The use of strong public encryption has always been popular among geeks. Perhaps the most commonly used and most beloved encryption for e-mail is Pretty Good Privacy (PGP); started as a free method for protecting emails or other sensitive information, later turned into a cornerstone for a large company. As PGP became more corporate, costly and used patented algorithms, another project, GnuPG, sprung up to continue to offer strong encryption to the masses.
One foundation of reliable encryption is trust. The use of encryption between two or more people relies on you being sure that the message you sent is properly encrypted to and able to be decrypted solely by the intended recipient. When using a friend's GPG key, you must be sure that the key was created by and belongs solely to your friend. Otherwise, you may send mail that your friend cannot read (if they don't have the key you encrypted to), or worse, mail that some other party can read (if that party does have the key you encrypted to).
When exchanging encryption keys, establishing identity or verifying trust, there are multiple methods available. For casual conversation with a friend that has a new ICQ or AIM ID, this may be as simple as sharing an inside joke that only the two of you would understand. If the line of communication is more serious then a phone call, fax, or snail mail can be used to further verify the sender is who you believe it to be. Another method developed to help establish the trust of encryption keys and identity is known as keysigning. Quoting the GnuPG Keysigning Party HOWTO:
1.2 What is key signing?
Key signing is act of digitally signing a public key and a userid packet which is attached to that key. Key signing is done to verify that a given user id and public key really do belong to the entity that appears to own the key and who is represented by the user id packet.
You can digitally sign your own public key and an associated id on that key, or another entity's public key and associated public key packet.
In a sense, key signatures validate public keys.
In recent years, keysigning parties have become more and more popular. Many security conventions have hosted keysigning parties that allow everyone to gather in one place, verify identity, and sign each other's keys on the spot. Conventions like Black Hat Briefings and Defcon still host such gatherings while conferences like Usenix will no longer offer keysigning service. While Usenix conferences will still offer keysigning sessions, their choice to drop this activity lies with technical and managerial decisions, not reasons outlined in this article.
The keysigning protocol is based on multiple levels of trust that can be illustrated by a fictional example with two persons of interest. The well known hacker/security conference 'ImaCon' draws a mix of people from all aspects of the security world. Attending this year are Raven and John E. Richo who have never met, but had occasional dialogue via e-mail and extensive communication via jabber. They plan to meet in person at Lyger's Pub to discuss some ideas for security research in person.
After meeting and talking, they end the night by digitally signing each other's GPG keys for future secure communication, establish backup methods for contact, and go their separate ways. During the convention, both have their key signed by a variety of other people ranging from casual friends to business aquaintances. The convention ends without the destruction of the hotel and everyone leaves knowing more about their profession than they did days before. Months go by before Raven receives a peculiar e-mail from John asking about work they had discussed extensively months before. A few confused e-mails and one phone call later, both are stunned when John learns that Raven signed 'his' GPG key, despite John never having used GPG.
Almost a year before, someone pretending to be John had intercepted and replied to a few e-mails of Raven's. Unsure of his ability to keep intercepting the mail, he quickly suggested they move discussion to jabber and created a new ID to keep up the appearance of John. Months of chatting and an enjoyable night of drinks and discussion later, a deep sense of trust had been established between the two, and John never really entered the picture at all. Even with 'his' name, supposed phone number, pictures and more, the trust was built up slowly and steadily.
By the end of this trust building, the person who had hijacked John's identity was able to get Raven (and others) to sign his key with high certainty that he was the real John E. Richo. Once that key was distributed to keyservers around the world, the potential for harm was strong. John's digital identity had in effect been hijacked.
The information disclosed by the key signatures you receive may sometimes have unintended consequences. While not a serious issue to many people using PGP/GPG, this may manifest itself into situations of information disclosure that you may not be aware of. With the rise of social networks such as Orkut and friendster there is clearly interest and potential value in identifying and aligning yourself with social circles. For most people this is not a concern as it offers no downside or repercussions. For some, it could present a serious issue down the road including hurting credibility (regardless of social circle), disclosing social patterns offline such as meetings that were not announced, disclosing approximate geographical location and more.
There are a few basic truths to the use of PGP/GPG keysigning that one must consider.
By examining a person's key and taking it one step farther, you can create a list of people that have presumably interacted with them. Following the links and checking other people's keys will link to more people, allowing you to form a crude mapping of these links. Once you follow enough links and connect the people, interesting groupings may begin to appear.
From this example of a signed key link chart, a couple groupings begin to emerge showing the beginnings of social circles. In conjunction with browsing web pages, focused searches and a little common sense, it is possible to start making some logical guesses about social interaction, trust and other points of interest. With this diagram, we can observe the following and make a few guesses:
While all of these conclusions are logical, they rely on additional research above and beyond key linking, and they are all speculation. It is often difficult to establish if a link is personal or professional or both. The use of nicknames and handles on the net is not strictly limited to the darker side of things. Due to the nature of instant messenger software and e-mail services, there is significant encouragement to use a nickname or variations on just a first name. Add to that the fascination with adding a sense of mystery or intrique, and Bob becomes bowman14 while Jill becomes v1xen. Both may work at the same office, live very straight lives and never consider anything shady or questionable. Yet both have handles and may use encryption for work sensitive material.
