hauck, P., Carle, G.: Investigating the OpenPGP web of trust. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 489–507. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  31. 31.
    Wendlandt, D., Andersen, D.G., Perrig, A.: Perspectives: improving SSH-style host authentication with multi-path probing. In: Isaacs, R., Zhou, Y. (eds.) 2008 USENIX Annual Technical Conference, Boston, MA, USA, 22–27 June 2008, pp. 321–334. USENIX Association (2008)Google Scholar
  32. 32.
    Zhu, Y., et al.: End-to-End for Yahoo! Mail (2015). https://github.com/yahoo/end-to-end

Copyright information

© Springer International Publishing Switzerland 2015

Open Access This chapter is distributed under the terms of the Creative Commons Attribution Noncommercial License, which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.

Authors and Affiliations

  • Alessandro Barenghi
    • 1
  • Alessandro Di Federico
    • 1
  • Gerardo Pelosi
    • 1
  • Stefano Sanfilippo
    • 1
  1. 1.Department of Electronics, Information and Bioengineering – DEIBPolitecnico di MilanoMilanoItaly

Personalised recommendations