PGP: The Web Of Trust

Nitrax · December 29, 2016, 12:21pm

Hi fellas,

Following the practical cases of @VoidAccess, I wanted to introduce you the reputation trust model and a piece of history behind PGP.

As you probably already know, PGP, which stands for “Pretty Good Privacy”, has been developed by Phil Zimmermann in 1991. The general purpose of this technology was to protect data by applying a strong and unbreakable encryption. It is only later that it has been widely applied to email exchange area. Following the release of PGP, Phil was an indictment by the United States Customs Services for violation of the Arms Export Control Act. Indeed, by this time, encryption was considered as a war weapon, at the same level that nuke. The government dropped the case in 1997, resulting in a new release of PGP (Welcome Backdoors !!! )

PGP, considered as the first, widely distributed cryptographic scheme implementing the public key algorithm, is, by default, highly vulnerable to masquerade when come the time to share its public key. Indeed, once your key pair generated, the public key has to be sent to the receiver, allowing to decrypt the protected information. During the distribution process, this key could be intercepted and changed in order to impersonate the original sender, allowing the attacker to spoof the exchange between the two protagonists in an undetectable manner.

Two solutions have been implemented to avoid this issue.

The cryptographic solution is the signature. Indeed, even if Bob sends a message encrypted with Alice public key, Alice will not be certain that the message comes from Bob. The signature consists to encrypt the encrypted message with his own private key, which must be kept secret, in order to ensure the origin of the message. For further security, a timestamp is added to the signature to prevent any data tampering during the transfert.

The second way relies on the community around PGP, with the implementation of the Web Of Trust.

However, before describing this concept, I would like to explain you the X.509 certificate format in order to give you a better overview of the different trust model used over the internet.

X.509

X.509 certificates are widely used over the internet to secure your communications with web services and encrypt your emails through S/MIME. Each certificate is signed by a CA (certificate authority), which is signed by another CA or a root CA, ensuring that the signed certificate is trustworthy.

As you can see on the picture above, this trust system is hierarchical and rely on the integrity of the CA chain. In case of certificate corruption, the CA must revoke the certificate and update the CRL (certificate revocation list) then dispatch the update to the other CAs. However, can we really trust them? Do they really ensure security? Basically, we have no choice … In the past, a few examples showed the limitation of this trust model.

On March 23, 2011, Comodo reported that 8 days earlier, on 15 March 2011, a user account with an affiliate registration authority had been compromised and was used to create a new user account that issued nine certificate signing requests. Nine certificates for seven domains were issued. The attack was traced to IP address 212.95.136.18, which originates in Tehran, Iran. Though the firm initially reported that the breach was the result of a “state-driven attack”, it subsequently stated that the origin of the attack may be the “result of an attacker attempting to lay a false trail.”. Such issues have been widely reported, and has led to criticism of how certificates are issued and revoked. As of 2015, all of the certificates have been revoked. Microsoft has issued a security advisory and update to address the issue.
On March 26, 2011, a person under the username “ComodoHacker” made several posts to Pastebin.com claiming to be an Iranian responsible for the attacks.

##Web of trust

Here we go, now that you know how other certificates works and the principal problematic of public key algorithm, you will be able to appreciate the formidable concept of Web Of Trust

The Web Of Trust is a community based trust model that entirely rely on its users. Each PGP user has a pair of keyring (public and private). Let’s takes a look on the public keyring.

The public keyring references each user that signed the owner public key. Each signature contains a timestamp, an expiration date, the user ID, the public key, the user trust level and a few other flags.
The concept is simple, higher is the trust level of the signature owner, higher will be the trust level of the public key owner. There are two different levels of trust: partial and full, which are declined in several degrees. Consequently, a user fully trusted will more impactful on the public key trust level than three or four partial trusted users.

The Web Of Trust implement the basic aspects of trust e.g transitivity and reciprocality. Here is a nice schematic representation of this model.

To continue with, the public key sharing can be done through multiple vectors:

Physically
via keyservers
via emails or friends, etc.

This model has the particularity to not only rely on a single entity but on a set of people, trustworthy or not, that confirmed the origin and belonging of the key. It results in a better trust assessment of the key owner than the classical X.509 format.

However, PGP has some downsides too. Indeed, in case of revocation, the user have to revoke his key then update the revocation on the keyservers in order to prevent any further usage of his key. Moreover, he has to warn his friends or colleagues that his key has been revoked.

We can also wonder about the efficiency of this model. Indeed, does the trust is really transitive? Can you really trust someone that you don’t know personaly? I think that the concept of trust should lead to an other intensive debate. Anyway, this domain is complexe as hell and difficult to define. Nevertheless, it’s nice to see that this scheme works pretty nice

Despite those cons and thanks to its unique trust model, PGP is a good trade off for anyone that want to protect his personal data and his emails.

I hope you enjoyed this article.

Best,
Nitrax

P.S: Don’t forget to take a look on the great @VoidAccess articles :

Would you like an article about X.509 trust system and its downsides?

Yes
No

0 voters

pry0cc · December 29, 2016, 1:15pm

Very nice article @Nitrax. I am a fan.

So how would one go about exploiting the web of trust? Could you just make loads of people and get them to trust a false pub key? Also what happens if you can compromise one of the more trusted people?

Nitrax · December 29, 2016, 2:19pm

In this scenario, each signature comes from an untrusted user. Even with a bunch of “fake” signatures, it will not provide a sufficient level of trust. Moreover, the good practice encourages a prior analysis of the public keyring in order to verify from where come the existing signatures.

What do you mean by compromised? Cause, even once you have access to the machine you must be able to retrieve the PGP passphrase. If it’s the case (keylogger, etc.), then yes you can start social engineering

VoidAccess · December 29, 2016, 4:30pm

Hi @Nitrax , Very good write-up! We definitely need more articles about privacy, encryption and internet safety in general.