An OpenPGP protocol is a standard used to obtain both confidentiality and authenticity in the asynchronous message exchange, especially with emails. This protocol, now utilized in every part of the world, is born almost 20 years ago, thanks to Phil Zimmermann. In the last years, many problems have been accumulated over the OpenPGP world. The number of the keys has boomed, reaching the value of almost 5 million keys. This enormous number is a difficulty for a server based on a Key-Value storage such as the SKS Keyserver. I decided to develop this project, creating a new keyserver, to allow more people to manage it, reaching a complete and precise update. Furthermore, I have to underline the results came to light from the paper "Challenging the Trustworthiness of PGP: Is the Web-of-Trust Tear-Proof?": in fact, it has been fully demonstrated that a lot of keys are almost obsolete, and many others are still vulnerable. From this consideration arose the idea to project a keyserver that, not only would handle all the user's requests, but would also analyze every single packet that has intended to form the key. Overall, this new keyserver should prove that all the keys used in OpenPGP respect specific security data. The structure of this paper starts with a brief introduction to the cryptography: its history, development and properties. Then, with an excursus, it is described what is OpenPGP, how it is structured, which are the algorithms analyzed and how the SKS keyserver works. In the following chapter, it is detailed the structure of the new keyserver created, while in the final one can be found the graphs representing the results achieved.
OpenPGP è uno standard usato per ottenere confidenzialiltà e autenticità nello scambio di messaggi ed email. Questo protocollo, oggi utilizzato in ogni parte del mondo, è nato circa 25 anni fa grazie a Phil Zimmermann. Nel corso degli anni, molti problemi sono sorti intorno ad OpenPGP. Il numero di chiavi è aumentato vertiginosamente, arrivando a quasi 5 milioni. Questo enorme numero rappresenta un problema per i keyserver, che sono ancora basati su un key-value storage. Ho deciso di sviluppare questo progetto, creando un nuovo keyserver, permettendo a più persone di gestirlo. Inoltre ho analizzato i risultati trovati nel paper "Challenging the Trustworthiness of PGP: Is the Web-of-Trust Tear-Proof?", andando a verificare quali e quante chiavi fossero vulnerabili. Da qui è partita l'idea di progettare un keyserver che non solo rispondesse alle richieste degli utenti, ma analizzasse anche tutte le chiavi e le firme alla ricerca di vulnerabilità. La struttura di questa tesi parte con una breve introduzione sulla cryptografia, la sua storia, sviluppi e proprietà. Poi viene descritto lo standard OpenPGP, com'è strutturato, gli algoritmi analizzati e come lavorano gli attuali keyserver. Nel terzo capitolo viene spiegata tutta la struttura del nuovo keyserver realizzato, mentre nell'ultimo i risultati riguardanti le analisi effettuate.
PEAKS : adding proactive security to OpenPGP keyservers
PINI, MATTIA
2016/2017
Abstract
An OpenPGP protocol is a standard used to obtain both confidentiality and authenticity in the asynchronous message exchange, especially with emails. This protocol, now utilized in every part of the world, is born almost 20 years ago, thanks to Phil Zimmermann. In the last years, many problems have been accumulated over the OpenPGP world. The number of the keys has boomed, reaching the value of almost 5 million keys. This enormous number is a difficulty for a server based on a Key-Value storage such as the SKS Keyserver. I decided to develop this project, creating a new keyserver, to allow more people to manage it, reaching a complete and precise update. Furthermore, I have to underline the results came to light from the paper "Challenging the Trustworthiness of PGP: Is the Web-of-Trust Tear-Proof?": in fact, it has been fully demonstrated that a lot of keys are almost obsolete, and many others are still vulnerable. From this consideration arose the idea to project a keyserver that, not only would handle all the user's requests, but would also analyze every single packet that has intended to form the key. Overall, this new keyserver should prove that all the keys used in OpenPGP respect specific security data. The structure of this paper starts with a brief introduction to the cryptography: its history, development and properties. Then, with an excursus, it is described what is OpenPGP, how it is structured, which are the algorithms analyzed and how the SKS keyserver works. In the following chapter, it is detailed the structure of the new keyserver created, while in the final one can be found the graphs representing the results achieved.| File | Dimensione | Formato | |
|---|---|---|---|
|
Tesi_MattiaPini.pdf
accessibile in internet per tutti
Descrizione: Thesis
Dimensione
1.69 MB
Formato
Adobe PDF
|
1.69 MB | Adobe PDF | Visualizza/Apri |
I documenti in POLITesi sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/10589/140111