The good part about public key cryptography is that you can share your key with the world to be signed and validated. The bad part about public key cryptography is that you can share your key with the world to be signed and stamped. Since you can't prevent someone from signing your key and uploading their signature, you can't stop bad people from associating themselves with you and fronting some level of trust, even if it isn't present. In this context, the bad people are those who don't like you and may seek to discredit you, nothing more.
As a hacker, your word and your reputation are important. Without trust and/or technical skill, other hackers won't share information or tools with you. As a clean-cut chief security officer, your reputation and ethics make up your integrity, and your integrity helps to sell you to your employer. If the hacker or CSO were discovered to have ties to the 'wrong' people, it could severely hamper their ability to do their job. Imagine if the hacker suddenly had his public key signed by a dozen law enforcement officers and the CSO found his key flooded with questionable hacker signings. Sound improbable or pointless? It isn't. This type of virtual smear campaign has already been used against people in the security industry and by law enforcement to cast doubt on the reputation of hackers, with some success. Alienating someone via perceived reputation and 'guilt by association' are powerful weapons. Once done, you are essentially stuck with the virtual baggage until you revoke your key and cut a new one.
The nature of PGP/GPG and keysigning is to maintain a system for digital trust. While some of that trust may derive from activity or history that originates offline, the primary purpose is maintaining privacy and security in communication online. As such, having that system potentially reveal information that transcends into the real world is a potentially serious threat.
When a keysigning occurs, it is typically done under a high level of trust. Such trust often occurs when two people meet face to face, leaving little doubt as to who the key belongs to. With the internet being a global entity, it isn't easy for two people to meet just to sign each other's encryption keys. This lead to organized meetings, typically targets of opportunity, where many people would gather to sign each other's keys while participating in another event such as a technical conference. Some of the bigger conferences will host keysigning parties that number in the hundreds. These events are well established, well known and a matter of public record. Obviously, if you sign someone's key while a conference is going on, it is fairly safe to assume that you were present.
Branch out a bit, and begin to track the keysignings of entire circles of friends, taking particular note of the timestamps of each signature. If you notice one key was signed by a dozen people on a given date, and received no signatures for a month before or after, it is likely he was in the company of many people on that date. Does it correspond with any well known events such as security conferences or 2600/B411 meetings?
From our example analysis above, we can see routine key signings throughout the year. The first small spike in January may correspond with a smaller meeting such as 2600, B411 or DC Groups. Jump to mid April and the big spike happens to correspond with the yearly AttCon held in Denver. In August we see another big spike that corresponds with the yearly Blackhat/Defcon conferences. In December, there is another big spike but doesn't match any public conferences that we can find. What happened during that time to warrant so many key signatures? This could be indicative of a private conference/gathering? Perhaps some other type of meeting such as a Linux user group (LUG), USENIX meeting or NANOG keysigning? Or something else of interest.. does this correspond with a law enforcement seminar at Quantico or a regional Electronic Crimes Task Force meeting?
Continuing the data mining, it becomes easy to use Google to figure out a little bit about a person. Add that data to where they likely traveled based on key signatures, and you have a good foundation for mapping their travel, social circles, business colleagues and more.
For those that opt to walk the line between black and white hat, or comfortably live in the colorful world of the grey hat, they may choose to maintain multiple keys. One may be kept under their long time alias while another maintained under their real name for business purposes. If the masses do not know that 'Jericho' is the same person as 'Brian', it behooves me to keep the identities separate. Maintaining this separation is technically easy, but often difficult as the human nature tends to forget about the separation. All it takes is one slip up and it can become trivial to link two distinct personalities to the same person.
Encryption keys are one of many avenues to help you figure out if different personalities are really the same individual. When examining the signatures on a key, consider that a good friend may sign both of your keys. Alone, this means that the person seems to know and trust two separate people.
Raven -> Jericho
Raven -> Brian
If the same thing occurs with a dozen people, it may be a bit suspicious. Consider two keys from what are assumed to be two separate people (Jericho and Brian) that share twelve out of fifteen signatures. Jericho's key has three signatures all from people operating under an alias. Brian's key has three signatures all from people operating under their full legal name. Even with the three key signature discrepancy, it is safe to assume these two people run in the same circles and may very likely be the same person operating under two identities. Add in the previous data analysis and notice that the signatures all occured on dates that show they were in the same places at the same time, and it becomes more and more probable that you have cross linked a real name to an alias.
While the social implications of PGP keysigning are not as groundbreaking or sexy as cracking strong encryption, the nature of these risks tend to have a significant impact none the less. Passive information disclosure via social networking analysis is not a new concept. Just recently the National Security Agency was found to be using millions of phone records for social networking analysis. This type of data mining is not new by any means, but the analysis of different data is leading to more advanced relationship modeling that can pose a serious threat to your privacy. By all means, continue to use strong encryption to protect your communication. Just do so with the knowledge that your security may lead to insecurity.
Copyright Brian Martin & Raven. Permission is granted to quote, reprint or redistribute provided the text is not altered, and appropriate credit is given. Images copyright Lyger. Special thanks to Raven for article concept and ideas, Lyger for images, Phil Zimmerman for PGP.